Today the United States Department of Justice announced the indictment (and in some cases additional charges) for 12 individuals. The defendants are charged in RICO conspiracy for over $263,000,000 in cryptocurrency theft, money laundering, and home break-ins.
Each individual listed was (in some capacity) involved in the COM(munity) scene.
This is the first time, to the best of our knowledge, a group of primarily English speaking, loosely affiliated, cybercriminals are in a RICO case.
RICO, the United States "Racketeer Influenced and Corrupt Organizations Act", passed in 1970, is generally reserved for organized crime. It was designed to combat organized crime and allows prosecutors to charge individuals involved in an ongoing criminal enterprise.
RICO charges are not a joke. These are extremely serious charges.
RICO charges allow multiple people to be tied to a conspiracy and amplify any/all charges. A single RICO charge is worth 20 years in Federal Prison and can extend to life in prison.
The United States Department of Justice slapping COM-scene people with a RICO charge is a sign they're not playing around with cryptocurrency fraud.
The individual indicted are as follows:
- MALONE LAM a/k/a "King Greavys", "7", "$$$", "Kg", "Anne Hathaway"
- MARLON FERRO a/k/a "Marlo", "GothFerrari"
- HAMZA DOOST a/k/a "Scyllia", "Β’"
- CONOR FLANSBURG a/k/a "OO", "Green Room", "d0uu0b"
- KUNAL MEHTA a/k/a "Papa", "The Accountant", "Shrek", "Neil"
- ETHAN YARALLY a/k/a "Rand", "15%"
- CODY DEMIRTAS a/k/a "K O", "Kody"
- AAKAASH ANAND a/k/a "Light", "Dark"
- EVAN TANGEMAN a/k/a "E", "Tate", "Evan | Exchanger"
- JOEL CORTES a/k/a "J"
- [Unidentified 1] a/k/a "~_~", "Squiggly", "CHEN"
- [Unidentified 2] a/k/a "Danny", "Meech"
- TUCKER DESMOND
The full article, released by the Department of Justice, defines the roles of each individual, the charge they carry, a total sum of money stolen and/or items illegally acquired using stolen money, and additional (unlisted) co-conspirators.
Note: per the RICO charge, if the Judge rules the individual was involved in widespread fraud or violent crime, individuals may face a punishment of life in prison. Hence, each person listed may eligible for life in prison
Time being faced:
- MALONE LAM: 60 years
- MARLON FERRO: 60 years
- HAMZA DOOST: 40 years
- CONOR FLANSBURG: 40 years
- KUNAL MEHTA: 40 years
- ETHAN YARALLY: 40 years
- CODY DEMIRTAS: 40 years
- AAKAASH ANAND: 60 years
- EVAN TANGEMAN: 40 years
- JOEL CORTES: 40 years
- [Unidentified 1] - 60 years
- [Unidentified 2] - 60 years
- TUCKER DESMOND - 20 years
Each individual listed was (in some capacity) involved in the COM(munity) scene.
This is the first time, to the best of our knowledge, a group of primarily English speaking, loosely affiliated, cybercriminals are in a RICO case.
RICO, the United States "Racketeer Influenced and Corrupt Organizations Act", passed in 1970, is generally reserved for organized crime. It was designed to combat organized crime and allows prosecutors to charge individuals involved in an ongoing criminal enterprise.
RICO charges are not a joke. These are extremely serious charges.
RICO charges allow multiple people to be tied to a conspiracy and amplify any/all charges. A single RICO charge is worth 20 years in Federal Prison and can extend to life in prison.
The United States Department of Justice slapping COM-scene people with a RICO charge is a sign they're not playing around with cryptocurrency fraud.
The individual indicted are as follows:
- MALONE LAM a/k/a "King Greavys", "7", "$$$", "Kg", "Anne Hathaway"
- MARLON FERRO a/k/a "Marlo", "GothFerrari"
- HAMZA DOOST a/k/a "Scyllia", "Β’"
- CONOR FLANSBURG a/k/a "OO", "Green Room", "d0uu0b"
- KUNAL MEHTA a/k/a "Papa", "The Accountant", "Shrek", "Neil"
- ETHAN YARALLY a/k/a "Rand", "15%"
- CODY DEMIRTAS a/k/a "K O", "Kody"
- AAKAASH ANAND a/k/a "Light", "Dark"
- EVAN TANGEMAN a/k/a "E", "Tate", "Evan | Exchanger"
- JOEL CORTES a/k/a "J"
- [Unidentified 1] a/k/a "~_~", "Squiggly", "CHEN"
- [Unidentified 2] a/k/a "Danny", "Meech"
- TUCKER DESMOND
The full article, released by the Department of Justice, defines the roles of each individual, the charge they carry, a total sum of money stolen and/or items illegally acquired using stolen money, and additional (unlisted) co-conspirators.
