• 12 new individuals charged in a $263 million crypto theft operation that stole 4,100 Bitcoin from a Genesis creditor
• The group evolved from online gaming friends into a sophisticated cybercrime ring with members aged 18-22
• They used social engineering, hacking, and even physical burglaries to steal crypto wallets
• Stolen funds were spent on exotic cars worth up to $3.8 million, $500,000 nightclub tabs, and luxury items
• Money laundering techniques included crypto mixers, peel chains, VPNs, and hiding cash in stuffed toys

The Department of Justice has charged 12 more people in connection with a massive cryptocurrency theft operation that stole over $263 million in digital assets, including 4,100 Bitcoin from a single victim.

The charges expand on an earlier indictment against Malone Lam, who was first charged on September 19, 2024.

The group, mostly California residents between 18 and 22 years old, allegedly began as friends playing online games before evolving into what prosecutors describe as a “cyber-enabled racketeering conspiracy.” Two suspects are believed to be in Dubai, while several others have been arrested in the United States.

Members adopted online aliases like “Goth Ferrrari” and “The Accountant,” operating in various roles within the criminal enterprise. Some focused on hacking databases or making cold calls to trick crypto holders, while others conducted physical break-ins to steal hardware wallets containing cryptocurrency.

The operation began around October 2023 and continued through March 2025. The group’s biggest single theft occurred on August 18, 2024, when they allegedly stole over 4,100 Bitcoin valued at more than $230 million from a Genesis creditor.

Sophisticated Theft Methods

The theft ring employed a range of techniques to obtain cryptocurrency. Beyond digital methods, the indictment details how Malone Lam hacked into one victim’s iCloud account to monitor their movements. Meanwhile, defendant Marlon Ferro allegedly burglarized the victim’s home to steal crypto hardware wallets.

To hide their tracks, the group used virtual private networks and cryptocurrency mixer protocols. They also employed a money-laundering tactic known as “peel chains,” where funds are moved through multiple wallets with small amounts “peeled off” at each step.

The defendants face serious charges under the RICO (Racketeer Influenced and Corrupt Organizations) Act. Additional charges include wire fraud and money laundering offenses.

Extravagant Spending Spree

The stolen funds fueled an extravagant lifestyle, according to prosecutors. The group allegedly spent up to $500,000 in single nights at nightclubs and purchased 28 exotic cars, some valued at $3.8 million each.

Luxury items included designer handbags, watches, and clothing. The indictment states they even shipped bulk cash hidden inside Squishmallow stuffed toys to avoid detection.

The group rented luxury homes in the Hamptons, Los Angeles, and Miami using fake identity documents. They also hired private security guards and chartered private jets with the stolen money.

Even after his arrest, lead defendant Lam allegedly continued directing criminal activities from pretrial detention, including having luxury goods delivered to his partner.

The FBI and IRS Criminal Investigation are supporting the ongoing investigation, with additional support from FBI offices in Los Angeles and Miami.

Authorities have seized numerous assets from the defendants, including Lamborghinis, Ferraris, Rolls-Royces, designer clothing, luxury watches, and champagne. The investigation remains active, with prosecutors continuing to trace stolen funds and identify additional suspects.

The twelve defendants face various charges, with most charged under RICO conspiracy laws. Nine face additional charges for money laundering, while eight are charged with conspiracy to commit wire fraud.

The post A Group of 20-Year-Olds Stole $263M in Crypto: Spent It on Lamborghinis & Luxury Goods appeared first on CoinCentral.

• Hashling NFT founder Jonathan Mills sued for allegedly misappropriating millions from the project and related Bitcoin mining operation
• Investors claim they raised $1.46 million from NFT drops but received no returns
• Mills allegedly created a flawed shareholder agreement giving himself 67% equity and voting rights
• Plaintiffs are suing for fraud and breach of fiduciary duty
• Mills reportedly admitted having no money or NFT experience before starting the project

Investors in the Hashling NFT project have filed a lawsuit against founder Jonathan Mills, accusing him of stealing millions of dollars from both the NFT venture and a related Bitcoin mining operation.

According to court documents filed on May 14 in Illinois, the plaintiffs allege that Mills misappropriated funds and failed to pay promised equity returns. The legal action comes after investors claim they were ghosted by Mills following their investments.

The lawsuit states that investors raised a combined $1.46 million from two NFT drops on the Solana and Bitcoin blockchains. Despite the success of these drops, the plaintiffs say they never received any returns from their investments.

