This 20-year-old committed one of the biggest p2p heists in history

In Aug 2024 he scammed someone for 4,100 $BTC ($385,4M)

I spent ~10 hours researching all the data: the info I found was shocking...

Here is how he did it and how to avoid it🧵👇

2/➮ Malone Lam is a 20-year-old Singaporean

🕷 Back in 2024, together with his accomplice, Jeandiel Serrano, they were arrested

🕷 They stole $230M in crypto from an anonymous man at that time

Let's dive in👇

4/➮ After numerous back-and-forths and manipulations of the victim, he gained access to the Google Drive

🕷 There, he found the victim’s personal information

🕷 This included details of his crypto holdings with Gemini

👇

5/➮ After that, his partner, Jeandiel, called the victim again, posing as a Gemini employee

🕷 He convinced the victim to download some software that was supposed to help protect his crypto holdings

But unfortunately...

👇

6/➮ The scammers used this software to gain access to his private keys

🕷 After that, they stole 4,100 bitcoins, which at the time were worth $230M

🕷 They then laundered the stolen funds through various crypto exchanges and mixing services

But how did they get caught?

👇

7/➮ Malone started spending insane amounts of money, attracting a lot of attention

🕷 In one of the clubs in Los Angeles, he spent $569k in one night

🕷 He gifted 5 Hermès Birkin bags to random women

🕷 He also bought 31 supercars, and a $2M watch, and rented several luxury apartments

8/➮ He was arrested in Miami after arriving there by private jet from Los Angeles

🕷 This story shows how easy it is to lose your crypto

🕷 And how easy it is to actually underestimate the fact that you haven't secured your crypto enough

Here is some advice on protecting ur crypto👇

👇👇👇

9/➮ Unauthorized Access

🕷 As obvious as it may sound, don't give remote access to your device to individuals you don’t trust

🕷 Whether it's an employee of Google, Binance, etc

🕷 It's unlikely that anyone from such companies would need this

10/➮ 2-Factor Authentication

🕷 Always enable 2-Factor Authentication, especially for email and cloud accounts

🕷 Ideally, choose an authenticator app from Google

🕷 It's better to avoid SMS-based 2FA to prevent SIM-swapping attacks

👇

11/➮ Secure key storage

🕷Never store your private keys digitally or you're as vulnerable as the victim in the Malone case

🕷 To protect your assets, seek out wallets that offer more secure key management

🕷 And keep your private keys only on paper or special metal plates

12/➮ Original Source + Conclusion

🕷 Before the conclusion, I want to thank @zachxbt for his research, which made this article possible

🕷 Remember that crypto scams grow every day, and new variations keep appearing

🕷 Your asset security will never be excessive, so don’t neglect it

👇

➮ Give some love and support to this article!

🕷 Follow for even more excitement!

🕷 Remember to like, repost, and drop a comment with your opinion #scam $BTC