A bitcoin investor who went to increasingly great lengths to hide $1 million in cryptocurrency gains on his tax returns was sentenced to two years in prison on Thursday.
It seems that not even his most “sophisticated” tactics—including using mixers, managing multiple wallets, and setting up in-person meetings to swap bitcoins for cash—kept the feds from tracing crypto trades that he believed were untraceable.
The Austin, Texas, man, Frank Richard Ahlgren III, started buying up bitcoins in 2011. In 2015, he upped his trading, purchasing approximately 1,366 using Coinbase accounts. He waited until 2017 before cashing in, earning $3.7 million after selling about 640 at a price more than 10 times his initial costs. Celebrating his gains, he bought a house in Utah in 2017, mostly funded by bitcoins he purchased in 2015.
Very quickly, Ahlgren sought to hide these earnings, the Department of Justice said in a press release. Rather than report them on his 2017 tax return, Ahlgren “lied to his accountant by submitting a false summary of his gains and losses from the sale of his bitcoins.” He did this by claiming that the bitcoins he purchased in 2015 were much higher than his actual costs, even being so bold as to claim he as charged prices “greater than the highest price bitcoins sold for in the market prior to the purchase of the Utah house.”
First tax evasion prosecution centered solely on crypto
Ahlgren’s tax evasion only got bolder as the years passed after this first fraud, the DOJ said.
In 2018 and 2019, he sold more bitcoins, earning more than $650,000 and deciding not to report any of it on his tax returns for those years. That meant that he needed to actively conceal the earnings, but he’d been apparently researching how mixers are used to disguise where bitcoins come from since at least 2014, the feds found, referencing a blog he wrote exhibiting his knowledge. And that’s not the only step he took to try to trick the Internal Revenue Service.
Unsurprisingly, he and his family were doxed by angry traders.
On the evening of November 19, art adviser Adam Biesk was finishing work at his California home when he overheard a conversation between his wife and son, who had just come downstairs. The son, a kid in his early teens, was saying he had made a ton of money on a cryptocurrency that he himself had created.
Initially, Biesk ignored it. He knew that his son played around with crypto, but to have turned a small fortune before bedtime was too far-fetched. “We didn’t really believe it,” says Biesk. But when the phone started to ring off the hook and his wife was flooded with angry messages on Instagram, Biesk realized that his son was telling the truth—if not quite the full story.
Earlier that evening, at 7: 48 pm PT, Biesk’s son had released into the wild 1 billion units of a new crypto coin, which he named Gen Z Quant. Simultaneously, he spent about $350 to purchase 51 million tokens, about 5 percent of the total supply, for himself.
Then he started to livestream himself on Pump.Fun, the website he had used to launch the coin. As people tuned in to see what he was doing, they started to buy into Gen Z Quant, leading the price to pitch sharply upward.
By 7: 56 pm PT, a whirlwind eight minutes later, Biesk’s son’s tokens were worth almost $30,000—and he cashed out. “No way. Holy fuck! Holy fuck!” he said, flipping two middle fingers to the webcam, with tongue sticking out of his mouth. “Holy fuck! Thanks for the twenty bandos.” After he dumped the tokens, the price of the coin plummeted, so large was his single trade.
To the normie ear, all this might sound impossible. But in the realm of memecoins, a type of cryptocurrency with no purpose or utility beyond financial speculation, it’s relatively routine. Although many people lose money, a few have been known to make a lot—and fast.
In this case, Biesk’s son had seemingly performed what is known as a soft rug pull, whereby somebody creates a new crypto token, promotes it online, then sells off their entire holdings either swiftly or over time, sinking its price. These maneuvers occupy something of a legal gray area, lawyers say, but are roundly condemned in the cryptosphere as ethically dubious at the least.
After dumping Gen Z Quant, Biesk’s son did the same thing with two more coins—one called im sorry and another called my dog lucy—bringing his takings for the evening to more than $50,000.
The backlash was swift and ferocious. A torrent of abuse began to pour into the chat log on Pump.Fun, from traders who felt they had been swindled. “You little fucking scammer,” wrote one commenter. Soon, the names and pictures of Biesk, his son, and other family members were circulating on X. They had been doxed. “Our phone started blowing up. Just phone call after phone call,” says Biesk. “It was a very frightening situation.”
As part of their revenge campaign, crypto traders continued to buy into Gen Z Quant, driving the coin’s price far higher than the level at which Biesk’s son had cashed out. At its peak, around 3 am PT the following morning, the coin had a theoretical total value of $72 million; the tokens the teenager had initially held were worth more than $3 million. Even now, the trading frenzy has died down, and they continue to be valued at twice the amount he received.
“In the end, a lot of people made money on his coin. But for us, caught in the middle, there was a lot of emotion,” says Biesk. “The online backlash became so frighteningly scary that the realization that he made money was kind of tempered down with the fact that people became angry and started bullying.”
Biesk concedes to a limited understanding of crypto. But he sees little distinction between what his son did and, say, playing the stock market or winning at a casino. Though under California law, someone must be at least 18 years old to gamble or invest in stocks, the unregulated memecoin market, which has been compared to a “casino” in risk profile, had given Biesk’s teenage son early access to a similar arena, in which some must lose for others to profit. “The way I understand it is he made money and he cashed out, which to me seems like that’s what anybody would’ve done,” says Biesk. “You get people who are cheering at the craps table, or angry at the craps table.”
Memecoins have been around since 2013, when Dogecoin was released. In the following years, a few developers tried to replicate the success of Dogecoin, making play of popular internet memes or tapping into the zeitgeist in some other way in a bid to encourage people to invest. But the cost and complexity of development generally limited the number of memecoins that came to market.
That equation was flipped in January with the launch of Pump.Fun, which lets people release new memecoins instantly, at no cost. The idea was to give people a safer way to trade memecoins by standardizing the underlying code, which prevents developers from building in malicious mechanisms to steal funds, in what’s known as a hard rug pull.
“Buying into memecoins was a very unsafe thing to do. Programmers could create systems that would obfuscate what you are buying into and, basically, behave as malicious actors. Everything was designed to suck money out of people,” one of the three anonymous cofounders of Pump.Fun, who goes by Sapijiju, told WIRED earlier in the year. “The idea with Pump was to build something where everyone was on the same playing field.”
