theft

According to the "Procuratorial Daily," Lin, Zeng, and Dai conspired to use virtual currency trading as a pretext. During the trading process, they secretly filmed the victim's digital wallet private key and, after the virtual currency was credited, secretly logged into the victim's wallet to reverse the transaction, transferring the related virtual currency back to their controlled accounts. The three committed the crime three times, causing the victim a total economic loss of 660,000 yuan.The first-instance court held that in the absence of a clear judicial interpretation regarding the valuation method of virtual currency and sentencing standards, it was inappropriate to directly determine the amount involved as particularly huge based on the victim's purchase amount of 660,000 yuan. Therefore, they sentenced the three based on "other serious circumstances," imposing prison terms ranging from eight years to five years and six months, along with fines. The Hanyang District Procuratorate of Wuhan City in Hubei Province subsequently filed an appeal, which was supported by the Wuhan City Procuratorate.The prosecution argued that the first-instance court applied the law incorrectly and imposed an excessively light sentence. Prosecutor Dai Wentao of the Wuhan City Procuratorate stated that in the case where the victim had a clear loss amount to refer to, it was contradictory and legally erroneous to claim that the value of virtual currency could not be determined. In judicial practice, using the resale price and transaction price as the basis for determining the amount of theft has become mainstream, and determining the value of virtual currency based on the actual cost paid by the victim has factual, legal, and practical basis.The Intermediate Court of Wuhan accepted the prosecution's opinion in the second instance, revoked the corresponding content of the original judgment, and changed the determination of the theft amount to particularly huge. It sentenced the principal offender Lin to ten years and six months in prison for theft, and sentenced the accomplices Zeng and Dai to eight years in prison each, along with fines.

According to Jinshi reports, Russian President Putin stated that the "theft" of Russian assets has affected the US dollar and the euro.

According to Fortune, California cryptocurrency executive Adam Iza admitted on Monday to orchestrating a failed kidnapping attempt against the parents of Veer Chetal.The case is related to the $245 million Bitcoin theft that Veer Chetal was previously involved in. 25-year-old Adam Iza, also known as Ahmed Faiq, previously ran the cryptocurrency trading company Zort and referred to himself as the "Godfather." Veer Chetal and two others involved impersonated Google and cryptocurrency exchange technical support personnel to steal 4,100 Bitcoins from a Washington resident, which was worth approximately $245 million at the time.Adam Iza and his accomplices attempted to obtain part of the stolen funds by kidnapping Veer Chetal's parents. Additionally, Adam Iza admitted to stealing over $37 million by fraudulently accessing Meta's business manager accounts and credit lines between 2020 and 2022. Federal prosecutors are seeking at least 14 years of imprisonment during his sentencing.

According to Shandong Legal News, a Bitcoin theft case prosecuted by the Li Cang District Prosecutor's Office in Qingdao has been sentenced. The defendant, Zhang, was sentenced to 10 years and 9 months in prison for theft and fined 100,000 yuan.In the early hours of a certain day in 2024, the virtual currency wallet of the victim, Feng, was quietly accessed, and 107 Bitcoins were transferred, equivalent to over 22.54 million yuan at the market price on that day. It was found that Feng had entrusted an acquaintance, Zhang, to assist with the operation. During the process of registering the wallet on behalf of Feng, Zhang obtained the mnemonic phrase, and after multiple attempts in the early morning, he cracked the wallet and transferred the Bitcoins. After being apprehended, Zhang claimed that his actions were a "protective takeover" to prevent the Bitcoins from being stolen by others. The prosecution traced the funds and found that the stolen Bitcoins were transferred multiple times and exchanged for over 660,000 yuan, exposing his lies.The prosecution determined that Bitcoin has economic value and exclusive control, meeting the core characteristics of "property" in criminal law, and can be the object of theft. The actual proceeds from the sale of the stolen Bitcoins, amounting to over 660,000 yuan, were used as the basis for the theft amount. After the defendant appealed, in November 2025, the Qingdao Intermediate People's Court ruled to dismiss the appeal and upheld the original sentence. This case is a typical example of Qingdao's legal punishment of crimes in the virtual currency field, clearly conveying the judicial stance: activities related to virtual currency must be conducted within the legal framework, and stealing others' virtual property also constitutes a crime.

