Nine defendants have pleaded guilty in a sprawling RICO conspiracy that used social engineering to steal $263 million in Bitcoin from a single victim in Washington, DC — one of the largest individual cryptocurrency thefts ever documented. Three additional defendants were charged in a second superseding indictment unsealed this month, with two arrested in Dubai.
The most recent plea came from Evan Tangeman of Newport Beach, California, who admitted to laundering at least $3.5 million for the enterprise. His sentencing is scheduled for April 24, 2026. The enterprise’s alleged ringleader, Malone Lam, and co-conspirators used stolen databases to identify cryptocurrency holders, then contacted victims by phone — posing as exchange support staff, government agents, or financial advisers — to extract private keys, seed phrases, or access credentials.
The operation was distinctive for its breadth of criminal methods. According to court documents, the enterprise included database hackers who identified targets, callers who conducted the social engineering, money launderers who converted crypto to cash, and residential burglars who physically broke into victims’ homes to steal hardware cryptocurrency wallets. The gang originated from friendships formed on online gaming platforms and expanded from California to Connecticut, New York, Florida, and internationally.
The scale of the laundering was conspicuous. Tangeman helped co-conspirators rent luxury homes at $40,000 to $80,000 per month, paying with stolen cryptocurrency converted to cash through bulk-cash converters. Leases were signed under false names. After the $263 million theft from the DC victim in August 2024, Tangeman helped Lam obtain approximately $3 million in fiat cash in a single exchange for a rental property.
What an investigator sees
This case is significant for two reasons that go beyond the headline number.
First, the RICO framing. Prosecutors charged this as a racketeering conspiracy — the same statute used against organised crime families and, more recently, against JPMorgan’s precious metals desk. The RICO designation reflects the enterprise’s structure: it was not a single theft but an ongoing criminal organisation with specialised roles, a shared infrastructure, and a pattern of repeated offences. The crypto ecosystem is producing criminal enterprises sophisticated enough to warrant the most serious prosecutorial tools.
Second, the physical dimension. This enterprise did not limit itself to digital theft. It included residential burglaries targeting hardware wallets — the cold storage devices that the crypto industry recommends as the most secure way to hold digital assets. When a criminal breaks into your home to steal your Ledger, the cybersecurity measures you rely on are irrelevant. The case is a reminder that crypto security is not purely a digital problem.