he multi-million dollar cryptocurrency heist that ended up as a Netflix movie
In the world of digital money, where rules are written and broken in seconds, a group of young people decided to take what seemed like just a masterstroke to the extreme. In September 2024, one of the most scandalous cases of hacking and fraud in the crypto universe shook the global community. Malon Lam, a 20-year-old from Singapore, was the protagonist of a story that blends ambition, luxury, digital security errors, and, ultimately, a resounding fall.
With only a tourist visa and a network of accomplices he knew through Discord, Lam stole 4,100 Bitcoins—about $240 million at the time—using only social engineering and a phone. But ego, a need for recognition, and a fatal oversight led them straight to prison.
Who were the protagonists of the biggest cryptocurrency theft of 2024?
Malon Lam, along with Shandil Serrano (aka Versach God ), was part of a community known as La Banda del Patio . Far from using sophisticated programming techniques, their strategy relied on emotional manipulation, identity theft, and exploiting human error.
It all started with a leaked database from the Genesis exchange, which included emails and personal data. There, they found their perfect victim: a profile named “Charlie,” with millions of dollars in cryptocurrency transactions since the early days of Bitcoin.
How did they manage to steal 4,100 Bitcoins without firing a single line of code?
Far from the cliché of “hackers typing code at full speed,” Lam and Serrano applied social engineering techniques:
- They created anxiety in the victim : they started sending multiple notifications of suspicious access to Charlie’s Google account.
- They impersonated Google support : they called him, pretending to be security technicians. Charlie, panicking, gave them his verification code.
- They accessed their personal accounts : they gained full access to Gmail and OneDrive.
- They called back as if they were from Gemini (another exchange) and convinced him to install Anydesk.
- They asked him to enter his private key on the screen , which gave them full access to his Bitcoin wallet.
Everything was executed with surgical precision… and without using a single line of malware.
What did they do with the stolen millions?
Once the loot was obtained, the period of wastefulness that would lead to their downfall began. Among their most notable expenditures:
- Mansions in Los Angeles and Miami that cost up to $68,000 a month .
- 31 luxury cars , including Ferraris, Lamborghinis and Porsches.
- Gifts to models, such as a pink Lamborghini Urus for Leila Bauer, who didn’t even accept the gift.
- Luxury trips to the Maldives, parties at exclusive clubs, and nights where they spent half a million dollars on alcohol and private shows.
The message was clear: they felt untouchable. But they were wrong.
How they tried to launder millions in cryptocurrency (and failed)
To convert stolen cryptocurrency into clean money, they used methods known among criminals in the crypto ecosystem:
- Peel chains : dividing funds into multiple small transactions.
- Mixers or Tumblers like Wasabi Wallet and Coin Join , which mix funds with other cryptocurrencies to make them difficult to trace.
- Cross-chain swaps : They went from Bitcoin to Ethereum, then to Monero, and back to Bitcoin, all without platforms requiring identity verification (KYC).
However, they made serious mistakes:
- Serrano connected without a VPN , exposing his IP address associated with the mansion he was renting.
- They mixed clean funds with washed funds , making tracking easier.
- They shared a video of the actual hack on Discord , out of pure ego.
That 90-minute clip showed the exact moment of the robbery, the voices, screens, and even real names.
The unexpected hero: a private investigator exposes them
Zac XBet, an independent blockchain forensics analyst, played a key role. After receiving automated alerts about suspicious activity on a dormant wallet, he followed the digital trail and connected the pieces. From there, he contacted the FBI, the Genesis exchange, and the victim.
Zac managed to do what many government agencies failed to do: track every step on a public network, thanks to his obsessive knowledge and the recklessness of criminals.
The end: arrests, assets seized, and millions still lost
On September 18, 2024, Serrano was arrested at Los Angeles Airport upon returning from vacation. His girlfriend alerted Lam, who tried to cover his tracks from Miami, but it was too late.
That same night, the FBI raided his luxurious home on Ibiscus Island . There they found:
- 10 luxury cars seized.
- Watches worth hundreds of thousands of dollars.
- Designer handbags.
- Digital wallets with part of the loot.
$70 million was recovered , but more than $100 million remains missing . Lam was charged with wire fraud and money laundering and faces up to 40 years in prison .
Key lessons from this case to avoid being a victim of hacking
- Never give out verification codes over the phone . Neither Google nor any other reputable service will call you to ask for them.
- Avoid installing remote access software without verifying the source .
- Enable two-step verification and keep your private keys out of digital reach .
- Learn to recognize emotional manipulation techniques used by cybercriminals .
- Be wary of any unsolicited contact, even if it seems official or urgent .
Don’t be too confident: on the Internet someone is always watching.
This case not only demonstrates that digital crime can be as lucrative as it is dangerous, but also reminds us that even in an anonymous world like cryptocurrency, digital traces always leave a mark .
Unbridled ambition, inflated egos, and a lack of planning were these criminals’ true weaknesses. And although they thought they would never be caught, digital justice eventually found them .
Don’t underestimate the power of your digital security. Review your practices today, strengthen your passwords, and stay alert. Because just like in this story, it only takes one mistake to lose everything.