However, Pump.Fun has found it impossible to insulate users from soft rug pulls. Though the platform gives users access to information to help assess risk—like the proportion of a coin belonging to the largest few holders—soft rug pulls are difficult to prevent by technical means, claims Sapijiju.
“People say there’s a bunch of different stuff you can do to block [soft rug pulls]—maybe a sell tax or lock up the people who create the coin. Truthfully, all of this is very easy to manipulate,” he says. “Whatever we do to stop people doing this, there’s always a way to circumnavigate if you’re smart enough. The important thing is creating an interface that is as simple as possible and giving the tools for users to see if a coin is legitimate or not.”
The “overwhelming majority” of new crypto tokens entering the market are scams of one form or another, designed expressly to squeeze money from buyers, not to hold a sustained value in the long term, according to crypto security company Blockaid. In the period since memecoin launchpads like Pump.Fun began to gain traction, the volume of soft rug pulls has increased in lockstep, says Ido Ben-Natan, Blockaid founder.
“I generally agree that it is kind of impossible to prevent holistically. It’s a game of cat and mouse,” says Ben-Natan. “It’s definitely impossible to cover a hundred percent of these things. But it definitely is possible to detect repeat offenders, looking at metadata and different kinds of patterns.”
Now memecoin trading has been popularized, there can be no putting the genie back in the bottle, says Ben-Natan. But traders are perhaps uniquely vulnerable at present, he says, in a period when many are newly infatuated with memecoins, yet before the fledgling platforms have figured out the best way to protect them. “The space is immature,” says Ben-Natan.
Whether it is legal to perform a rug pull is also something of a gray area. It depends on both jurisdiction and whether explicit promises are made to prospective investors, experts say. The absence of bespoke crypto regulations in countries like the US, meanwhile, inadvertently creates cloud cover for acts that are perhaps not overtly illegal.
“These actions exploit the gaps in existing regulatory frameworks, where unethical behavior—like developers hyping a project and later abandoning it—might not explicitly violate laws if no fraudulent misrepresentation, contractual breach, or other violations occur,” says Ronghui Gu, cofounder of crypto security firm CertiK and associate professor of computer science at Columbia University.
The Gen Z Quant broadcast is no longer available to view in full, but in the clips reviewed by WIRED, at no point does Biesk’s son promise to hold his tokens for any specific period. Neither do the Pump.Fun terms of use require people to refrain from selling tokens they create. (Sapijiju, the Pump.Fun cofounder, declined to comment on the Gen Z Quant incident. They say that Pump.Fun will be “introducing age restrictions in future,” but declined to elaborate.)
But even then, under the laws of numerous US states, among them California, “the developer likely still owes heightened legal duties to the investors, so may be liable for breaching obligations that result in loss of value,” says Geoffrey Berg, partner at law firm Berg Plummer & Johnson. “The developer is in a position of trust and must place the interests of his investors over his own.”
To clarify whether these legal duties apply to people who release memecoins through websites like Pump.Fun—who buy into their coins like everyone else, albeit at the moment of launch and therefore at a discount and in potentially market-swinging quantities—new laws may be required.
In July 2026, a new regime will take effect in California, where Biesk’s family lives, requiring residents to obtain a license to take part in “digital financial asset business activity,” including exchanging, transferring, storing or administering certain crypto assets. President-elect Donald Trump has also promised new crypto regulations. But for now, there are no crypto-specific laws in place.
“We are in a legal vacuum where there are no clear laws,” says Andrew Gordon, partner at law firm Gordon Law. “Once we know what is ‘in bounds,’ we will also know what is ‘out of bounds.’ This will hopefully create a climate where rug pulls don’t happen, or when they do they are seen as a criminal violation.”
On November 19, as the evening wore on, angry messages continued to tumble in, says Biesk. Though some celebrated his son’s antics, calling for him to return and create another coin, others were threatening or aggressive. “Your son stole my fucking money,” wrote one person over Instagram.
Biesk and his wife were still trying to understand quite how their son was able to make so much money, so fast. “I was trying to get an understanding of exactly how this meme crypto trading works,” says Biesk.
Some memecoin traders, sensing there could be money in riffing off the turn of events, created new coins on Pump.Fun inspired by Biesk and his wife: QUANT DAD and QUANTS MOM. (Both are now practically worthless.)
Equally disturbed and bewildered, Biesk and his wife formed a provisional plan: to make all public social media accounts private, stop answering the phone, and, generally, hunker down until things blew over. (Biesk’s account is active at the time of writing.) Biesk declined to comment on whether the family made contact with law enforcement or what would happen to the funds, saying only that his son would “put the money away.”
A few hours later, an X account under the name of Biesk’s son posted on X, pleading for people to stop contacting his parents. “Im sorry about Quant, I didnt realize I get so much money. Please dont write to my parents, I wiill pay you back [sic],” read the post. Biesk claims the account is not operated by his son.
Though alarmed by the backlash, Biesk is impressed by the entrepreneurial spirit and technical capability his son displayed. “It’s actually sort of a sophisticated trading platform,” he says. “He obviously learned it on his own.”
That his teenager was capable of making $50,000 in an evening, Biesk theorizes, speaks to the fundamentally different relationship kids of that age have with money and investing, characterized by an urgency and hyperactivity that rubs up against traditional wisdom.
“To me, crypto can be hard to grasp, because there is nothing there behind it—it’s not anything tangible. But I think kids relate to this intangible digital world more than adults do,” says Biesk. “This has an immediacy to him. It’s almost like he understands this better.”
On December 1, after a two-week hiatus, Biesk’s son returned to Pump.Fun to launch five new memecoins, apparently undeterred by the abuse. Disregarding the warnings built into the very names of some of the new coins—one was named test and another dontbuy—people bought in. Biesk’s son made another $5,000.
Wired.com is your essential daily guide to what’s next, delivering the most original and complete take you’ll find anywhere on innovation’s impact on technology, science, business and culture.