Note: per the RICO charge, if the Judge rules the individual was involved in widespread fraud or violent crime, individuals may face a punishment of life in prison. Hence, each person listed may eligible for life in prison
Time being faced:
- MALONE LAM: 60 years
- MARLON FERRO: 60 years
- HAMZA DOOST: 40 years
- CONOR FLANSBURG: 40 years
- KUNAL MEHTA: 40 years
- ETHAN YARALLY: 40 years
- CODY DEMIRTAS: 40 years
- AAKAASH ANAND: 60 years
- EVAN TANGEMAN: 40 years
- JOEL CORTES: 40 years
- [Unidentified 1] - 60 years
- [Unidentified 2] - 60 years
- TUCKER DESMOND - 20 years
π₯°56π21π’7π€£7π€7π₯5β€4π1
vx-underground
Today the United States Department of Justice announced the indictment (and in some cases additional charges) for 12 individuals. The defendants are charged in RICO conspiracy for over $263,000,000 in cryptocurrency theft, money laundering, and home breakβ¦
More information:
https://www.justice.gov/usao-dc/pr/additional-12-defendants-charged-rico-conspiracy-over-263-million-cryptocurrency-thefts
https://www.justice.gov/usao-dc/pr/additional-12-defendants-charged-rico-conspiracy-over-263-million-cryptocurrency-thefts
www.justice.gov
Additional 12 Defendants Charged in RICO Conspiracy for over $263
A four-count superseding indictment, unsealed today in U.S. District Court, charges 12 additional people β Americans and foreign nationals β for allegedly participating in a cyber-enabled racketeering conspiracy throughout the United States and abroad thatβ¦
π21π€£6β€4π’2
May 11th, 2025, Coinbase was compromised. Coinbase confirmed the compromise on May 15th, 2025 with the United States Securities and Exchange Commission (U.S. SEC)
Coinbase states an unknown Threat Actor e-mailed them asserting they had obtained sensitive personal identifiable information (PII) on the Coinbase userbase, as well as internal documentation from Coinbase which derives from customer service and/or account management systems.
Coinbase has confirmed the compromise is the result of multiple contractors and/or employees outside of the United States receiving "payment" for access to their systems. Coinbase confirms the individuals who received payment for access have been terminated.
The unknown Threat Actor demanded $20,000,000. Coinbase asserts they will NOT pay the ransom demand and succumb to extortionists. They have placed a $20,000,000 bounty for the identification and apprehension of individual(s) responsible for the compromise.
Customer data stolen as a result of the compromise:
- First name
- Last name
- Address
- Phone number
- Email address
- Last 4 digits of social security number
- Masked bank-account numbers
- Government ID images (drivers license, passport)
- Account data (balance, transaction history)
No passwords or private keys were obtained.
Coinbase has stated they believe the estimated damage to their company (internal, or reputational) to be between $100,000,000 - $400,000,000.
Coinbase states an unknown Threat Actor e-mailed them asserting they had obtained sensitive personal identifiable information (PII) on the Coinbase userbase, as well as internal documentation from Coinbase which derives from customer service and/or account management systems.
Coinbase has confirmed the compromise is the result of multiple contractors and/or employees outside of the United States receiving "payment" for access to their systems. Coinbase confirms the individuals who received payment for access have been terminated.
The unknown Threat Actor demanded $20,000,000. Coinbase asserts they will NOT pay the ransom demand and succumb to extortionists. They have placed a $20,000,000 bounty for the identification and apprehension of individual(s) responsible for the compromise.
Customer data stolen as a result of the compromise:
- First name
- Last name
- Address
- Phone number
- Email address
- Last 4 digits of social security number
- Masked bank-account numbers
- Government ID images (drivers license, passport)
- Account data (balance, transaction history)
No passwords or private keys were obtained.
Coinbase has stated they believe the estimated damage to their company (internal, or reputational) to be between $100,000,000 - $400,000,000.
π€£83π€―24β€10π5π3π₯3π±2π’2π€1π1
vx-underground
May 11th, 2025, Coinbase was compromised. Coinbase confirmed the compromise on May 15th, 2025 with the United States Securities and Exchange Commission (U.S. SEC) Coinbase states an unknown Threat Actor e-mailed them asserting they had obtained sensitiveβ¦
tl;dr some dude making like, $4/hr was bribed
π77π€£36π5π₯°5β€βπ₯3β€2π’1π―1π1
vx-underground
Photo
this is a meme, my wife didnt cheat on me
π€£145π32π’9π€6β€5π₯4π«‘4π€3π€―3π€3π±2
We are now 6 years old.