At the heart of the dispute is Satoshi Labs LLC, formerly known as Proof of Work Labs LLC. Mills, who serves as founder and CEO of the company, allegedly told investors he had transferred assets from Hashling NFT and at least $3 million from the Bitcoin mining project to this holding company.

The Shareholder Agreement Controversy

The plaintiffs claim Mills created a flawed shareholder agreement to justify his control over the project’s assets. This agreement was allegedly “rife with errors” designed to support his claims.

Under this agreement, Mills received a 67% equity share in the company. Other investors who contributed up to $20,000 each received just 2% equity in return.

Mills also secured a 67% voting stake on all matters related to the company. This gave him overwhelming control, as no other partner held more than 2% voting rights.

When the company name changed from Proof of Work Labs to Satoshi Labs, Mills assured investors their equity stakes would remain unchanged. However, the plaintiffs claim this was part of a scheme to maintain control over the assets.

The origins of the Hashling NFT project trace back to discussions between Mills and plaintiff Dustin Steerman, who had worked with Mills previously. What’s strange about this partnership is that Mills reportedly told Steerman he had “no money and no NFT-related experience” before starting the project.

“[Mills] had a willingness to help push the project forward, and he did have an idea at the start,” said Clinton Ind, the investors’ attorney from Ind Legal Group LLC.

To make the project successful, Mills and Steerman brought in other investors who now serve as plaintiffs in the case. These team members helped with NFT art creation, social media marketing, and even attended NFT conferences in New York to promote the project.

The lawsuit even claims Mills convinced his girlfriend to invest in the Hashling NFTs project.

Beyond the fraud and breach of fiduciary duty claims, the plaintiffs are seeking a constructive trust over the project’s assets and full legal restitution. This would give them control over the assets while the case is resolved.

Cointelegraph reported that they reached out to Mills for comment but did not receive an immediate response at the time of reporting.

The case highlights the risks investors face in the largely unregulated NFT space, where project founders can wield considerable power over funds and operations.

Court documents show the plaintiffs are asking the court to hold Mills accountable for his actions and to recover the money they believe was wrongfully taken from the project.

The post Investors File Lawsuit Against NFT Founder for $3 Million Bitcoin Mining Fraud appeared first on CoinCentral.

• Telegram has shut down Haowang Guarantee, described as “the largest darknet marketplace to have ever existed”
• The Chinese-language marketplace facilitated an estimated $27 billion in illicit transactions, primarily using Tether
• The shutdown followed a Telegram purge of thousands of associated merchant accounts on May 13, 2025
• The marketplace provided services to crypto scammers including money laundering, stolen data, and equipment for scam operations
• A second marketplace called Xinbi Guarantee has been identified with $8.4 billion in transactions and may be growing as scammers migrate

Haowang Guarantee, a massive Chinese-language darknet marketplace operating on Telegram, has ceased operations following a widespread ban of thousands of associated accounts.

The shutdown on May 13, 2025, marks the end of what blockchain security firm Elliptic called “the largest darknet marketplace to have ever existed.”

The marketplace announced the closure on its website in a brief message stating, “Since all our NFTs, channels and groups were blocked by Telegram on May 13, 2025, Haowang Guarantee will cease operations from now on.”

Haowang Guarantee, previously known as Huione Guarantee, facilitated an estimated $27 billion in illicit transactions, primarily using the Tether (USDT) stablecoin.

The marketplace served as a hub for crypto scammers, offering money laundering services, stolen personal data for pig butchering scams, telecommunications infrastructure, deepfake software, fake IDs, and even physical restraint devices used in scam call centers across Southeast Asia.

The Telegram Purge

Telegram’s action came shortly after inquiries from tech publication Wired and research from blockchain security firm Elliptic. Telegram spokesperson Remi Vaughn confirmed to Wired that “communities previously reported to us by WIRED or included in reports published by Elliptic have all been taken down,” adding that “criminal activities like scamming or money laundering are forbidden by Telegram’s terms of service.”

The timing of the shutdown also follows a designation by the US Treasury’s Financial Crimes Enforcement Network (FinCEN) in early May. FinCEN listed Huione Group, the parent company of Haowang Guarantee, as a money laundering operation that would be cut off from the US banking system.

Tom Robinson, co-founder of Elliptic, called the shutdown “a huge win” and “a game-changer in terms of overall online criminal markets.” He stated it would “put a real dent in the ability of online scammers to do what they do” as the marketplace was “a key enabler of the global scam epidemic.”