Bitcoin hit a new record high late Monday, its value peaking at $89,623 as investors quickly moved to cash in on expectations that Donald Trump will end a White House crackdown that intensified last year on crypto.
While the trading rally has now paused, analysts predict that bitcoin’s value will only continue rising following Trump’s win—perhaps even reaching $100,000 by the end of 2024, CNBC reported.
Bitcoin wasn’t the only winner emerging from the post-election crypto trading. Crypto exchanges like Coinbase also experienced surges in the market, and one of the biggest winners, CNBC reported, was dogecoin, a cryptocurrency linked to Elon Musk, who campaigned for Trump and may join his administration. Dogecoin’s value is up 135 percent since Trump’s win.
On the campaign trail, Trump began wooing the cryptocurrency industry, seeking donations and votes by promising to make the US the “crypto capital of the planet,” Fortune reported. He announced the launch of his own crypto platform, World Liberty Financial (WLFI), and vowed to “fire” Gary Gensler—the Securities and Commission Exchange (SEC) chair leading the US crypto crackdown—on “day one” in office, Al Jazeera reported.
Whether Trump can actually fire Gensler is still up in the air, The Washington Post reported. It seems more likely that Trump may demote Gensler, The Post reported, since people familiar with the matter suggested that “fully outing” the current SEC chair “could trigger a novel and complicated legal battle over the president’s authorities.” So far, Gensler has made no indications that he will step down once Trump takes office, although The Post noted that wouldn’t be considered unusual.
Sources told The Post that Trump is considering “a mix of current regulators, former federal officials, and financial industry executives,” for leadership positions, “many of whom have publicly expressed pro-crypto views.”
Reportedly under consideration to replace Gensler are Daniel Gallagher, a former SEC official currently serving as chief legal officer for the financial technology firm Robinhood, and two Republican SEC commissioners, Hester Peirce and Mark Uyeda, The Post’s sources said. Other names in the mix include a former SEC commissioner, Paul Atkins, and a former commissioner at the Commodity Futures Trading Commission, Chris Giancarlo.
Enlarge/ Caroline Ellison, former chief executive officer of Alameda Research LLC, was sentenced Tuesday for helping Sam Bankman-Fried cover up FTX’s fraudulent misuse of customer funds.
Addressing the judge at sentencing, Ellison started out by explaining “how sorry I am” for concealing FTX’s lies, Bloomberg reported live from the hearing.
“I participated in a criminal conspiracy that ultimately stole billions of dollars from people who entrusted their money with us,” Ellison reportedly said while sniffling. “The human brain is truly bad at understanding big numbers,” she added, and “not a day goes by” that she doesn’t “think about all of the people I hurt.”
Assistant US Attorney Danielle Sassoon followed Ellison, remarking that the government recommended a lighter sentence because it was important for the court to “distinguish between the mastermind and the willing accomplice.” (Bankman-Fried got 25 years.)
US District Judge Lewis Kaplan noted that he is allowed to show Ellison leniency for providing “substantial assistance to the government.” He then confirmed that he always considered the maximum sentence she faced of 110 years to be “absurd,” considering that Ellison had no inconsistencies in her testimony and fully cooperated with the government throughout their FTX probe.
“I’ve seen a lot of cooperators in 30 years,” Kaplan said. “I’ve never seen one quite like Ms. Ellison.”
However, although Ellison was brave to tell the truth about her crimes, Ellison is “by no means free of culpability,” Kaplan said. He called Bankman-Fried her “Kryptonite” because the FTX co-founder so easily exploited such a “very strong person.” Noting that nobody gets a “get out of jail free card,” he sentenced Ellison to two years and required her to forfeit about $11 billion, Bloomberg reported.
The judge said that Ellison “can serve the sentence at a minimum-security facility,” Bloomberg reported.
Ellison was key to SBF’s quick conviction
Ellison could have faced a maximum sentence of 110 years, for misleading customers and investors as the former CEO of the cryptocurrency trading firm linked to the FTX exchange, Alameda Research. But after delivering devastatingly detailed testimony key to exposing Bankman-Fried’s many lies, the probation office had recommended a sentence of time served with three years of supervised release.
Kaplan’s sentence went further, making it likely that other co-conspirators who cooperated with the government probe will also face jail time.
Both Ellison and the US government had requested substantial leniency due to her “critical” cooperation that allowed the US to convict Bankman-Fried in record time for such a complex criminal case.
Partly because Ellison was romantically involved with Bankman-Fried and partly because she “drafted some of the most incriminating documents in the case,” US attorney Damian Williams wrote in a letter to Kaplan, she was considered “crucial to the Government’s successful prosecution of Samuel Bankman-Fried for one of the largest financial frauds in history,” Williams wrote.
Williams explained that Ellison went above and beyond to help the government probe Bankman-Fried’s fraud. Starting about a month after FTX declared bankruptcy, Ellison began cooperating with the US government’s investigation. She met about 20 times with prosecutors, digging through thousands of documents to identify and interpret key evidence that convicted her former boss and boyfriend.
“Parsing Alameda Research’s poor internal records was complicated by vague titles and unlabeled calculations on any documents reflecting misuse of customer funds,” Ellison’s sentencing memo said. Without her three-day testimony at trial, the jury would likely not have understood “Alameda’s intentionally cryptic records,” Williams wrote. Additionally, because Bankman-Fried systematically destroyed evidence, she was one of the few witnesses able to contradict Bankman-Fried’s lies by providing a timeline for how Bankman-Fried’s scheme unfolded—and she was willing to find the receipts to back it all up.
“As Alameda’s nominal CEO and Bankman-Fried’s former girlfriend, Ellison was uniquely positioned to explain not only the what and how of Bankman-Fried’s crimes, but also the why,” Williams wrote. “Ellison’s testimony was critical to indict and convict Bankman-Fried, and to understanding both the timeline of the fraud schemes, and the various layers of wrongdoing.”
Further, where Bankman-Fried tried to claim that he was “well-meaning but hapless” in causing FTX’s collapse, Ellison admitted her guilt before law enforcement ever got involved, then continually “expressed genuine shame and remorse” for the harms she caused, Williams wrote.