Blockchain security company CertiK's latest data shows that in May 2026, losses in the crypto industry due to hacking, exploitation of vulnerabilities, and fraud amounted to approximately $68.3 million, a decrease of nearly 90% compared to over $650 million in losses in April, making it the third month this year with losses below $100 million.CertiK stated that approximately $2.6 million in losses during May came from phishing attacks. In contrast, in April, significant attacks on Drift Protocol and KelpDAO's infrastructure resulted in losses of approximately $285 million and $292 million, respectively, with these two incidents accounting for about 95% of the total losses for that month, making April one of the worst months for losses since March 2022.Despite the reduction in large-scale attacks at the protocol level, CertiK warns that risks such as phishing attacks, social engineering scams, deepfakes, and credential leaks continue to grow. Researchers point out that an increasing number of attackers are targeting employees, operational systems

Recently, the People's Procuratorate of Licang District, Qingdao City, Shandong Province, China, handled a Bitcoin theft case. The defendant, Zhang, obtained the mnemonic phrase while assisting an acquaintance in registering a virtual currency wallet, and later transferred 107 BTC in multiple transactions, equivalent to over 50 million yuan at current market prices. Zhang argued that his actions were a "protective takeover," but the prosecution found that he transferred the stolen BTC through multiple trading platforms and exchanged it for over 660,000 yuan. The Licang District Court sentenced Zhang to 10 years and 9 months in prison for theft and imposed a fine of 100,000 yuan; the second instance upheld the original judgment.Reports indicate that the prosecutor handling the case strictly adhered to laws and judicial policies, and after in-depth analysis, concluded that although China's regulatory policies deny the legal currency status of virtual currencies, they do not negate their property attributes, nor do they prohibit citizens from legally holding and circulating them. Bitcoin requires investment in computing power, funds, and other costs to acquire, which gives it economic value; rights holders can achieve exclusive control and management through private keys and mnemonic phrases, aligning with the core characteristics of "property" in criminal law, making it a target for theft. In determining the amount, since virtual currencies have no official pricing, the Licang District Procuratorate discarded market price estimates and used the actual proceeds from the crime of over 660,000 yuan as the amount for theft, ensuring accurate conviction, appropriate sentencing, and unity of guilt and punishment.

On-chain security analysis account Eye stated that the BNB Chain project launch platform DxSale is suspected of exploiting a hidden backdoor to siphon off funds from an old liquidity pool locked in 2021, involving over 1,400 LPs and an amount of approximately $7.3 million. The analysis indicates that this attack includes operations such as "silent ownership transfer" and over 80 wallet hops.After the LP was drained, the attack address received over 1,200 BNB (approximately $763,000), with the funds believed to come directly from multiple stolen LP pools. More concerning is that this address had previously been dormant for a long time but has a direct on-chain association with a wallet marked as related to the DxSale team; this address is also one of the important funding inflow addresses for the DxSale smart contract.Subsequently, the attack address transferred about 3,400 BNB (approximately $1.2 million) to multiple wallets and completed the fund transfer through several Binance deposit addresses. Eye stated that if the related accusations are true, it implies that the DxSale team may have reserved a backdoor for the platform years ago and ultimately carried out the attack themselves. They also called for Binance to freeze the related funds, believing that these assets essentially belong to the project investors who had previously financed through DxSale. DxSale was one of the most well-known launchpads and LP locking infrastructure on the BNB Chain, with projects like SAFEMOON having used its services.

A man in Florida, USA, was arrested for allegedly stealing approximately $1.9 million worth of Bitcoin by using the mnemonic phrase of his former employer's hardware wallet. Police stated that the unauthorized transfer of the stolen funds occurred in 2020, when the suspect still had access to critical security information.

