DANBURY: A US$230mil (RM989mil) cryptocurrency scam that authorities believe is connected with a kidnapping in Connecticut involved Miami and Los Angeles men who used stolen funds to pay for luxury cars and international travel, court documents show.

The Aug 25 attack in Danbury – which resulted in the arrest of six Florida men – may have been part of an intended ransom demand connected with the victims' son's alleged involvement in the US$230mil cryptocurrency theft, according to Detective Sgt. Steven Castrovinci, who said last week that there's an ongoing federal investigation into "the crypto part" of the case.

The local couple's son has not been arrested in connection with the alleged heist involving the theft of bitcoin from a victim in Washington, DC, but two men – one from Los Angeles and the other a Singapore citizen with addresses in Miami and Los Angeles – were indicted last month.

Malone Lam, 20, and Jeandiel Serrano, 21, face conspiracy to commit wire fraud and conspiracy to launder money instruments charges stemming from the ongoing federal investigation into the scheme – through which authorities say they and unnamed co-conspirators gained access to and unlawfully transferred funds from victim cryptocurrency accounts.

According to a six-page indictment filed in US District Court in Washington, Lam and Serrano are accused of conspiring with other unnamed individuals to carry out targeted cryptocurrency thefts and launder stolen digital funds in August until at least September of this year.

The group allegedly "engaged in digital communication" with a victim in Washington, DC on Aug 18, and stole more than US$230mil worth of bitcoin from the unidentified victim's account, according to the indictment, which cites financial self-enrichment as the motive.

In addition to "numerous luxury automobiles, watches, jewellery (and) designer handbags," authorities claim Lam, Serrano and their co-conspirators used the stolen funds to pay for international travel, service at nightclubs and rental homes in Los Angeles and Miami.

A detention order filed Sept 24, in US District Court of Southern District of Florida provides further insight into the steps the group allegedly took to steal the more than US$230mil worth of bitcoin – including their decision to target the victim "because they identified him as a high net-worth investor from the early days of cryptocurrency."

The document says Lam and his co-conspirators called the victim, pretending to be Google Support Team members, and told him they needed to shut down his Google account due to a "hack attempt."

After convincing him to provide security codes to his Google account, they allegedly accessed his One Drive and Gmail account to locate his cryptocurrency assets, as well as scoured his private accounts in search of additional information.

Upon locating cryptocurrency exchange records in the victim's Google account, the conspirators allegedly agreed to have one of them call the victim, posing as a Gemini Crypto Exchange Security team member.

In doing so, the court document says "they convinced the victim that his cryptocurrency accounts had also been compromised" and to transfer about US$3mil (RM12.9mil) – described in the document as "a small portion... of his cryptocurrency" – to a crypto wallet that Lam controlled.

The group also allegedly convinced the victim to download a remote desktop connection program "for his own 'security,'" according to the court document, and the program allowed Lam to log into the victim's computer and steal more than 4,000 bitcoin.

Authorities say the stolen cryptocurrency was valued at more than US$230mil at the time of the theft.

The conspirators allegedly laundered the stolen currency through various cryptocurrency exchanges and mixers – the purpose of which, according to Lam and Serrano's federal indictment, was to conceal ownership and disguise the origin and location of the stolen funds.

Lam and his co-conspirators used online minkors to communicate via Telegram and Discord in real-time about the scheme – including to "discuss strategies to manipulate the victim into allowing access to his cryptocurrency holdings" – according to court documents.

Authorities not only had "numerous documents and photos" linking him to his Telegram handle, according to the Sept 24 detention order filed in Southern District of Florida, but he allegedly admitted to using it, as well as "committing the cryptocurrency theft with his co-conspirators and dividing up the stolen funds and laundering it through various cryptocurrency exchanges."

It is unclear where Lam or Serrano's federal cases currently stand.

Meanwhile, the six Florida men arrested in the Danbury kidnapping and assault are facing state and federal charges. Danbury police believe the men targeted the local couple because they thought their son would have access to the stolen cryptocurrency funds.

"I don't know how (the six Florida men) knew this kid had that type of money, but everything leads to them going after the parents because of what this kid was involved in," Danbury police's Castrovinci said last week. – The News-Times, Danbury, Conn./Tribune News Service