A lighter sentence, Ellison’s sentencing memo suggested, “would incentivize people involved in a fraud to do what Caroline did: publicly disclose a fraud, immediately accept responsibility, and cooperate immediately with civil and criminal authorities.”
Williams praised Ellison as exceptionally forthcoming, even alerting the government to criminal activity that they didn’t even know about yet. He also credited her for persevering as a truth-teller “despite harsh media and public scrutiny and Bankman-Fried’s efforts to publicly weaponize her personal writings to discredit and intimidate her.”
“The Government cannot think of another cooperating witness in recent history who has received a greater level of attention and harassment,” Williams wrote.
In her sentencing memo, Ellison’s lawyers asked for no prison time, insisting that Ellison had been punished enough. Not only will she recover “nothing” from the FTX bankruptcy proceedings that she’s helping to settle, but she also is banned from working in the only industries she’s ever worked in, unlikely to ever repeat her crimes in finance and cryptocurrency sectors. She also is banned from running any public company and “has been rendered effectively unemployable in the near term by the notoriety arising from this case.”
“The reputational harm is not likely to abate any time soon,” Ellison’s sentencing memo said. “These personal, financial, and career consequences constitute substantial forms of punishment that reduce the need for the Court to order her incarceration.”
Kaplan clearly disagreed, ordering her to serve 24 months and forfeit $11 billion.
A federal judge sentenced a 53-year-old Kansas man to more than 24 years in prison after the former bank CEO abused his trusted position to embezzle $47 million after falling for a cryptocurrency scam that he believed would make him wildly rich.
In a press release, the US Attorney’s Office said that Shan Hanes was driven by “greed” when directing bank employees to transfer millions in funds to a sketchy crypto wallet managed by still-unknown third parties behind the so-called “pig butchering” scheme.
Hanes was first targeted by scammers in late 2022, apparently when he got a message from an unidentified co-conspirator on WhatsApp, prosecutors said. After blowing through his own funds seeking promised profits, Hanes stole tens of thousands from a local church, then a local investor club, and finally his daughter’s college fund, NBC News reported. Then when all those wells dried up, he started stealing bank funds—all in the false hopes that sending more and more money to the scammers would somehow “unlock the supposed returns” on his crypto investments.
In total, Hanes made 11 wire transfers using bank funds between May 2023 and July 2023. But instead of getting rich quick, Hanes never realized any profits at all, the US Attorney’s Office said.
He pleaded guilty to one count of embezzlement by a bank officer after he singlehandedly caused the collapse of Heartland Tri-State Bank (HTSB) in Elkhart, Kansas, the press release said.
Because the bank was insured by the Federal Deposit Insurance Corporation (FDIC), the FDIC “absorbed the $47.1 million loss” after “Hanes’ fraudulent actions caused HTSB to fail and the bank investors to lose $9 million,” the US Attorney’s Office said. On top of those losses, Hanes’ fraudulent actions caused “catastrophic losses to bank customers who relied on the bank for the safekeeping of their savings,” the press release confirmed.
According to NBC News, Hanes missed at least one opportunity to realize that he was being scammed. After he asked for a $12 million loan from a neighbor, Brian Mitchell, his neighbor detected the scam and refused to lend the money.
“I said, ‘You’re in a scam, walk away,'” Mitchell told NBC News.
But Hanes didn’t walk away. Going the other direction, he directed bank employees to wire millions more to scammers after he got the warning from Mitchell. It wasn’t until Mitchell heard from a bank employee that Hanes had wired money out of the bank that Mitchell insisted on speaking to the bank’s board.
Days later, Hanes was fired, NBC News reported. But even then, Hanes never believed he was being scammed, reportedly telling Mitchell that he was still scheming to find a way to recover his make-believe profits right up to the moment he was arrested.
“He said … ‘If I just had another two months, I could get the money back,'” Mitchell told NBC News.
Law enforcement and government officials have warned that pig-butchering scams are growing increasingly common, urging people to “think twice” to avoid being victimized. Last year, the US Department of the Treasury’s Financial Crimes Enforcement Network issued an alert, which explained in detail how the scams commonly work and laid out red flags to watch out for.
Victims may never fully recover losses, DOJ says
A Kansas FBI agent, Stephen Cyrus, said in the press release that as CEO, Hanes violated “the trust and confidence of the community of Elkhart” by embezzling the funds.
Mitchell described Hanes’ deceptions and manipulations as “pure evil,” while Cyrus said that it was Hanes’ “job” and “the bank’s job” to “protect its customers and identify fraudulent scams—not to participate in them.”
In a court filing at sentencing, Hanes’ lawyer, John Stang, chalked up his client’s misdeeds to “bad choices,” reminding the court that Hanes had been deceived, too, by “an extremely well-run cryptocurrency scam.”
“He was the pig that was butchered,” Stang wrote. “Mr. Hanes’s vulnerability to the Pig Butcher scheme caused him to make some very bad decisions, for which he is truly sorry for causing damage to the bank and loss to the Stockholders.”
Hanes faced a maximum penalty of 30 years. While Judge John Broomes ordered him to serve less time than that, his sentence of more than 24 years is 29 months longer than prosecutors had requested, NBC News reported.
Right now, it’s unclear how or when victims will be repaid for losses. Broomes ordered “that restitution be finalized at a separate hearing within the next 90 days,” the US Attorney’s Office said.
In the community, people are still struggling to recover, Mitchell told NBC News, noting that some people lost up to 80 percent of their retirement savings. For at least one woman, retirement is impossible now, Mitchell said, and for another local woman, it has become difficult to pay for her 93-year-old mother’s nursing home.
US Attorney Kate E. Brubacher said that it’s hard to say when or if victims will be made whole again.
“Hanes is a liar and a master manipulator” who squandered away “tens of millions of dollars in cryptocurrency” while orchestrating “schemes to cover his tracks concerning the losses at the bank,” Brubacher said. “Many victims will never fully recoup losses to their life savings and retirement funds, but at least we at the Department of Justice can see that Hanes is held criminally responsible for his actions.”