Rising Alternatives

Despite this major shutdown, other similar marketplaces appear to be emerging. Blockchain security researchers have identified another Telegram-based illicit marketplace called Xinbi Guarantee, which has already processed an estimated $8.4 billion in transactions.

Elliptic notes this figure should be considered the “lower bounds of the true volume of transactions on the platform.” Xinbi was reportedly linked to a Colorado-based company incorporated in 2022 but listed as delinquent in January 2025.

Researchers have also identified a third marketplace called Tudou Guarantee, which allegedly has connections to Haowang’s ownership. According to Robinson, Tudou Guarantee has seen “a major surge in new users” following the Haowang shutdown.

These black markets have unveiled what Elliptic describes as a “China-based underground banking system” built around stablecoins and crypto payments, which is being used for money laundering on a large scale.

The shutdown may only be a temporary setback for the crypto-scam industry. Robinson notes that the effectiveness of Telegram’s crackdown will depend on how seriously the messaging platform continues to pursue these marketplaces as they emerge in new forms.

“Are they going to pursue all of these marketplaces and continue to do so as new ones emerge?” Robinson asks. If Telegram maintains its crackdown, he suggests the market operators might migrate to other messaging services with less oversight or even to decentralized platforms where they can’t be effectively banned.

Haowang had powerful backing from a company with links to businesses associated with Cambodia’s ruling family. Huione Group, the parent company, includes a company linked to the family of Cambodia’s prime minister, Hun Manet, with the prime minister’s cousin Hun To serving as one of those companies’ directors.

Robinson concluded, “Online crime is a cat-and-mouse game in general. But these are very large mice. It’s a big blow to the criminal ecosystem that will take a long time to recover from.”

The post “Largest Darknet Marketplace Ever” Telegram Shuts Down $27 Billion Crypto Black Market appeared first on CoinCentral.

• Armed kidnappers failed to abduct daughter and grandson of Paymium co-founder in Paris
• Physical crypto attacks up dramatically in 2025, with 22 cases already versus 32 in all of 2024
• France has seen six crypto-related kidnappings this year, many involving finger amputations
• Victims in multiple countries including Brazil, Hong Kong, and China targeted for crypto ransoms
• Passers-by helped thwart the Paris kidnapping after the woman disarmed one attacker

A woman and her young child, relatives of a prominent French cryptocurrency executive, managed to escape what could have become the latest in a string of brutal abductions targeting those connected to the digital asset industry.

The incident took place Tuesday morning in Paris’s 11th district. Four masked assailants launched their attack around 8:20 local time, when three men jumped from a white van and attempted to force the mother and child into the vehicle.

Police sources confirmed the targets were family members of Paymium’s co-founder and CEO. Paymium stands as one of France’s earliest Bitcoin exchanges.

The woman’s husband was beaten repeatedly while trying to defend his family. In a moment of quick thinking, the woman grabbed a weapon from one of the attackers and threw it away, later identified as a replica air gun.

The street was busy at the time, with school children passing nearby. Though bystanders initially hesitated to help, locals eventually intervened, causing the kidnappers to abandon their attempt.

The attackers fled in their van, driven by a fourth accomplice. One brave bystander even hurled a fire extinguisher at the vehicle as it sped away.

Global Trend of Violence

This foiled kidnapping follows a disturbing pattern emerging worldwide. According to a tracker maintained by Casa CTO Jameson Lopp, 2025 has already seen 22 physical attacks related to cryptocurrency wealth.

This puts 2025 on pace to far exceed the 32 cases documented throughout 2024. The 2023 total of 24 incidents has nearly been matched in just over four months.

France has become a particular hotspot for such crimes. The country has witnessed at least six crypto-related kidnappings or attempts this year alone.

In January, Ledger co-founder David Balland and his wife were abducted from their home in central France. Reports indicate kidnappers severed one of Balland’s fingers during the ordeal while demanding cryptocurrency ransom. Nine suspects have since been arrested.

Earlier this month, French police rescued the father of a crypto millionaire who had been kidnapped while walking his dog in Paris. The victim also had a finger amputated by his captors before being freed in a police raid. Seven arrests followed.

On New Year’s Eve, criminals targeted the father of a crypto influencer in Saint-Genis-Pouilly, holding him hostage in yet another ransom scheme.

The violence extends well beyond French borders. In March, Chinese-Filipino businessman Anson Que was killed after kidnappers demanded $20 million in cryptocurrency. Authorities had already paid $3.5 million before his death.

