US Law Enforcement Actions Targeting Crypto-Enabled Crime and Illicit Marketplaces
US authorities reported multiple enforcement actions tied to crypto-enabled crime. In the Empire Market case, prosecutors said co-creators Raheim Hamilton and Thomas Pavey designed the dark web marketplace to help users evade law enforcement and launder proceeds; the market allegedly facilitated about $430M in transactions (drugs, stolen payment data, counterfeit currency) before disappearing in 2020 in what investigators described as an exit scam that stole an estimated $30M in bitcoin. Hamilton pleaded guilty to federal drug conspiracy charges and agreed to forfeit roughly 1,230 BTC plus 24.4 ETH and real estate; Pavey previously pleaded guilty and agreed to forfeit about 1,584 BTC and other assets.
Separately, reporting highlighted alleged misuse and laundering of digital assets in other contexts. On-chain investigator ZachXBT traced movements from wallets associated with US-seized crypto (held under U.S. Marshals Service custodianship) to wallets allegedly linked to John Daghita, the son of a federal contractor executive, with claims of roughly $23M in diverted cryptocurrency and another wallet holding about $36M in Ethereum; ZachXBT said he alerted the U.S. Marshals Service. In another DOJ case, Jingliang Su (a Chinese national) was sentenced to 46 months for laundering proceeds from a cryptocurrency investment fraud that authorities said victimized 174 people for $36.9M, using social engineering via social media/dating platforms and counterfeit trading sites, with $26.9M restitution ordered and multiple US agencies involved in tracing funds and dismantling the network.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
USMS investigates suspected diversion of seized cryptocurrency
On-chain investigator ZachXBT reported suspicious transfers from wallets tied to cryptocurrency seized in 2024–2025 and allegedly held under a U.S. Marshals Service custodial contract. A USMS spokesperson said an investigation is underway, though no official theft confirmation had been issued.
Raheim Hamilton pleads guilty in Empire Market case
Raheim Hamilton pleaded guilty in Chicago federal court in the week of the report to federal drug conspiracy charges related to Empire Market. With his plea, both men accused of co-creating and operating the marketplace had admitted guilt.
Chinese national sentenced in $36.9 million crypto fraud case
Jingliang Su was sentenced to 46 months in prison for participating in a $36.9 million cryptocurrency fraud scheme that defrauded 174 Americans. Prosecutors said the scam used fake investment platforms and laundered proceeds through U.S. shell companies, offshore accounts, and Tether transfers back to Cambodia.
Thomas Pavey pleads guilty in Empire Market case
Thomas Pavey pleaded guilty in January 2025 to federal drug conspiracy charges tied to the operation of the dark web marketplace Empire Market. Prosecutors said he helped design and run the platform to evade law enforcement and launder criminal proceeds.
Empire Market exits and allegedly steals $30 million in bitcoin
Empire Market abruptly disappeared in summer 2020, and authorities allege its operators stole an estimated $30 million in bitcoin from users in an exit scam. The marketplace had facilitated illicit sales including drugs, counterfeit currency, and stolen card data.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
4 references tracked. Mallory keeps watching after this page renders.
Chinese national sentenced in $36.9 million crypto scam | SC Media
scworld.com
Open sourceFeds get second guilty plea in takedown of dark web Empire Market | The Record from Recorded Future News
therecord.media
Open sourceThe $40M Insider Heist: Son of Federal Contractor Investigated for Seized Crypto Theft
securityonline.info
Open sourceChinese National Jailed to 46 Months for Laundering Millions of Dollars Stolen from American Investors
cybersecuritynews.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
U.S. Sentences Crypto Scam Launderers in Multimillion-Dollar Fraud Network
U.S. prosecutors and courts advanced multiple cases tied to large-scale cryptocurrency fraud and laundering operations that targeted American victims through fake trading platforms and social-engineering lures. In one California case, **Jingliang Su**, a Chinese national, was sentenced to 46 months in prison after admitting he helped launder more than **$36.9 million** stolen from 174 victims by a scam network operating from Cambodia; the court also ordered more than **$26.8 million** in restitution. Authorities said the fraud used unsolicited messages, calls, texts, dating platforms, and bogus crypto-investment websites to persuade victims to transfer funds, which were then routed through U.S. shell companies, bank accounts, Deltec Bank in the Bahamas, and **Tether (`USDT`) wallets** controlled abroad. In a related prosecution, **Daren Li**, a dual citizen of China and St. Kitts and Nevis, pleaded guilty to conspiracy to commit money laundering after authorities said he and co-conspirators moved more than **$73 million** in victim proceeds through shell companies, U.S. financial accounts, wire transfers, and conversion into `USDT`; he was later sentenced to **20 years in federal prison**. The cases form part of a broader Justice Department crackdown on transnational crypto-enabled investment scams and money-laundering networks, with officials reporting that multiple co-conspirators have pleaded guilty and that the U.S. Secret Service played a central investigative role.
May 25, 2026
Law enforcement actions against darknet marketplaces and cybercrime forums
US and international law enforcement continued disrupting illicit online marketplaces and forums used to trade **ransomware services, malware, stolen data, and drugs**. The FBI seized the dark web and clear web domains for **RAMP**, a long-running, predominantly Russian-language cybercrime forum that marketed itself as the “only place ransomware allowed,” and which hosted vetted users, tutorials, and a marketplace for malware and criminal services; the seizure was coordinated with the US Attorney’s Office for the Southern District of Florida and DOJ’s Computer Crime and Intellectual Property Section. Separately, US prosecutors announced guilty pleas tied to major darknet markets that also sold **cybercrime tools and stolen information** alongside narcotics. A Virginia man, **Raheim Hamilton** (aka `Sydney`/`ZeroAngel`), co-creator of **Empire Market**, pleaded guilty to federal drug conspiracy charges related to facilitating roughly **$430M** in transactions (2018–2020) and designing the market to evade law enforcement using cryptocurrency. A Slovakian national, **Alan Bill** (aka `Vend0r`/`KingdomOfficial`), pleaded guilty for helping operate **Kingdom Market** (2021–2023), which authorities previously seized in December 2023; investigators linked him to the operation after his arrest with devices and a crypto hardware wallet allegedly containing evidence tying him to the marketplace.
Mar 21, 2026
Major Cryptocurrency-Related Cybercrime Prosecutions and Asset Seizures
Law enforcement agencies in multiple countries have made significant progress in prosecuting individuals and groups involved in large-scale cryptocurrency-related cybercrimes. In the United States, a California man pleaded guilty to laundering at least $25 million as part of a group that stole $230 million in cryptocurrency through social engineering and account takeovers. The group, composed of young adults from several states and abroad, used various tactics to compromise victims' crypto accounts and launder the proceeds, with several members facing charges including wire fraud, racketeering, and money laundering. In the United Kingdom, prosecutors secured a civil recovery order to seize over £4.11 million ($5.39 million) in crypto assets from Joseph James O'Connor, who was convicted for his role in the 2020 Twitter mega-hack. O'Connor and his associates used SIM-swapping and social engineering to hijack high-profile Twitter accounts, soliciting Bitcoin from followers and amassing illicit gains. These actions demonstrate the increasing effectiveness of international law enforcement in tracing, prosecuting, and recovering assets from cybercriminals who exploit cryptocurrency for large-scale fraud and theft.
Mar 21, 2026