FBI Arrests Cybercriminal Trio Over $243M Social Engineering Scam

An extensive investigation has revealed how three cybercriminals—Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) orchestrated a highly sophisticated social engineering attack, successfully stealing $243 million from a single individual in August 2024.

The complex operation, which required intricate manipulation and the use of multiple tools, was successfully dismantled as a result of ongoing efforts. This led to the apprehension of several individuals and the freezing of millions of dollars in assets.

Social Engineering Incident Analysis Report

On August 19, 2024, the attackers executed a series of coordinated actions to target a creditor from the Genesis platform. The methodical approach included the following steps

Google Support Impersonation: The attackers used a spoofed number to pose as Google Support, gaining access to the victim’s accounts.

Gemini Support Scam: Shortly afterward, they impersonated Gemini Exchange support, convincing the victim that their account was compromised.

2FA Reset: Through sophisticated social engineering, they persuaded the victim to reset two-factor authentication (2FA) and transfer Gemini funds into a compromised wallet.

Screen Sharing Exploit: By utilizing AnyDesk, the criminals obtained the victim’s private keys from their Bitcoin core wallet, seizing control of significant assets.

Stolen Funds Breakdown:

Numerous significant transactions took place during the incident. The primary misappropriations comprise:

59.34 BTC on August 19, 2024, at 1:48 am UTC (Transaction Hash: e747b963a463334c164b0a8fff844f73693272bb2b331adbe2147d70ec196360)

14.88 BTC shortly after at 2:30 am UTC (Transaction Hash: 7c7ebed785f0b4d4335d559b14b8215862fbe29db329e3ee0f2a7e64a16ce9e3)

4064 BTC at 4:05 am UTC (Transaction Hash: 4b277ba298830ea538086114803b9487558bb093b5083e383e94db687fbe9090)

Following the initial theft, the funds were swiftly divided and distributed among various parties, subsequently being transferred to over 15 exchanges for laundering. The funds moved between cryptocurrencies like Bitcoin, Litecoin, Ethereum, and Monero in rapid succession.

Identification and Arrests

Wiz (Veer Chetal) accidentally revealed his real name during a screen-sharing session. Chat records further confirmed his involvement, as his accomplices mentioned him by name. The report indicates that he possesses a wallet with $34.5M in funds (0x3c7a5f2795e73d2b94a9120a643f608cfc45c935), and his associate, Light/Dark (Aakaash), was linked to additional laundering activities using eXch and Thorswap.

Greavys (Malone Iam), who flaunted the stolen funds by purchasing luxury cars and clubbing in Los Angeles and Miami, had $3.5M tied to his name (0x21d7d256be564191a43553e574c06a4d0e629767). Social media posts from friends helped locate him.

Box (Jeandiel Serrano) played a key role as the fake Gemini representative and used consistent profiles across Discord and Telegram. His wallet contained $18M (0x98b0811e2cc7530380caf1a17440b18f71f51f4e).

Further Investigations and Fund Recovery:

Zachxbt collaborated with CFInvestigators, zeroshadow_io, and the Binance Security Team to freeze over $9M of the stolen assets. We have successfully recovered and returned $500K to the victim.

Furthermore, we have flagged several transactions linked to luxury goods brokers and identified additional laundering patterns when both Wiz and Box inadvertently linked laundered funds to their primary addresses.