Hong Kong has reported multiple ambushes during crypto transactions, including a recent case involving a Turkish victim. In Brazil, a Spanish businessman spent five days in captivity after criminals posing as police officers abducted him and demanded $50 million in crypto. He eventually escaped.

The post Mother Fights Off Bitcoin Kidnappers in Dramatic Paris Street Confrontation appeared first on CoinCentral.

• German police shut down eXch and seized €34M in crypto.
• eXch was linked to the $1.4B Bybit hack in 2025.
• The platform helped launder stolen crypto funds.
• eXch operated without KYC or AML rules since 2014.
• This was the third-largest crypto seizure in the world.

German law enforcement has shut down the cryptocurrency exchange platform eXch as part of an investigation linked to the $1.4 billion Bybit hack in 2025. Authorities seized approximately €34 million (equivalent to $38 million) in digital assets from the platform, allegedly facilitating the laundering of stolen funds connected to the cyberattack.

The operation was announced on May 9, 2025, by Germany’s Federal Criminal Police Office (BKA) in coordination with Frankfurt’s public prosecutor’s office. According to the BKA, this marks the world’s third-largest cryptocurrency asset seizure. The confiscated funds included Bitcoin (BTC), Ethereum (ETH), Litecoin (LTC), and Dash (DASH). Investigators also secured over eight terabytes of server data from the eXch platform.

eXch Linked to the Bybit Exploit and Other Cybercrimes

Authorities suspect that eXch played a role in laundering a portion of the crypto assets stolen during the February 21 Bybit breach. The hack, which targeted one of Bybit’s cold wallets, led to the theft of approximately $1.46 billion in Ether. Investigators believe the North Korean Lazarus Group was responsible for the incident.

Following the breach, a series of obfuscation techniques were employed to conceal the movement of funds. According to cybersecurity analysts and blockchain researchers, including independent investigator ZachXBT, some of the stolen Ether was swapped through platforms such as eXch and converted across chains and coins to avoid detection. Authorities have traced some of these funds back to wallets associated with known cybercriminal networks.

History and Operations of eXch

eXch began operations in 2014 and functioned as a crypto “swapping” platform. It allowed users to exchange cryptocurrencies without undergoing standard Know Your Customer (KYC) or Anti-Money Laundering (AML) verification processes. Over the years, the platform is estimated to have processed more than $1.9 billion in crypto transactions.

The platform operated under multiple domain names, including eXch.cx, and was accessible via the clearnet and darknet. Its services were marketed to users seeking anonymity and attracted individuals engaged in illicit activities. Authorities stated that the lack of regulatory compliance and data retention made it a tool for laundering digital assets.

Platform Shut Down Ahead of Voluntary Closure

eXch had announced in mid-April 2025 that it would shut down its services by May 1. The statement, posted on a cryptocurrency forum, cited increased surveillance and regulatory pressure as reasons for the closure. However, German authorities executed the seizure just before the platform’s self-imposed deadline, likely to prevent any final attempts to move illicit funds.

The investigation into eXch also ties the platform to previous cryptocurrency thefts, including the $243 million Genesis creditor exploit and several phishing-related laundering schemes. Law enforcement agencies in Germany and cooperation from Dutch counterparts continue to investigate broader networks that may have used eXch for illegal financial operations.

Growing Efforts to Regulate Crypto in Germany

The takedown of eXch follows a broader effort by German regulators to combat money laundering through unlicensed digital finance platforms. In late 2024, authorities closed 47 crypto exchanges and seized assets, including €250,000 and several illegal Bitcoin ATMs.

Regulatory bodies continue to stress the importance of AML compliance within the digital asset sector. Platforms that fail to meet these standards are being increasingly targeted as law enforcement seeks to dismantle tools used in the digital underground economy.

The post eXch Closed in Germany Amid $38M Bybit Hack Scandal appeared first on CoinCentral.

• Former Celsius CEO Mashinsky sentenced to 12 years for crypto fraud.
• He misled investors about Celsius’s financial health and risks.
• Used customer funds to pump CEL token price, made $48M personally.
• Celsius collapsed in 2022, locking $4.7B in user funds, $7B in total losses.
• Mashinsky must forfeit $48.3M, pay a fine, and face civil charges.