Cryptocurrency has always made a ripe target for theft—and not just hacking, but the old-fashioned, up-close-and-personal kind, too. Given that it can be irreversibly transferred in seconds with little more than a password, it’s perhaps no surprise that thieves have occasionally sought to steal crypto in home-invasion burglaries and even kidnappings. But rarely do those thieves leave a trail of violence in their wake as disturbing as that of one recent, ruthless, and particularly prolific gang of crypto extortionists.
The United States Justice Department earlier this week announced the conviction of Remy Ra St. Felix, a 24-year-old Florida man who led a group of men behind a violent crime spree designed to compel victims to hand over access to their cryptocurrency savings. That announcement and the criminal complaint laying out charges against St. Felix focused largely on a single theft of cryptocurrency from an elderly North Carolina couple, whose home St. Felix and one of his accomplices broke into before physically assaulting the two victims—both in their seventies—and forcing them to transfer more than $150,000 in bitcoin and ether to the thieves’ crypto wallets.
In fact, that six-figure sum appears to have been the gang’s only confirmed haul from its physical crypto thefts—although the burglars and their associates made millions in total, mostly through more traditional crypto hacking as well as stealing other assets. A deeper look into court documents from the St. Felix case, however, reveals that the relatively small profit St. Felix’s gang made from its burglaries doesn’t capture the full scope of the harm they inflicted: In total, those court filings and DOJ officials describe how more than a dozen convicted and alleged members of the crypto-focused gang broke into the homes of 11 victims, carrying out a brutal spree of armed robberies, death threats, beatings, torture sessions, and even one kidnapping in a campaign that spanned four US states.
In court documents, prosecutors say the men—working in pairs or small teams—threatened to cut toes or genitalia off of one victim, kidnapped and discussed killing another, and planned to threaten another victim’s child as leverage. Prosecutors also describe disturbing torture tactics: how the men inserted sharp objects under one victim’s fingernails and burned another with a hot iron, all in an effort to coerce their targets to hand over the devices and passwords necessary to transfer their crypto holdings.
“The victims in this case suffered a horrible, painful experience that no citizen should have to endure,” Sandra Hairston, a US attorney for the Middle District of North Carolina who prosecuted St. Felix’s case, wrote in the Justice Department’s announcement of St. Felix’s conviction. “The defendant and his coconspirators acted purely out of greed and callously terrorized those they targeted.”
The serial extortion spree is almost certainly the worst of its kind ever to be prosecuted in the US, says Jameson Lopp, the cofounder and chief security officer of Casa, a cryptocurrency-focused physical security firm, who has tracked physical attacks designed to steal cryptocurrency going back as far as 2014. “As far as I’m aware, this is the first case where it was confirmed that the same group of people went around and basically carried out home invasions on a variety of different victims,” Lopp says.
Lopp notes, nonetheless, that this kind of crime spree is more than a one-off. He has learned of other similar attempts at physical theft of cryptocurrency in just the past month that have escaped public reporting—he says the victims in those cases asked him not to share details—and suggests that in-person crypto extortion may be on the rise as thieves realize the attraction of crypto as a highly valuable and instantly transportable target for theft. “Crypto, as this highly liquid bearer asset, completely changes the incentives of doing something like a home invasion,” Lopp says, “or even kidnapping and extortion and ransom.”
Two years ago when “Michael,” an owner of cryptocurrency, contacted Joe Grand to help recover access to about $2 million worth of bitcoin he stored in encrypted format on his computer, Grand turned him down.
Michael, who is based in Europe and asked to remain anonymous, stored the cryptocurrency in a password-protected digital wallet. He generated a password using the RoboForm password manager and stored that password in a file encrypted with a tool called TrueCrypt. At some point, that file got corrupted, and Michael lost access to the 20-character password he had generated to secure his 43.6 BTC (worth a total of about 4,000 euros, or $5,300, in 2013). Michael used the RoboForm password manager to generate the password but did not store it in his manager. He worried that someone would hack his computer and obtain the password.
“At [that] time, I was really paranoid with my security,” he laughs.
Grand is a famed hardware hacker who in 2022 helped another crypto wallet owner recover access to $2 million in cryptocurrency he thought he’d lost forever after forgetting the PIN to his Trezor wallet. Since then, dozens of people have contacted Grand to help them recover their treasure. But Grand, known by the hacker handle “Kingpin,” turns down most of them, for various reasons.
Grand is an electrical engineer who began hacking computing hardware at age 10 and in 2008 cohosted the Discovery Channel’s Prototype This show. He now consults with companies that build complex digital systems to help them understand how hardware hackers like him might subvert their systems. He cracked the Trezor wallet in 2022 using complex hardware techniques that forced the USB-style wallet to reveal its password.
But Michael stored his cryptocurrency in a software-based wallet, which meant none of Grand’s hardware skills were relevant this time. He considered brute-forcing Michael’s password—writing a script to automatically guess millions of possible passwords to find the correct one—but determined this wasn’t feasible. He briefly considered that the RoboForm password manager Michael used to generate his password might have a flaw in the way it generated passwords, which would allow him to guess the password more easily. Grand, however, doubted such a flaw existed.
Michael contacted multiple people who specialize in cracking cryptography; they all told him “there’s no chance” of retrieving his money. But last June he approached Grand again, hoping to convince him to help, and this time Grand agreed to give it a try, working with a friend named Bruno in Germany who also hacks digital wallets.
Billy Restey is a digital artist who runs a studio in Seattle. But after hours, he hunts for rare chunks of bitcoin. He does it for the thrill. “It’s like collecting Magic: The Gathering or Pokémon cards,” says Restey. “It’s that excitement of, like, what if I catch something rare?”
In the same way a dollar is made up of 100 cents, one bitcoin is composed of 100 million satoshis—or sats, for short. But not all sats are made equal. Those produced in the year bitcoin was created are considered vintage, like a fine wine. Other coveted sats were part of transactions made by bitcoin’s inventor. Some correspond with a particular transaction milestone. These and various other properties make some sats more scarce than others—and therefore more valuable. The very rarest can sell for tens of millions of times their face value; in April, a single sat, normally worth $0.0006, sold for $2.1 million.
