A man pleaded guilty to a social-engineering scam that stole $263 million in crypto

a person wearing a mask and a red hat

Evan Tangeman, a 22-year-old from Newport Beach, California, pleaded guilty to RICO conspiracy for his role in a social-engineering operation that stole approximately 4,100 bitcoin, valued at about $263 million at the time of the theft. The case, filed in U.S. District Court in Washington, D.C., has now produced multiple guilty pleas and a superseding indictment naming 12 additional defendants. Prosecutors allege the enterprise blended remote phone scams with physical home break-ins to seize victims’ cryptocurrency, a combination that sets this prosecution apart from typical digital fraud cases.

Why the $263 million RICO crypto case signals a shift

Federal prosecutors did not charge this group under standard wire fraud or computer intrusion statutes alone. They used RICO, the racketeering law originally designed to dismantle organized crime families. That legal framing reflects how the government views this operation: not as a loose collection of scammers, but as a structured enterprise with assigned roles. The superseding indictment describes callers who tricked victims into revealing account credentials, database hackers who gathered targeting information, money launderers who moved stolen funds, and crews who broke into homes to steal hardware wallets.

The physical burglary element is what makes this case unusual. Most cryptocurrency theft prosecutions center on phishing, SIM swaps, or exchange breaches. Here, prosecutors allege that when digital tactics failed or when victims stored assets offline, the enterprise dispatched people to break into residences and take hardware wallets directly. That hybrid approach, combining social engineering with in-person theft, represents an operational model that law enforcement will likely encounter again as more crypto holders move assets into cold storage.

Using RICO also allows prosecutors to tie together a wide range of conduct-phone calls, hacking, travel, money movement, and burglaries-under a single conspiracy. That can increase potential penalties and make it easier to hold participants accountable for acts carried out by co-conspirators, even if they never personally touched the victims’ devices or wallets. For investigators, it offers a way to present the story of the enterprise as a coordinated criminal business rather than a series of disconnected online scams.

Tangeman, Mehta, and the enterprise’s money trail

Tangeman’s guilty plea is the most recent in a series of court actions tied to this case. Prosecutors say he participated in the social-engineering side of the operation, helping obtain access to victims’ accounts and facilitating the transfer of stolen bitcoin. His admission of guilt strengthens the government’s narrative that the scheme was not experimental or ad hoc, but a repeatable playbook designed to target multiple wealthy crypto holders.

Separately, Kunal Mehta, who prosecutors say used the aliases “Shrek,” “Papa,” and “The Accountant,” pleaded guilty to RICO conspiracy for laundering at least approximately $25 million through shell companies and crypto-to-wire conversion services. His role, according to prosecutors, was to receive large volumes of bitcoin from the thefts, break those holdings into smaller pieces, and move them through exchanges and intermediaries to obscure the trail before converting them into cash and other assets.

The broader indictment names 12 additional defendants charged with participating in the same conspiracy. According to prosecutors, some defendants allegedly focused on gathering personal data and account information, others on placing persuasive phone calls that impersonated customer-support representatives, and still others on traveling to victims’ homes to seize hardware wallets or force logins. By assigning each person a defined function, the enterprise attempted to operate like a specialized fraud organization rather than a loose online forum.

Tracing the money was central to building the case. Investigators followed the stolen bitcoin as it moved through multiple wallets, exchanges, and off-ramps, often hopping across jurisdictions. That work, aided by blockchain analytics and traditional financial subpoenas, allowed authorities to connect online activity to real-world identities. The involvement of federal financial investigators underscores that, even when cryptocurrency moves pseudonymously, large-scale thefts leave patterns that can be reconstructed over time.

What the case means for crypto holders and law enforcement

This prosecution highlights how high-value crypto investors are increasingly attractive targets, especially if their security practices are inconsistent. The alleged strategy of pairing social engineering with physical intrusion suggests that simply moving assets to hardware wallets is not a complete defense if attackers can learn a victim’s address, routines, and approximate holdings. For individuals, the case underscores the importance of limiting public information about crypto ownership, using strong authentication, and separating knowledge of seed phrases from any single device or location.

For law enforcement, the case illustrates both the challenges and possibilities of tackling sophisticated crypto crime. On one hand, the enterprise allegedly operated across state lines and relied on technical tools, anonymizing services, and fast-moving digital assets. On the other hand, the same blockchain that enabled quick transfers also created a permanent record that investigators could analyze to map relationships between wallets, exchanges, and suspects.

By charging the scheme as a racketeering conspiracy, prosecutors are signaling that complex crypto thefts can be treated on par with traditional organized crime. If the government continues to secure guilty pleas and convictions, the case may serve as a template for future investigations that combine cyber techniques with old-fashioned burglary and intimidation. It also sends a message that those who specialize in laundering stolen digital assets, not just the front-line hackers or callers, can face significant liability for their role in sustaining such enterprises.

Leave a Reply

Your email address will not be published. Required fields are marked *