Alexander Mashinsky, the former Chief Executive Officer(CEO) of Celsius Network LLC has been sentenced to 12 years in federal prison following a conviction for securities fraud and commodities fraud. The sentence was issued by Judge John G. Koeltl of the U.S. District Court for the Southern District of New York. The judgment followed Mashinsky’s guilty plea on December 3, 2024, to one count each of securities and commodities fraud as part of a plea agreement with federal prosecutors.

EX Celsius CEO was finally sentenced.

12 years for crypto fraud. Did he get enough time behind bars?

— megbzk (@megbzk) May 8, 2025

The court imposed a 144-month sentence and a concurrent 120-month sentence. In addition to the prison term, Mashinsky was ordered to forfeit $48.3 million and pay a $50,000 fine. He will also serve three years of supervised release. The sentencing resolves a long-running investigation into Mashinsky’s role in Celsius Network’s collapse and related market manipulation activities.

Misrepresentation of Celsius’s Financial Stability

Celsius Network operated as a cryptocurrency lending platform that promised users high returns on digital asset deposits. Under Mashinsky’s leadership, the company aggressively promoted itself as a safer alternative to traditional banking. However, prosecutors presented evidence that Mashinsky knowingly misled investors regarding the company’s financial health and ability to manage risk.

Despite public claims of transparency and security, Celsius engaged in practices contradicting its marketing. These included making uncollateralized loans and leveraging customer assets for risky investments. As Celsius’s asset base expanded to approximately $25 billion by late 2021, internal communications and testimony revealed a consistent pattern of misinformation intended to retain user deposits and project financial stability.

Manipulation of CEL Token and Insider Profits

Authorities also charged Mashinsky with orchestrating a scheme to manipulate the price of Celsius’s native token, CEL. Over several years, the company artificially spent hundreds of millions to inflate CEL’s market price. In some cases, Celsius used customer funds to support these purchases without informing its clients. According to court filings, the token’s inflated value allowed Mashinsky to generate approximately $48 million through personal sales while publicly denying that he was offloading any holdings.

Internal messages cited in the proceedings revealed that Celsius executives acknowledged the artificial nature of CEL’s price. One such message from former Chief Revenue Officer Roni Cohen-Pavon described the token’s valuation as “fake” and reliant on substantial market intervention.

Company Collapse and Customer Losses

Celsius suspended withdrawals on June 12, 2022, amid mounting liquidity issues, and filed for bankruptcy one month later. At the time of the halt, approximately 600,000 customers had over $4.7 billion in assets locked on the platform. Estimates by federal prosecutors place total customer losses closer to $7 billion based on market values at the time of the company’s collapse.

Mashinsky’s arrest in July 2023 followed a multi-count indictment, which was ultimately resolved through a plea deal. Although the maximum sentence under the agreement was 30 years, prosecutors recommended a 20-year term. The final sentence of 12 years balanced the prosecution’s recommendation and the defense’s request for leniency.

The Securities and Commodities Fraud Task Force prosecuted the case, with support from the FBI, the U.S. Securities and Exchange Commission, and the Commodity Futures Trading Commission, each of which initiated parallel civil proceedings.

The post Former Celsius CEO Sentenced to 12 Years for Crypto Fraud and Token Manipulation appeared first on CoinCentral.

• Judge Dismisses Most FTX Lawsuit Claims, State Cases Still Stand.
• Celebrities cleared in FTX fraud case, and some claims continue.
• FTX Promo Lawsuit Thrown Out, State Claims Survive.
• FTX Celeb Endorsers Off the Hook, But Some Legal Battles Remain.
• Fraud Claims Dropped, State-Level FTX Lawsuit Still Going Strong.

A federal judge has sharply limited a major lawsuit filed by investors against celebrities who promoted the FTX cryptocurrency exchange before it collapsed. U.S. District Judge K. Michael Moore, from the Southern District of Florida, dismissed most of the claims in the combined case. He ruled that the investors failed to prove the celebrities knew about any fraud at FTX.

The lawsuit FTX filed for bankruptcy in November 2022 alleged that public figures such as Tom Brady, Gisele Bündchen, Stephen Curry, and Kevin O’Leary misled investors by endorsing the exchange. Plaintiffs claimed the celebrities accepted payments to promote FTX while failing to disclose their financial arrangements, violating federal and state laws.

Claims of Fraud and Conspiracy Dismissed

In his ruling, Judge Moore stated that the plaintiffs failed to demonstrate that the celebrities knowingly participated in fraud committed by FTX  founder Sam Bankman-Fried. The court found no adequate evidence indicating the defendants had the required intent to defraud investors or were aware of any underlying misconduct.

