Social Engineering Enterprise Cryptocurrency Theft and Prosecution
A criminal group known as the Social Engineering Enterprise orchestrated large-scale cryptocurrency thefts using social engineering tactics and physical attacks to gain access to victims' digital assets. The group targeted individuals with significant cryptocurrency holdings, either deceiving them into revealing access credentials or physically breaking into their homes to steal devices containing private keys. Law enforcement efforts have led to multiple arrests and guilty pleas, including a California man who admitted to laundering millions in stolen cryptocurrency and facilitating the group's operations by renting luxury properties for their activities.
In related developments, a key participant in a $263 million social engineering ring pleaded guilty, and additional members have been indicted and arrested in various locations, including Miami and Dubai. The group's operations began in late 2023 and involved members from the United States and abroad, who coordinated attacks and laundered proceeds through real estate and other means. The ongoing investigation highlights the growing threat of organized cybercrime targeting cryptocurrency holders through both digital and physical means.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Evan Tangeman pleads guilty to RICO conspiracy
California resident Evan Tangeman pleaded guilty to RICO conspiracy charges for laundering money and facilitating operations for the Social Engineering Enterprise, which prosecutors say stole hundreds of millions in cryptocurrency.
DOJ indicts members of crypto theft gang
U.S. authorities indicted multiple members of the Social Engineering Enterprise for their roles in a large-scale cryptocurrency theft and laundering scheme tied to social engineering and related crimes.
Gang steals $263 million in cryptocurrency from Washington victim
Members of the Social Engineering Enterprise allegedly carried out a $263 million cryptocurrency theft from a victim in Washington, D.C. The theft was part of a broader campaign targeting wealthy holders of digital assets.
Social Engineering Enterprise activity continues until May 2025
The DOJ said the crypto theft gang continued its criminal activity through May 2025, laundering proceeds through exchanges and mixers while members spent funds on luxury goods, travel and rentals.
Social Engineering Enterprise begins crypto theft campaign
According to U.S. prosecutors, the Social Engineering Enterprise began operating in October 2023, using social engineering, hacked databases and physical burglaries to steal cryptocurrency from victims in the United States and abroad.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Cryptohack Roundup: Android Chips Hot Wallet Attack
govinfosecurity.com
Open sourceCryptohack Roundup: Android Chips Hot Wallet Attack
bankinfosecurity.com
Open sourceCalifornia man pleads guilty to RICO charges as DOJ indicts crypto theft gang
therecord.media
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Major Cryptocurrency-Related Cybercrime Prosecutions and Asset Seizures
Law enforcement agencies in multiple countries have made significant progress in prosecuting individuals and groups involved in large-scale cryptocurrency-related cybercrimes. In the United States, a California man pleaded guilty to laundering at least $25 million as part of a group that stole $230 million in cryptocurrency through social engineering and account takeovers. The group, composed of young adults from several states and abroad, used various tactics to compromise victims' crypto accounts and launder the proceeds, with several members facing charges including wire fraud, racketeering, and money laundering. In the United Kingdom, prosecutors secured a civil recovery order to seize over £4.11 million ($5.39 million) in crypto assets from Joseph James O'Connor, who was convicted for his role in the 2020 Twitter mega-hack. O'Connor and his associates used SIM-swapping and social engineering to hijack high-profile Twitter accounts, soliciting Bitcoin from followers and amassing illicit gains. These actions demonstrate the increasing effectiveness of international law enforcement in tracing, prosecuting, and recovering assets from cybercriminals who exploit cryptocurrency for large-scale fraud and theft.
Mar 21, 2026
Major International Law Enforcement Actions Against Cybercrime and Financial Fraud Networks
Law enforcement agencies across multiple countries have conducted significant operations targeting cybercriminal groups responsible for large-scale financial fraud, data breaches, and cryptocurrency theft. In Spain, police arrested a 19-year-old hacker accused of stealing and attempting to sell 64 million personal data records from nine companies, while Ukrainian authorities apprehended a separate data broker who used custom malware to compromise accounts and sell access on hacker forums. In California, a member of the so-called "Social Engineering Enterprise" pleaded guilty to laundering millions in cryptocurrency stolen through sophisticated social engineering attacks, with the group responsible for a $263 million heist and extravagant spending of the proceeds. Meanwhile, Russian police dismantled a gang that used NFCGate-based malware to steal millions from bank customers by tricking victims into installing fake banking apps and harvesting card credentials for remote theft. A major international operation led by Europol and Eurojust dismantled a €700 million cryptocurrency scam network in Europe that used deepfake videos and aggressive marketing to lure victims into fake investment schemes. The network operated numerous fraudulent platforms, laundered funds through complex channels, and was taken down in coordinated raids across several countries, resulting in arrests and the seizure of cash, cryptocurrencies, and luxury items. These actions highlight the growing sophistication of cyber-enabled financial crime and the increasing collaboration between law enforcement agencies to disrupt such operations on a global scale.
Mar 21, 2026
California Man Sentenced for Laundering Millions From Social-Engineering Crypto Heists
Evan Tangeman, a 22-year-old from Newport Beach, California, was sentenced to 70 months in prison after pleading guilty to a `RICO` conspiracy tied to a cybercriminal network that stole roughly **$230 million to $260 million** in cryptocurrency from victims. Prosecutors said Tangeman laundered at least **$3.5 million** between October 2023 and May 2025 for the group, which allegedly stole more than **4,100 Bitcoin** from a Washington, D.C., victim in August 2024 and used the proceeds to fund luxury homes, private jets, high-end vehicles, private security, and other lavish purchases. Authorities said the organization, identified by law enforcement as the **Social Engineering Enterprise**, targeted wealthy cryptocurrency holders using stolen and dark-web-sourced data, spoofed phone numbers, impersonation of Google and Gemini support staff, and remote-access tools including **AnyDesk** to obtain Bitcoin Core private keys. Investigators alleged the group then obscured the proceeds through mixers, exchanges, peel chains, pass-through wallets, and VPNs, while Tangeman also helped rent properties under false identities and destroy devices after arrests of key members. Another alleged launderer, **Kunal Mehta**, has also pleaded guilty and is awaiting sentencing.
May 8, 2026