Restey is part of a small, tight-knit band of hunters trying to root out these rare sats, which are scattered across the bitcoin network. They do this by depositing batches of bitcoin with a crypto exchange, then withdrawing the same amount—a little like depositing cash with a bank teller and immediately taking it out again from the ATM outside. The coins they receive in return are not the same they deposited, giving them a fresh stash through which to sift. They rinse and repeat.
In April 2023, when Restey started out, he was one of the only people hunting for rare sats—and the process was entirely manual. But now, he uses third-party software to automatically filter through and separate out any precious sats, which he can usually sell for around $80. “I’ve sifted through around 230,000 bitcoin at this point,” he says.
Restey has unearthed thousands of uncommon sats to date, selling only enough to cover the transaction fees and turn a small profit—and collecting the rest himself. But the window of opportunity is closing. The number of rare sats yet to be discovered is steadily shrinking and, as large organizations cotton on, individual hunters risk getting squeezed out. “For a lot of people, it doesn’t make [economic] sense anymore,” says Restey. “But I’m still sat hunting.”
Rarity out of thin air
Bitcoin has been around for 15 years, but rare sats have existed for barely more than 15 months. In January 2023, computer scientist Casey Rodarmor released the Ordinals protocol, which sits as a veneer over the top of the bitcoin network. His aim was to bring a bitcoin equivalent to non-fungible tokens (NFTs) to the network, whereby ownership of a piece of digital media is represented by a sat. He called them “inscriptions.”
There had previously been no way to tell one sat from another. To remedy the problem, Rodarmor coded a method into the Ordinals protocol for differentiating between sats for the first time, by ordering them by number from oldest to newest. Thus, as a side effect of an apparatus designed for something else entirely, rare sats were born.
By allowing sats to be sequenced and tracked, Rodarmor had changed a system in which every bitcoin was freely interchangeable into one in which not all units of bitcoin are equal. He had created rarity out of thin air. “It’s an optional, sort of pretend lens through which to view bitcoin,” says Rodarmor. “It creates value out of nothing.”
When the Ordinals system was first released, it divided bitcoiners. Inscriptions were a near-instant hit, but some felt they were a bastardization of bitcoin’s true purpose—as a system for peer-to-peer payments—or had a “reflexive allergic reaction,” says Rodarmor, to anything that so much as resembled an NFT. The enthusiasm for inscriptions resulted in network congestion as people began to experiment with the new functionality, thus driving transaction fees to a two-year high and adding fuel to an already-fiery debate. One bitcoin developer called for inscriptions to be banned. Those that trade in rare sats have come under attack, too, says Danny Diekroeger, another sat hunter. “Bitcoin maximalists hate this stuff—and they hate me,” he says.
The fuss around the Ordinals system has by now mostly died down, says Rodarmor, but a “loud minority” on X is still “infuriated” by the invention. “I wish hardcore bitcoiners understood that people are going to do things with bitcoin that they think are stupid—and that’s okay,” says Rodarmor. “Just, like, get over it.”
The hunt for rare sats, itself an eccentric mutation of the bitcoin system, falls into that bracket. “It’s highly wacky,” says Rodarmor.
A jury has unanimously convicted Avi Eisenberg in the US Department of Justice’s first case involving cryptocurrency open-market manipulation, the DOJ announced Thursday.
The jury found Eisenberg guilty of commodities fraud, commodities market manipulation, and wire fraud in connection with the manipulation on a decentralized cryptocurrency exchange called Mango Markets.
Eisenberg is scheduled to be sentenced on July 29 and is facing “a maximum penalty of 10 years in prison on the commodities fraud count and the commodities manipulation count, and a maximum penalty of 20 years in prison on the wire fraud count,” the DOJ said.
On the Mango Markets exchange, Eisenberg was “engaged in a scheme to fraudulently obtain approximately $110 million worth of cryptocurrency from Mango Markets and its customers by artificially manipulating the price of certain perpetual futures contracts,” the DOJ said. The scheme impacted both investors trading and the exchange itself, which had to suspend operations after Eisenberg’s attack made the exchange insolvent.
Nicole M. Argentieri, the principal deputy assistant attorney general who heads the DOJ’s criminal division, said that Eisenberg’s manipulative trading scheme “puts our financial markets and investors at risk.”
“This prosecution—the first involving the manipulation of cryptocurrency through open-market trades—demonstrates the Criminal Division’s commitment to protecting US financial markets and holding wrongdoers accountable, no matter what mechanism they use to commit manipulation and fraud,” Argentieri said.
Mango Labs has similarly sued Eisenberg over the price manipulation scheme, but that lawsuit was stayed until the DOJ’s case was resolved. Mango Labs is expecting a status update today from the US government and is hoping to proceed with its lawsuit.
Ars could not immediately reach Mango Labs for comment.
Eisenberg’s lawyer, Brian Klein, provided the same statement to Ars, confirming that Eisenberg’s legal team is “obviously disappointed” but “will keep fighting for our client.”
How the Mango Markets scheme worked
Mango Labs has accused Eisenberg of being a “notorious cryptocurrency market manipulator,” noting in its complaint that he has a “history of attacking multiple cryptocurrency platforms and manipulating cryptocurrency markets.” That history includes allegedly embezzling $14 million in 2021 while Eisenberg was working as a developer for another decentralized marketplace called Fortress, Mango Labs’ complaint said.
Eisenberg’s attack on Mango Markets intended to grab tens of millions more than the alleged Fortress attack. When Eisenberg was first charged, the DOJ explained how his Mango Markets price manipulation scheme worked.
On Mango Markets, investors can “purchase and borrow cryptocurrencies and cryptocurrency-related financial products,” including buying and selling “perpetual futures contracts.”
“When an investor buys or sells a perpetual for a particular cryptocurrency, the investor is not buying or selling that cryptocurrency but is, instead, buying or selling exposure to future movements in the value of that cryptocurrency relative to another cryptocurrency,” the DOJ explained.
It’s easy to get the impression that Discord chat messages are ephemeral, especially across different public servers, where lines fly upward at a near-unreadable pace. But someone claims to be catching and compiling that data and is offering packages that can track more than 600 million users across more than 14,000 servers.