Additionally, the court dismissed civil conspiracy claims, noting that receiving promotional payments does not constitute a conspiracy. The judge emphasized that negligence or lack of due diligence is insufficient to establish liability for fraud under the legal standards required in this case.

Two State-Level Claims Remain Active

Despite dismissing 12 of the 14 claims, Judge Moore allowed two state-level claims to proceed. The surviving claims are based on allegations that the defendants assisted in the unlawful sale of unregistered securities under Florida and Oklahoma laws. The judge found it plausible that FTX may have used celebrity endorsements as a strategy to market and sell investment products that could be categorized as securities under state law.

Florida law imposes strict liability in such cases, meaning the promoters can potentially be held liable even without knowledge of the product’s fraudulent nature. These remaining claims allow the plaintiffs to continue seeking accountability for the celebrities’ role in promoting FTX.

Future Legal Action and Ongoing Litigation

The plaintiffs’ legal team, led by attorney Adam Moskowitz, welcomed allowing state claims to proceed. Moskowitz indicated plans to file an amended complaint, which may include additional defendants such as Major League Baseball and Formula 1 Racing.

Some individuals previously named in the lawsuit, including Shaquille O’Neal and Trevor Lawrence, have already reached settlements. The exact terms of these agreements have not been disclosed. FTX’s bankruptcy proceedings are ongoing, and the company has received approval for a repayment plan to reimburse its customers.

The lawsuit is part of broader legal efforts to determine liability in the promotion and collapse of FTX, which resulted in significant financial losses for investors and heightened scrutiny of cryptocurrency marketing practices.

The post Judge Dismisses Claims Against Celebrities in FTX Lawsuit appeared first on CoinCentral.

• A crypto millionaire’s father was abducted by masked men demanding a €7 million ransom.

• The kidnappers severed one of the victim’s fingers to pressure payment.

• French police raided a Paris suburb on May 3 and freed the hostage unharmed.

• All suspects, men in their 20s, face serious charges including kidnapping and extortion.

French police have freed a man who was kidnapped in a plot targeting his wealthy son, a prominent figure in the crypto industry.

As per a Tuesday report by Le Monde, the abducted individual, whose identity remains undisclosed, was rescued in a police raid that took place on the night of May 3, 2025, in a Paris suburb.

The kidnapping, which unfolded on Thursday morning, is believed to be a well-planned extortion attempt aimed at extorting a ransom of between €5 million and €7 million from the son, a successful crypto entrepreneur.

Notably, the victim, described as the father of a well-known crypto millionaire, was seized in the 14th arrondissement of Paris by four masked men.

The kidnappers reportedly forcibly bundled him into a delivery van and held him captive as they demanded a ransom.

The attack, which was violent and calculated, took a sinister turn when one of the victim’s fingers was severed as a sign of the kidnappers’ ruthless tactics. Authorities feared further mutilations if the police did not intervene promptly.

Meanwhile, the swift police response led to the successful arrest of five suspects, all men in their 20s. They were detained after officers raided an address in a Parisian suburb where the victim was being held.

French prosecutors have since launched a thorough investigation into the case, with the suspects facing charges related to kidnapping, extortion, torture, and unlawful imprisonment. One suspect was apprehended while driving a vehicle believed to have been used by the criminals.

French Interior Minister Bruno Retailleau praised the operation, calling it “decisive,” and lauding the efforts of the French police.

“The safety of citizens and their families, especially when targeted by such violent crimes, is of paramount importance,” Retailleau said.

Un immense bravo aux enquêteurs qui ont fait un travail exceptionnel pour libérer cet homme et pour interpeller ses ravisseurs. Merci à @NunezLaurent et à la @prefpolice pour leur engagement décisif. https://t.co/e7PUr2OxzV

— Bruno Retailleau (@BrunoRetailleau) May 3, 2025

The victim’s wife had previously informed investigators that both she and her husband had been threatened in the past, raising suspicions that the kidnappers were targeting the family due to their connections to the crypto world. The couple, who run a successful crypto marketing firm based in Malta, have been the subjects of previous extortion threats.

Criminals Targeting Crypto Figures.

That said, this kidnapping is the latest in a string of attacks targeting cryptocurrency figures in France. In January 2025, David Balland, the co-founder of the crypto firm Ledger, was abducted in a similar fashion, with his abductors demanding a ransom of €10 million. His kidnappers also severed his finger in an effort to expedite the ransom payment. That case remains under investigation, with several suspects already detained.

