This 20-year-old carried out one of the largest personal theft cases in history.
His name is Malone Lam.
In August 2024, he defrauded a victim of 4,100 bitcoins and used the money to buy 31 supercars.
Here is the simple method he used:


20-year-old Singaporean Malone Lam and his accomplice Jandiel Serrano stole $230 million worth of cryptocurrency from an anonymous victim a few months ago, and both were subsequently arrested.
How did this happen?

The scammer first triggered an 'unauthorized Google account access' notification through technical means, making the victim aware of the anomaly.
A few days later, Malone Lam impersonated a Google employee and called the victim to inquire about the details of the 'unauthorized access'.

Through multiple communications, he gradually manipulated the victim, obtaining enough information to successfully access the victim's Google Drive.
In Google Drive, they discovered the victim's personal information, including details of their cryptocurrency assets on the Gemini platform.


Subsequently, his accomplice Jandiel impersonated a Gemini platform employee and contacted the victim again.
Jandiel successfully convinced the victim to download software that supposedly could 'protect crypto assets'.

The scammer used this software to steal the victim's private keys, making away with up to 4,100 bitcoins.
At that time, the total value of these bitcoins was as high as $230 million.
The two then laundered the stolen funds through multiple cryptocurrency exchanges and mixing services.

So how were they caught?
Malone Lam began to indulge in extravagant spending with his share of the stolen money.
He spent lavishly on the streets of Los Angeles, blowing $569,000 in one night at a nightclub!
He even gifted several ladies in the nightclub 5 Hermes Birkin bags.

Court documents show he purchased 31 supercars, a watch worth $2 million, and rented multiple luxury apartments in Los Angeles and Miami.
Ultimately, he was arrested while taking a private jet from Los Angeles to Miami.


Malone Lam's theft case proves that social engineering attacks can easily make one lose their crypto assets.
You can protect your assets using the following three methods:


1/ Prevent unauthorized access to your devices:
Never allow unverified individuals to remotely access your devices.
This can effectively prevent you from becoming a victim due to sensitive data being controlled.

2/ Enable two-factor authentication (2FA):
Two-factor authentication is particularly important for email and cloud accounts that store sensitive data.
It is advisable to use an authenticator app or services with built-in two-factor authentication, and to avoid SMS-based 2FA whenever possible to prevent SIM card hijacking risks.

3/ Use secure key storage:
Recognize the risks of storing private keys on exchanges.
If not managed properly, you could easily lose your assets like the victims in the Malone Lam case.
To protect asset security, it is recommended to choose safer, self-hosted, and user-friendly wallet services.