Security company Socket Security disclosed that a cryptocurrency theft operation named TrapDoor is launching active supply chain attacks in package repositories such as npm, PyPI, and Crates.io. A total of 34 malicious packages and 384 versions and components have been identified, with attackers continuously pushing new versions across various ecosystems.TrapDoor primarily targets developers in the cryptocurrency, DeFi, AI, and security fields, stealing wallets, SSH keys, cloud credentials, GitHub tokens, browser data, environment variables, and API keys. Socket detected that the median detection time for malicious versions was 5 minutes and 27 seconds, with the fastest detection occurring 58 seconds after release.

According to GoPlus analysis, the stablecoin protocol StablR had security issues with its multi-signature contract settings on Ethereum (multi-signature threshold of 1), and the holder's private key was stolen, resulting in StablR $EURR and $USDR stablecoins being depegged by 20%. The attacker has profited approximately $2.8 million.

The Fuzhou City Cangshan District People's Procuratorate disclosed that a man was sentenced to 12 years and 7 months in prison for theft after stealing 4 Bitcoins from others and illegally profiting about 900,000 yuan, with a fine of 300,000 yuan. The second instance upheld the original verdict.The case shows that at the end of 2020, Wang entrusted Lin to assist in cashing out the Bitcoins he held. During the process of accessing Wang's Bitcoin wallet hard drive and computer, Lin stole the wallet's "private key" and related data, transferring 4 Bitcoins into his own name, and subsequently sold them for profit. In 2024, after Wang discovered abnormal asset activity, he reported it to the police, and Lin was subsequently arrested.The procuratorial authority stated that although current regulations clearly indicate that virtual currencies do not have the status of legal tender, Bitcoins possess value, manageability, and transferability, meeting the general characteristics of "property" in criminal law, and are subject to property crime. Relevant infringement actions will also be held criminally accountable.

Slow Fog's Yu Xian posted on the X platform stating that the reason for the Verus theft may be that the attacker constructed a forged Merkle proof, which passed the verification of the Verus Ethereum bridge (not open source), thus successfully withdrawing funds (ETH/tBTC/USDC). Specific details need to be further verified.

"On-chain detective" ZachXBT stated that the hacker "Dritan Kapplani Jr" transferred approximately $2.59 million in assets, including 1.99 million DAI and 259 ETH. The related funds were transferred from address 0x4487...bba6 to address 0x67ec...125d, and the stolen funds are currently in a stagnant state.ZachXBT indicated that it released an investigation report on May 12, detailing the connections between Dritan Kapplani Jr and Trenton (Trent) Johnson in a social engineering theft case involving 185 bitcoins (approximately $13 million).

Web3 security company CertiK has released the "Skynet North Korea Cyber Threat Report." The data shows that since 2016, North Korean hacker groups have plundered approximately $6.75 billion in digital assets. In 2025 alone, the losses from thefts they orchestrated reached as high as $2.06 billion, accounting for nearly 60% of the total losses in the global cryptocurrency industry for the entire year (including the $1.5 billion Bybit theft case). As of early 2026, this threat trend continues, with losses accounting for about 55%.The report emphasizes that the attack patterns of North Korean hackers have undergone a fundamental shift, evolving from simple code vulnerability exploitation to a national-level attack system that combines social engineering, deep supply chain attacks, and "physical infiltration." In the recent Drift protocol incident, attackers even spent six months lurking at offline industry conferences, establishing trust through real funds and interpersonal interactions before executing their attack.CertiK security experts warn that in the face of such systemic attacks, simple technical defenses have become weak. Cryptocurrency institutions urgently need to fully implement a "zero trust" hiring model, strengthen third-party supply chains, establish fund circuit breaker mechanisms, and collaborate with professional security organizations to build a comprehensive lifecycle defense system covering code audits, round-the-clock risk monitoring, and on-chain anti-money laundering/KYT (Know Your Transaction) fund tracking.