In another related case from New Year’s Eve 2024, the father of a Dubai-based crypto influencer was kidnapped from his home in Saint-Genis-Pouilly, France. Armed assailants restrained both him and his wife before transporting the victim over 500 kilometers across the country. The victim was later found in Le Mans, bound, beaten, and doused with gasoline. Police discovered him in the trunk of a car after the suspects fled. The kidnappers had demanded a ransom from the influencer, who instead contacted authorities, leading to a swift rescue.

The post Criminals Nabbed in €7m Kidnap Case Targeting Crypto Figure’s Family appeared first on CoinCentral.

• Alexander Gurevich, a Russian-Israeli citizen, was arrested in Israel for his alleged role in the $190M Nomad bridge hack
• Gurevich allegedly exploited a vulnerability first, stealing $2.89M before copycats stole the remaining funds
• He contacted Nomad’s CTO via Telegram, requested a $500,000 bounty, and returned $162,000
• Gurevich was arrested at Ben-Gurion Airport trying to flee to Russia using a new identity (“Alexander Block”)
• US authorities are seeking his extradition on money laundering charges that carry up to 20 years in prison

Alexander Gurevich, a Russian-Israeli citizen, was arrested at Israel’s Ben-Gurion Airport on May 1 while attempting to board a flight to Russia. He is allegedly the person who first exploited a vulnerability in the Nomad bridge smart contracts in August 2022, leading to a massive $190 million hack that caused the protocol’s collapse.

Israeli authorities apprehended Gurevich just days after he legally changed his name to “Alexander Block” and obtained a new passport. The arrest came as part of an extradition process initiated by US authorities, who filed an eight-count indictment against him in the Northern District of California in August 2023.

According to reports from The Jerusalem Post, Gurevich had returned to Israel from an overseas trip on April 19 and was ordered to appear before the Jerusalem District Court for an extradition hearing. Instead of complying, he changed his name on April 29 and attempted to flee to Russia two days later.

US prosecutors allege that Gurevich was the first to identify and exploit a critical vulnerability in Nomad’s smart contracts. He allegedly stole approximately $2.89 million worth of cryptocurrency tokens through this exploit in August 2022.

Alexander Gurevich ("Block") was arrested Thursday at Ben Gurion Airport in Israel. He is wanted in the United States for computer offenses, transfer of stolen money and laundering money worth millions of dollars in a sting that in 2022 almost led to the collapse of one… pic.twitter.com/d8RepO3tT5

— יואב איתיאל מדווח כי (@yoavetiel) May 3, 2025

How The Hack Unfolded

What made the Nomad hack unusual was how it evolved from a single exploit into what security experts described as a “free-for-all.” After Gurevich’s initial breach, dozens of copycat hackers quickly spotted and exploited the same vulnerability.

“This is why the hack was so chaotic — you didn’t need to know about Solidity or Merkle Trees or anything like that,” explained Samczsun, a well-known blockchain security researcher. “All you had to do was find a transaction that worked, find/replace the other person’s address with yours, and then re-broadcast it.”

Onchain data analyzed by Coinbase identified 88 unique wallet addresses participating as copycats, collectively responsible for removing $88 million from the bridge. The vulnerability allowed attackers to spoof Nomad’s smart contracts with invalid transactions to withdraw funds from the protocol.

The majority of stolen assets were in USDC stablecoin and wrapped versions of Bitcoin and Ethereum. Some participants in the exploit later turned out to be “whitehats” or ethical hackers who returned funds they had withdrawn during the chaos.

The Telegram Confession

In a twist that ultimately led to his identification, Gurevich allegedly reached out to Nomad’s Chief Technology Officer, James Prestwich, via Telegram shortly after the hack. Using a fake identity, he admitted to “amateurishly” seeking a crypto protocol to exploit.

During these communications, Gurevich apologized for “the trouble he caused Prestwich and his team” and voluntarily transferred about $162,000 into a recovery wallet the company had set up. This amount represented only a small fraction of what he allegedly stole.

Prestwich offered Gurevich a 10% bounty on the value of the stolen assets if he would return them, a common practice in the cryptocurrency space when dealing with hackers. Gurevich reportedly said he would consult his lawyer but never responded after that.

At some point during these negotiations, Gurevich demanded a reward of $500,000 for identifying the vulnerability, according to court documents.

Israeli officials believe Gurevich carried out the attack while physically in Israel, having arrived in the country just days before the $190 million exploit occurred in August 2022.

