California Man Sentenced for Laundering Millions From Social-Engineering Crypto Heists
Evan Tangeman, a 22-year-old from Newport Beach, California, was sentenced to 70 months in prison after pleading guilty to a RICO conspiracy tied to a cybercriminal network that stole roughly $230 million to $260 million in cryptocurrency from victims. Prosecutors said Tangeman laundered at least $3.5 million between October 2023 and May 2025 for the group, which allegedly stole more than 4,100 Bitcoin from a Washington, D.C., victim in August 2024 and used the proceeds to fund luxury homes, private jets, high-end vehicles, private security, and other lavish purchases.
Authorities said the organization, identified by law enforcement as the Social Engineering Enterprise, targeted wealthy cryptocurrency holders using stolen and dark-web-sourced data, spoofed phone numbers, impersonation of Google and Gemini support staff, and remote-access tools including AnyDesk to obtain Bitcoin Core private keys. Investigators alleged the group then obscured the proceeds through mixers, exchanges, peel chains, pass-through wallets, and VPNs, while Tangeman also helped rent properties under false identities and destroy devices after arrests of key members. Another alleged launderer, Kunal Mehta, has also pleaded guilty and is awaiting sentencing.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
10 events from the most recent confirmed update back to the earliest known activity.
Marlon Ferro sentenced for role in $250 million crypto theft scheme
On 2026-05-07, Marlon Ferro, also known as “GothFerrari,” was sentenced to 78 months in prison for participating in the cryptocurrency theft network. Prosecutors said he acted as a money launderer and carried out home burglaries to steal hardware wallets when remote fraud or hacking attempts failed; he was also ordered to pay $2.5 million in restitution.
Evan Tangeman sentenced to 70 months in prison
On April 27, 2026, Tangeman was sentenced to 70 months in prison for laundering funds tied to the cryptocurrency theft enterprise. The sentence followed his guilty plea and admissions about helping conceal and spend stolen proceeds.
Tangeman pleads guilty to RICO conspiracy
Evan Tangeman pleaded guilty in December 2025 to RICO conspiracy charges connected to laundering proceeds from the cryptocurrency theft enterprise. He admitted laundering at least $3.5 million in stolen cryptocurrency.
Kunal Mehta pleads guilty in related case
Another alleged money launderer, Kunal Mehta, pleaded guilty in November 2025 in the same broader case. He was reported to be awaiting sentencing.
Tangeman's laundering activity period ends
Prosecutors said Tangeman's admitted laundering conduct continued through May 2025. His role included helping conceal operations and arranging luxury home purchases and rentals under false identities.
U.S. charges 14 suspects in RICO conspiracy
Authorities charged 14 suspects across September 2024 and May 2025 in a RICO conspiracy tied to the cryptocurrency theft and laundering scheme. Prosecutors alleged the network stole roughly $230 million to $260 million in cryptocurrency from victims.
Authorities arrest several enterprise leaders
According to prosecutors, several leaders of the organization were arrested in 2024. After those arrests, Tangeman allegedly ordered the destruction of devices and other evidence.
Victim loses more than 4,100 Bitcoin in social-engineering theft
In August 2024, the group allegedly stole more than 4,100 Bitcoin from a Washington, D.C., victim. Authorities said the theft involved spoofed phone numbers, impersonation of Google and Gemini support, and AnyDesk access to obtain Bitcoin Core private keys.
Tangeman launders millions for the crypto theft enterprise
Between October 2023 and May 2025, Evan Tangeman allegedly helped launder at least $3.5 million for the criminal enterprise. Prosecutors said the group used mixers, exchanges, peel chains, pass-through wallets, and VPNs to conceal proceeds.