Joseph Cox at 404 Media confirmed that Spy Pet, a service that sells access to a database of purportedly 3 billion Discord messages, offers data “credits” to customers who pay in bitcoin, ethereum, or other cryptocurrency. Searching individual users will reveal the servers that Spy Pet can track them across, a raw and exportable table of their messages, and connected accounts, such as GitHub. Ominously, Spy Pet lists more than 86,000 other servers in which it has “no bots,” but “we know it exists.”
An example of Spy Pet’s service from its website. Shown are a user’s nicknames, connected accounts, banner image, server memberships, and messages across those servers tracked by Spy Pet.
Spy Pet
Statistics on servers, users, and messages purportedly logged by Spy Pet.
Spy Pet
An example image of the publicly available data gathered by Spy Pet, in this example for a public server for the game Deep Rock Galactic: Survivor.
Spy Pet
As Cox notes, Discord doesn’t make messages inside server channels, like blog posts or unlocked social media feeds, easy to publicly access and search. But many Discord users many not expect their messages, server memberships, bans, or other data to be grabbed by a bot, compiled, and sold to anybody wishing to pin them all on a particular user. 404 Media confirmed the service’s function with multiple user examples. Private messages are not mentioned by Spy Pet and are presumably still secure.
Spy Pet openly asks those training AI models, or “federal agents looking for a new source of intel,” to contact them for deals. As noted by 404 Media and confirmed by Ars, clicking on the “Request Removal” link plays a clip of J. Jonah Jameson from Spider-Man (the Tobey Maguire/Sam Raimi version) laughing at the idea of advance payment before an abrupt “You’re serious?” Users of Spy Pet, however, are assured of “secure and confidential” searches, with random usernames.
This author found nearly every public Discord he had ever dropped into for research or reporting in Spy Pet’s server list. Those who haven’t paid for message access can only see fairly benign public-facing elements, like stickers, emojis, and charted member totals over time. But as an indication of the reach of Spy Pet’s scraping, it’s an effective warning, or enticement, depending on your goals.
Ars has reached out to Spy Pet for comment and will update this post if we receive a response. A Discord spokesperson told Ars that the company is investigating whether Spy Pet violated its terms of service and community guidelines. It will take “appropriate steps to enforce our policies,” the company said, and could not provide further comment.
Google has sued two app developers based in China over an alleged scheme targeting 100,000 users globally over four years with at least 87 fraudulent cryptocurrency and other investor apps distributed through the Play Store.
The tech giant alleged that scammers lured victims with “promises of high returns” from “seemingly legitimate” apps offering investment opportunities in cryptocurrencies and other products. Commonly known as “pig-butchering schemes,” these scams displayed fake returns on investments, but when users went to withdraw the funds, they discovered they could not.
In some cases, Google alleged, developers would “double down on the scheme by requesting various fees and other payments from victims that were supposedly necessary for the victims to recover their principal investments and purported gains.”
Google accused the app developers—Yunfeng Sun (also known as “Alphonse Sun”) and Hongnam Cheung (also known as “Zhang Hongnim” and “Stanford Fischer”)—of conspiring to commit “hundreds of acts of wire fraud” to further “an unlawful pattern of racketeering activity” that siphoned up to $75,000 from each user successfully scammed.
Google was able to piece together the elaborate alleged scheme because the developers used a wide array of Google products and services to target victims, Google said, including Google Play, Voice, Workspace, and YouTube, breaching each one’s terms of service. Perhaps most notably, the Google Play Store’s developer program policies “forbid developers to upload to Google Play ‘apps that expose users to deceptive or harmful financial products and services,’ including harmful products and services ‘related to the management or investment of money and cryptocurrencies.'”
In addition to harming Google consumers, Google claimed that each product and service’s reputation would continue to be harmed unless the US district court in New York ordered a permanent injunction stopping developers from using any Google products or services.
“By using Google Play to conduct their fraud scheme,” scammers “have threatened the integrity of Google Play and the user experience,” Google alleged. “By using other Google products to support their scheme,” the scammers “also threaten the safety and integrity of those other products, including YouTube, Workspace, and Google Voice.”
Google’s lawsuit is the company’s most recent attempt to block fraudsters from targeting Google products by suing individuals directly, Bloomberg noted. Last year, Google sued five people accused of distributing a fake Bard AI chatbot that instead downloaded malware to Google users’ devices, Bloomberg reported.
How did the alleged Google Play scams work?
Google said that the accused developers “varied their approach from app to app” when allegedly trying to scam users out of thousands of dollars but primarily relied on three methods to lure victims.
The first method relied on sending text messages using Google Voice—such as “I am Sophia, do you remember me?” or “I miss you all the time, how are your parents Mike?”—”to convince the targeted victims that they were sent to the wrong number.” From there, the scammers would apparently establish “friendships” or “romantic relationships” with victims before moving the conversation to apps like WhatsApp, where they would “offer to guide the victim through the investment process, often reassuring the victim of any doubts they had about the apps.” These supposed friends, Google claimed, would “then disappear once the victim tried to withdraw funds.”
Another strategy allegedly employed by scammers relied on videos posted to platforms like YouTube, where fake investment opportunities would be promoted, promising “rates of return” as high as “two percent daily.”
The third tactic, Google said, pushed bogus affiliate marketing campaigns, promising users commissions for “signing up additional users.” These apps, Google claimed, were advertised on social media as “a guaranteed and easy way to earn money.”
Once a victim was drawn into using one of the fraudulent apps, “user interfaces sought to convince victims that they were maintaining balances on the app and that they were earning ‘returns’ on their investments,” Google said.
Occasionally, users would be allowed to withdraw small amounts, convincing them that it was safe to invest more money, but “later attempts to withdraw purported returns simply did not work.” And sometimes the scammers would “bilk” victims out of “even more money,” Google said, by requesting additional funds be submitted to make a withdrawal.
“Some demands” for additional funds, Google found, asked for anywhere “from 10 to 30 percent to cover purported commissions and/or taxes.” Victims, of course, “still did not receive their withdrawal requests even after these additional fees were paid,” Google said.