The money laundering charges that Gurevich now faces in the US carry a maximum sentence of 20 years, which is much harsher than penalties he would face under Israeli law. The US submitted a formal extradition request in December 2024.

Peter Kacherginsky, a blockchain security expert formerly with Coinbase’s security team, commented on X that Gurevich “fits the profile of a crypto-native threat actor: skilled in smart contract exploitation but ultimately undone by poor opsec [operational security].”

The attacker behind the $186M Nomad Bridge hack has been identified as Alexander Gurevich, aka "Block".

He fits the profile of a crypto-native threat actor: skilled in smart contract exploitation but ultimately undone by poor opsec.https://t.co/7U6plnewRh

— Peter Kacherginsky (@_iphelix) May 4, 2025

The post From Crypto Exploit to Airport Arrest: How the $190M Nomad Bridge Hacker’s Escape Plan Failed appeared first on CoinCentral.

• Alex Mashinsky, former Celsius CEO, faces sentencing on May 8 after pleading guilty to fraud charges
• The DOJ requests a 20-year sentence while his lawyers argue for 366 days
• Mashinsky earned $48 million by selling CEL tokens before Celsius collapsed in 2022
• Hundreds of victims submitted impact statements detailing financial losses
• Celsius paid $2.53 billion to 251,000 creditors in August 2024 as part of bankruptcy proceedings

Alex Mashinsky, the founder and former CEO of bankrupt crypto lending platform Celsius, is scheduled to face sentencing on May 8 for his role in misleading users and manipulating the price of the platform’s token. The case has drawn widespread attention in the crypto community as users debate the appropriate punishment for his actions.

The US Department of Justice has requested Mashinsky receive at least 20 years behind bars. This lengthy sentence would make the 59-year-old 79 by the time of release if he serves the full term.

Mashinsky’s legal team has strongly opposed this recommendation. In a May 5 reply memorandum filed in a New York district court, his lawyers argued he should receive no more than 366 days in prison.

They claim the DOJ hasn’t properly considered his status as a nonviolent first-time offender with a previously clean 30-year business record. The defense characterized the government’s submission as “venom-laced” and accused prosecutors of recasting Mashinsky as “a predator with an intent to target victims.”

As part of a plea agreement reached in December 2024, Mashinsky admitted guilt to two out of seven original charges. He pleaded guilty to commodities fraud and manipulating the price of CEL, Celsius’s native token.

Prosecutors have stated that Mashinsky earned $48 million by selling his holdings before Celsius collapsed in June 2022. The company would later file for Chapter 11 bankruptcy on July 13, 2022, owing $4.7 billion to creditors.

Victim Impact

The human cost of the Celsius collapse has been documented in hundreds of victim statements filed with the court. On April 23, US federal prosecutors submitted statements from victims who lost money when the platform failed.

Many detailed how they had entrusted their life savings to the protocol. They had believed Mashinsky’s assurances that their funds were safe.

The statements reveal mixed opinions on appropriate sentencing. While most called for harsh punishment, at least one suggested clemency for the former CEO.

“Many of the people who participated in this fraud, benefited from this fraud, and potentially orchestrated this fraud will get away with zero legal consequences,” said Daniel Frishberg in his April 24 statement. “Please do not allow Mr. Mashinsky to be one of those people. Please throw the book at him.”

In contrast, Artur Abreu wrote that “despite his mistakes, Mr. Mashinsky was, at times, the more conservative voice in an industry overflowing with unchecked greed.”

The Aftermath

In November 2023, a US bankruptcy court approved Celsius’ restructuring plan to repay customers. As part of this process, $2.53 billion was paid to 251,000 creditors in August 2024.

The Celsius case follows other high-profile crypto fraud sentences. Former FTX CEO Sam Bankman-Fried received a 25-year sentence in March 2024 for his role in that exchange’s collapse.

Mashinsky’s sentencing will be one of the first major crypto cases handled in the district since Jay Clayton became interim US Attorney for the Southern District of New York. Clayton, a former SEC chair and Trump appointee, has previously shown support for crypto on many issues.

Roni Cohen-Pavon, former Celsius chief revenue officer, also pleaded guilty to similar charges in September 2023. His December 11 sentencing has been delayed until after Mashinsky is sentenced.

The May 8 sentencing will conclude a case that has become emblematic of the challenges and controversies within the cryptocurrency lending sector.

The post “Death-in-Prison Sentence”: Celsius Founder Fights 20-Year Fraud Punishment appeared first on CoinCentral.