This 20-year-old young man carried out one of the largest personal theft cases in history.
His name is Lin Malong.
In August 2024, he defrauded a victim of 4,100 bitcoins and used the money to buy 31 supercars.
This is the simple method he used:


20-year-old Singaporean Lin Malong and his accomplice Jandil Serrano stole $230 million worth of cryptocurrency from an anonymous victim months ago, and the two were subsequently arrested.
How did it happen?

The scammer first triggered a notification of 'unauthorized Google account access' through technical means, alerting the victim to the anomaly.
A few days later, Lin Malong impersonated a Google employee and called the victim to inquire about the details of these 'unauthorized accesses.'

After multiple communications, he gradually manipulated the victim, obtaining enough information to successfully access the victim's Google Drive.
In Google Drive, they discovered the victim's personal information, including details of their cryptocurrency assets on the Gemini platform.


Subsequently, his accomplice Jandil pretended to be an employee of the Gemini platform and contacted the victim again.
Jandil successfully convinced the victim to download a software that allegedly could 'protect cryptocurrency assets.'

The scammer used this software to steal the victim's private key and made off with up to 4,100 bitcoins.
At that time, the total value of these bitcoins reached $230 million.
The two then laundered the stolen money through multiple cryptocurrency exchanges and mixing services.

So how were they caught?
Lin Malong started to spend wildly with his portion of the stolen money.
He spent extravagantly on the streets of Los Angeles, splurging $569,000 in one night at a nightclub!
He even gifted several women five Hermes birkin bags at the nightclub.

Court documents reveal that he purchased 31 supercars, a watch worth $2 million, and rented multiple luxury apartments in Los Angeles and Miami.
Eventually, he was arrested while flying on a private jet from Los Angeles to Miami.


Lin Malong's theft case proves that social engineering attacks can easily lead to the loss of one's cryptocurrency assets.
You can protect your assets using the following three methods:


1/ Prevent unauthorized access to devices:
Never allow unverified individuals to remotely access your device.
This effectively avoids becoming a victim due to sensitive data being compromised.

2/ Enable two-factor authentication (2FA):
Two-factor authentication is particularly important for email and cloud accounts storing sensitive data.
It is recommended to use authenticator apps or services with built-in two-factor authentication, and to avoid SMS-based 2FA to prevent SIM card theft risk.

3/ Use secure key storage:
Recognize the risks of storing private keys on exchanges.
If not managed properly, you could easily lose assets like the victims in the Lin Malong case.
To protect asset security, it is advised to choose safer, self-hosted, and user-friendly wallet services.