In 6 years this account, and website, went from small and obscure to one of the largest information security related Twitter profiles. Twitter and Telegram combined, vx-underground has over 400,000 people who follow our content and discussions.
It is very surreal feeling seeing a small personal project, dedicated to saving stuff that I thought was cool, becoming so large and popular. Sometimes I find it hard to believe what I say matters to anyone, because at the end of the day I'm just some stinky nerd who likes spamming cat pictures.
As I've said for the past 6 years: nothing will change. We will continue to provide free malware source, samples, and papers.
That's all I've got to say right now. Thank you for all the love and support. I look forward to continually serving all of you.
- smelly smellington
In 6 years this account, and website, went from small and obscure to one of the largest information security related Twitter profiles. Twitter and Telegram combined, vx-underground has over 400,000 people who follow our content and discussions.
It is very surreal feeling seeing a small personal project, dedicated to saving stuff that I thought was cool, becoming so large and popular. Sometimes I find it hard to believe what I say matters to anyone, because at the end of the day I'm just some stinky nerd who likes spamming cat pictures.
As I've said for the past 6 years: nothing will change. We will continue to provide free malware source, samples, and papers.
That's all I've got to say right now. Thank you for all the love and support. I look forward to continually serving all of you.
- smelly smellington
π₯174β€107β€βπ₯29π«‘11π8π€£8π5π4π€2π’1
Dear person DdoSing us,
We're not around right now combat the DdoS and we're all super busy. If you'd like to get our attention, or send a message, or whatever you're doing, please DdoS us at later period in time.
I'm busy with my newborn son and Bradley is still taking care of his Dad. I think we'll have better capacity to deal with a DdoS in like... August or September? So if you want to actually get our attention do it then. Otherwise, unfortunately, you'll just keep DdoSing us forever and nothing will really happen.
Sorry!
We're not around right now combat the DdoS and we're all super busy. If you'd like to get our attention, or send a message, or whatever you're doing, please DdoS us at later period in time.
I'm busy with my newborn son and Bradley is still taking care of his Dad. I think we'll have better capacity to deal with a DdoS in like... August or September? So if you want to actually get our attention do it then. Otherwise, unfortunately, you'll just keep DdoSing us forever and nothing will really happen.
Sorry!
β€198π€£55π₯17π12π€―4π―4π3π€3π’2π2π€1
vx-underground
Dear person DdoSing us, We're not around right now combat the DdoS and we're all super busy. If you'd like to get our attention, or send a message, or whatever you're doing, please DdoS us at later period in time. I'm busy with my newborn son and Bradleyβ¦
Learned we were under DDoS by accident when I was messaging TorGuard about moving some data around. I forgot the directory layout, checked the site, and realized it was being DdoSd. I was like, "Gosh dang it, I guess we'll talk about it some other time".
Anyway, got to go, having baked potatoes for dinner.
Talk to you later. Love you
- smelly
Anyway, got to go, having baked potatoes for dinner.
Talk to you later. Love you
- smelly
β€142π18π₯6π4π’1π1π1
Media is too big
VIEW IN TELEGRAM
me when the feds show up asking why ive got 30tb of malware
π€£202π31β€9π9π5π€5π₯°1π’1π―1
Hello,
For the past 6 years I've had people ask if I will be attending DEFCON. The answer is still: No. However, I may make an appearance at DEFCON 35 or DEFCON 36. It will also be the first cybersecurity conference I've ever attended. Cool beans
Thanks,
- smelly smellington
For the past 6 years I've had people ask if I will be attending DEFCON. The answer is still: No. However, I may make an appearance at DEFCON 35 or DEFCON 36. It will also be the first cybersecurity conference I've ever attended. Cool beans
Thanks,
- smelly smellington
π₯138β€19π±11β€βπ₯10π8π4π«‘4π’1
VMPSoft has been DMCA-ing YouTube videos which show how to combat malware payloads abusing VMProtect
π105π€£75π€9π₯5π€5β€1π1π€―1π’1
vx-underground
VMPSoft has been DMCA-ing YouTube videos which show how to combat malware payloads abusing VMProtect
"Leave our customers alone!!!1" β VMPSoft, probably
π€£115π11π3π―2β€1
This media is not supported in your browser
VIEW IN TELEGRAM
mfw I roll back a snapshot
π€£132π21π€―4π«‘4β€2π₯2π±1