This 20-year-old carried out one of the largest personal thefts in history.
His name is Malone Lam. In August 2024, he defrauded a victim of 4,100 Bitcoins and used the money to purchase 31 supercars. This is the simple method he used: 🧵
20-year-old Singaporean Malone Lam and his accomplice Jandiel Serrano stole $230 million worth of cryptocurrency from an anonymous victim a few months ago, and the two were subsequently arrested.
How did it happen? The scammer first triggered a notification of "unauthorized Google account access" through technical means, making the victim aware of the anomaly. A few days later, Malone Lam impersonated a Google employee and called the victim to inquire about these “unauthorized accesses.” After multiple communications, he gradually manipulated the victim to obtain enough information to successfully access the victim's Google Drive. In Google Drive, they discovered the victim's personal information, including details of their cryptocurrency assets on the Gemini platform. Subsequently, his accomplice Jandiel posed as a Gemini platform employee and contacted the victim again. Jandiel successfully convinced the victim to download software that supposedly could “protect cryptocurrency assets.” The scammers used this software to steal the victim's private keys and took away up to 4,100 Bitcoins. At the time, these Bitcoins were worth up to $230 million. The two then laundered the loot through multiple cryptocurrency exchanges and mixing services.
So how were they caught? Malone Lam started a crazy spree with his share of the loot. He spent lavishly on the streets of Los Angeles, splurging $569,000 in a nightclub in one night! He even gifted several women 5 Hermès Birkin bags at the nightclub. Court documents reveal that he purchased 31 supercars, a $2 million watch, and rented several luxury apartments in Los Angeles and Miami. Ultimately, he was arrested while flying from Los Angeles to Miami on a private jet. Malone Lam's theft case demonstrates how social engineering attacks can easily lead to the loss of one's cryptocurrency assets.
You can protect your assets using the following three methods:
1/ Prevent unauthorized access to your device: Never allow unauthenticated individuals to access your device remotely. This effectively avoids becoming a victim of sensitive data control.
2/ Enable two-factor authentication (2FA): Two-factor authentication is crucial for email and cloud accounts that store sensitive data. It is recommended to use an authenticator app or services with built-in two-factor authentication features, and to avoid SMS-based two-factor authentication to prevent SIM card theft risks.
3/ Use secure key storage: Recognize the risks of storing private keys on exchanges. If mismanaged, you could easily lose your assets like the victim in the Malone Lam case.
To secure your assets, it is advisable to choose a wallet service that is more secure, self-custodied, and easy to use.