How a 21-year-old managed to steal $37 million in crypto


A recently released court document provides more details on how 21-year-old Evan Frederick Light became involved in a cyber intrusion targeting a US investment company, resulting in the theft of over $37 million in cryptocurrency from nearly 600 victims.

Light pleaded guilty and now faces up to 20 years in prison and/or a fine.

In the court document, Light stated that he and unidentified accomplices stole personally identifiable information (PII) from customers of the undisclosed investment company based in Sioux Falls, South Dakota, and used this information to steal the funds.

ADVERTISEMENT

According to Light, the group gained access to the company’s servers by impersonating a legitimate client. Once inside, they exfiltrated the PII of hundreds of other clients and used the data to steal assets held by the investment company.

Light also revealed that the stolen funds were funneled through various channels worldwide, including multiple mixing services and gambling websites, in an attempt to conceal the thieves' identities and launder the money. After several transactions, the funds eventually ended up in Light's cold wallet.

"Along with one or more individual(s), I helped plan and execute this scheme to enrich myself; I was successful, with the help of one or more individual(s), in planning and executing the scheme to steal from hundreds of individuals," Light admitted.

Meanwhile, law enforcement used this case to reaffirm its commitment to pursuing cybercriminals.

"The FBI will continue to work alongside our partners to ensure that those who exploit technology for financial gain are held accountable, no matter how complex or far-reaching their schemes may be," said Special Agent in Charge Alvin M. Winston Sr. of the FBI's Minneapolis field office.