Which apps were removed from the Play Store?
Google tried to remove apps as soon as they were discovered to be fraudulent, but Google claimed that scammers concocted new aliases and infrastructure to “obfuscate their connection to suspended fraudulent apps.” Because scammers relied on so many different Google services, Google was able to connect the scheme to the accused developers through various business records.
Fraudulent apps named in the complaint include fake cryptocurrency exchanges called TionRT and SkypeWallet. To make the exchanges appear legitimate, scammers put out press releases on newswire services and created YouTube videos likely relying on actors to portray company leadership.
In one YouTube video promoting SkypeWallet, the supposed co-founder of Skype Coin uses the name “Romser Bennett,” which is the same name used for the supposed founder of another fraudulent app called OTCAI2.0, Google said. In each video, a completely different presumed hired actor plays the part of “Romser Bennett.” In other videos, Google found the exact same actor plays an engineer named “Rodriguez” for one app and a technical leader named “William Bryant” for another app.
Another fraudulent app that was flagged by Google was called the Starlight app. Promoted on TikTok and Instagram, Google said, that app promised “that users could earn commissions by simply watching videos.”
The Starlight app was downloaded approximately 23,000 times and seemingly primarily targeted users in Ghana, allegedly scamming at least 6,000 Ghanian users out of initial investment capital that they were told was required before they could start earning money on the app.
Across all 87 fraudulent apps that Google has removed, Google estimated that approximately 100,000 users were victimized, including approximately 8,700 in the United States.
Currently, Google is not aware of any live apps in the Play Store connected to the alleged scheme, the complaint said, but scammers intent on furthering the scheme “will continue to harm Google and Google Play users” without a permanent injunction, Google warned.
Enlarge/ FTX founder Sam Bankman-Fried (R) departs Manhattan Federal Court after an arraignment hearing on March 30, 2023, in New York City.
The CEO of FTX Trading, John Ray, sent a letter to Judge Lewis Kaplan Wednesday to correct what he called “callously” and “demonstrably false” claims that disgraced FTX founder Sam Bankman-Fried made in hopes of receiving a lighter sentence for crimes including defrauding FTX customers.
In a sentencing memo, Bankman-Fried asked the court to drastically slash his prison sentence from what he considered a “grotesque” 110-year maximum to five to six years. Prosecutors have suggested the sentence should be between 40 and 50 years, but Bankman-Fried claimed such a sentence painted him as a “depraved supervillain,” Bloomberg reported.
The lightest sentence was appropriate, Bankman-Fried claimed, because the “most reasonable estimate of loss” and “harm” to customers, lenders, and investors is “zero.”
According to Ray, “Bankman-Fried continues to live a life of delusion.” While Ray’s team continues to work to recover funds lost, which has been estimated around $10 billion, the total amount of stakeholder claims filed is $23.6 quintillion dollars.
“One quintillion is one billion billions,” Ray told Kaplan. “It is the number 1 followed by 18 zeros. The task of addressing filed claims and reducing them to their proper and ‘allowed’ amount is monumental. Mr. Bankman-Fried assumes this is a breeze. He is wrong, very wrong.”
In one of the letter’s most heated moments, Ray explained why Bankman-Fried is also wrong to claim that FTX is “solvent and safe”:
Vast sums of money were stolen by Mr. Bankman-Fried, and he was rightly convicted by a jury of his peers. That things that he stole, things he converted into other things, whether they were investments in Bahamas real estate, cryptocurrencies or speculative ventures, were successfully recovered through the enormous efforts of a dedicated group of professionals (a group unfairly maligned by Mr. Bankman-Fried and his supporters) does not mean that things were not stolen. What it means is that we got some of them back. And there are plenty of things we did not get back, like the bribes to Chinese officials or the hundreds of millions of dollars he spent to buy access to or time with celebrities or politicians or investments for which he grossly overpaid having done zero diligence. The harm was vast. The remorse is nonexistent.
Ray appears to be frustrated that Bankman-Fried chose to blame his team currently leading FTX and managing bankruptcy claims, as well as lawyers—labeling them as “enemies”—to dodge responsibility for FTX crimes.
Those crimes include: wire fraud on customers of FTX, conspiracy to commit wire fraud on customers of FTX, wire fraud on lenders to Alameda Research, conspiracy to commit wire fraud on lenders to Alameda Research, conspiracy to commit securities fraud on investors in FTX, conspiracy to commit commodities fraud on customers of FTX in connection with purchases and sales of cryptocurrency and swaps, and conspiracy to commit money laundering.
“Bankman-Fried was willing to consider any narrative, including wildly conflicting narratives, that could potentially save him from this day of reckoning,” Ray told Kaplan.
Conflicting narratives Bankman-Fried considered were either focusing “exclusively on the fact” that he “could give value back to customers,” and “the Chapter 11 team is destroying it” or “go strong with the message” that “I’m really glad the Chapter 11 team has stepped in, they’re great, and even better I have funding that can help make customers more whole while the Chapter 11 team does what is needed to clean things up.”
Instead of being “enemies” stopping FTX customers from clawing back all the funds stolen, Ray told Kaplan that his team “worked tirelessly in the months following the collapse to institute governance, controls, and to preserve and protect assets.”
“The value we hope to return to creditors would not exist without the tens of thousands of hours that dedicated professionals have spent digging through the rubble of Mr. Bankman-Fried’s sprawling criminal enterprise to unearth every possible dollar, token, or other asset that was spent on luxury homes, private jets, overpriced speculative ventures, and otherwise lost to the four winds,” Ray told Kaplan, adding that “achieving anticipated recovery levels” that Bankman-Fried suggested all FTX victims are expecting is actually “by no means assured.”
“I am quite confident that but for the work of a very large team of dedicated individuals, billions of dollars would have been lost or stolen and the recoveries to customers would be a fraction of their expected recovery,” Ray told Kaplan. “I make this statement not to curry sympathy or thanks, but to accurately report on the reasons why the FTX debtors may soon be in a position to compensate victims for some of the losses caused by Mr. Bankman-Fried.”