On-chain detective ZachXBT exposed American threat actor Dritan Kapllani Jr, claiming he is suspected of participating in a social engineering theft targeting crypto users, totaling approximately $19 million. ZachXBT stated that Dritan has long flaunted luxury cars, high-end watches, private jets, and nightlife on social media. On April 23, 2026, during a "Band 4 Band (B4B)" voice chat on Discord, he publicly displayed an Exodus wallet containing $3.68 million in assets to prove he was wealthier than another hacker.The relevant ETH address is: 0x4487db847db2fc99372a985743a26f46e0b2bba6. ZachXBT tracked and found that this address is linked to a social engineering theft case involving 185 BTC (approximately $13 million) on March 14, 2026. The next day, Dritan's Exodus wallet received about $5.3 million of those funds. By the time of the B4B call six weeks later, about $1.6 million had been spent or laundered.On May 11, the U.S. Justice Department unsealed a criminal indictment against Trenton Johnson, who is accused of participating in the aforementioned 185 BTC theft case and could face up to 40 years in prison. "Coconspirator 1" in the indictment is alleged to be Dritan, who has not yet been formally charged. ZachXBT also pointed out that Dritan is connected to hacker John Daghita (Lick), who was previously arrested for stealing $46 million from the U.S. government, and John had exposed Dritan's old wallet address on Telegram.On-chain analysis shows that this address is related to multiple high-confidence social engineering theft cases in 2025, with a total amount involved exceeding $5.85 million. ZachXBT stated that Dritan has been active in "The Com" hacker circle for a long time and had previously not faced formal charges due to his minor status. He is now over 18 years old, and "the borrowed time may finally be over."

According to Cointelegraph, Coinbase has been sued in a federal court in California, with the case involving frozen funds related to a $55 million DAI phishing theft.The plaintiffs claim that a portion of the traceable stolen funds flowed into Coinbase retail user accounts after being mixed through Tornado Cash and are currently still frozen; Coinbase stated that the assets can only be released after a court ruling on ownership.The lawsuit also states that the theft is related to the malicious wallet theft platform Inferno Drainer, and the victims had commissioned Zero Shadow and Five Stones Intelligence to track the flow of funds.

According to The Block, North Korea has denied allegations of its involvement in cryptocurrency theft, calling the claims "absurd defamation" and a "political tool." The statement was released by state media, emphasizing that necessary measures will be taken to safeguard national interests.However, data from blockchain analysis firm TRM Labs shows that hacker groups associated with North Korea have stolen approximately $577 million, accounting for about 76% of global cryptocurrency theft losses during the same period. This includes two major attack incidents on KelpDAO (approximately $292 million) and Drift Protocol (approximately $285 million).TRM pointed out that the related attacks are mainly associated with the Lazarus Group and its sub-organizations. Since 2017, the cumulative scale of cryptocurrency theft linked to North Korea has exceeded $6 billion. U.S. and international agencies generally believe that such funds are used to support military and missile programs. Meanwhile, the U.S. Treasury has recently imposed sanctions on related individuals and entities, involving approximately $800 million in illegal fund flows for 2024.

Police officer Guo Tingyu from the Cybersecurity Division of the Qingshan Branch of the Wuhan Public Security Bureau participated in the investigation of Hubei's first virtual currency theft case. By tracking the flow of funds and analyzing the code of fake wallets, he identified and dismantled a cryptocurrency theft gang involved in over 100 million yuan in illicit funds, with all five suspects arrested.The gang induced users to download a counterfeit virtual currency wallet app to steal coins, with a total download count of over ten thousand. Guo Tingyu also participated in the investigation of multiple virtual currency-related criminal cases.

According to the U.S. Department of Justice, 22-year-old Evan Tangeman from Newport Beach, California, was sentenced to 70 months in prison and 3 years of supervised release by a federal court in Washington, D.C. for his involvement in an interstate social engineering crime group that assisted in laundering at least $3.5 million.The crime group has been operating since October 2023, stealing over $263 million in cryptocurrency through hacking, social engineering, and other means. Most members are unemployed youths, either minors or under 20 years old, originating from online gaming platforms. Tangeman was responsible for converting the stolen cryptocurrency into fiat currency and leasing luxury homes for group members in places like Los Angeles and Miami, and he also received luxury cars such as Bentleys and Lamborghinis as payment. After the incident, Tangeman instructed his accomplices to destroy digital devices to eliminate evidence. The case is being jointly investigated by the FBI's Washington, Los Angeles, and Miami field offices along with the IRS Criminal Investigation Division, and so far, 9 individuals involved have pleaded guilty.