Social Engineering Enterprise forms to target crypto holders
Prosecutors said the criminal organization later dubbed the Social Engineering Enterprise was formed in 2023 by Malone Lam in Singapore. The group allegedly used stolen and dark-web-purchased databases to identify wealthy cryptocurrency holders for theft and fraud.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
California man sentenced to over 6 years for role in $250 million cryptocurrency heist | brief | SC Media
scworld.com
Open source$250 million cryptocurrency heist funded luxury fashion, nightclub parties, and private jets - Help Net Security
helpnetsecurity.com
Open sourceCalifornia man sentenced to 70 months for laundering $3.5 million in crypto heist | brief | SC Media
scworld.com
Open sourceMoney launderer linked to $230M crypto heist gets 70 months in prison
bleepingcomputer.com
Open sourceMoney launderer for crypto thieves given 5-year sentence | The Record from Recorded Future News
therecord.media
Open sourceDistrict of Columbia | Indictment Charges Two in $230 Million Cryptocurrency Scam | United States Department of Justice
justice.gov
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
U.S. Sentences Crypto Scam Launderers in Multimillion-Dollar Fraud Network
U.S. prosecutors and courts advanced multiple cases tied to large-scale cryptocurrency fraud and laundering operations that targeted American victims through fake trading platforms and social-engineering lures. In one California case, **Jingliang Su**, a Chinese national, was sentenced to 46 months in prison after admitting he helped launder more than **$36.9 million** stolen from 174 victims by a scam network operating from Cambodia; the court also ordered more than **$26.8 million** in restitution. Authorities said the fraud used unsolicited messages, calls, texts, dating platforms, and bogus crypto-investment websites to persuade victims to transfer funds, which were then routed through U.S. shell companies, bank accounts, Deltec Bank in the Bahamas, and **Tether (`USDT`) wallets** controlled abroad. In a related prosecution, **Daren Li**, a dual citizen of China and St. Kitts and Nevis, pleaded guilty to conspiracy to commit money laundering after authorities said he and co-conspirators moved more than **$73 million** in victim proceeds through shell companies, U.S. financial accounts, wire transfers, and conversion into `USDT`; he was later sentenced to **20 years in federal prison**. The cases form part of a broader Justice Department crackdown on transnational crypto-enabled investment scams and money-laundering networks, with officials reporting that multiple co-conspirators have pleaded guilty and that the U.S. Secret Service played a central investigative role.
May 25, 2026
US Law Enforcement Actions Targeting Crypto-Enabled Crime and Illicit Marketplaces
US authorities reported multiple enforcement actions tied to **crypto-enabled crime**. In the Empire Market case, prosecutors said co-creators **Raheim Hamilton** and **Thomas Pavey** designed the dark web marketplace to help users evade law enforcement and launder proceeds; the market allegedly facilitated about **$430M** in transactions (drugs, stolen payment data, counterfeit currency) before disappearing in 2020 in what investigators described as an exit scam that stole an estimated **$30M** in bitcoin. Hamilton pleaded guilty to federal drug conspiracy charges and agreed to forfeit roughly **1,230 BTC** plus **24.4 ETH** and real estate; Pavey previously pleaded guilty and agreed to forfeit about **1,584 BTC** and other assets. Separately, reporting highlighted alleged misuse and laundering of digital assets in other contexts. On-chain investigator **ZachXBT** traced movements from wallets associated with **US-seized crypto** (held under U.S. Marshals Service custodianship) to wallets allegedly linked to **John Daghita**, the son of a federal contractor executive, with claims of roughly **$23M** in diverted cryptocurrency and another wallet holding about **$36M** in Ethereum; ZachXBT said he alerted the **U.S. Marshals Service**. In another DOJ case, **Jingliang Su** (a Chinese national) was sentenced to **46 months** for laundering proceeds from a cryptocurrency investment fraud that authorities said victimized **174** people for **$36.9M**, using social engineering via social media/dating platforms and counterfeit trading sites, with **$26.9M** restitution ordered and multiple US agencies involved in tracing funds and dismantling the network.
Mar 21, 2026
Social Engineering Enterprise Cryptocurrency Theft and Prosecution
A criminal group known as the Social Engineering Enterprise orchestrated large-scale cryptocurrency thefts using social engineering tactics and physical attacks to gain access to victims' digital assets. The group targeted individuals with significant cryptocurrency holdings, either deceiving them into revealing access credentials or physically breaking into their homes to steal devices containing private keys. Law enforcement efforts have led to multiple arrests and guilty pleas, including a California man who admitted to laundering millions in stolen cryptocurrency and facilitating the group's operations by renting luxury properties for their activities. In related developments, a key participant in a $263 million social engineering ring pleaded guilty, and additional members have been indicted and arrested in various locations, including Miami and Dubai. The group's operations began in late 2023 and involved members from the United States and abroad, who coordinated attacks and laundered proceeds through real estate and other means. The ongoing investigation highlights the growing threat of organized cybercrime targeting cryptocurrency holders through both digital and physical means.
Mar 21, 2026