Evan Frederick Light, a 21-year-old from Indiana, has pleaded guilty to orchestrating the theft of $37,704,560 worth of cryptocurrency from 571 victims in a 2022 cyberattack. According to the U.S. Department of Justice, the attack targeted an unnamed investment holdings company based in Sioux Falls, South Dakota.
The Cyberattack
Light admitted that he and his unknown co-conspirators stole the identity of a legitimate client of the company, allowing them to gain access to the firm’s servers. They exploited vulnerabilities to spread further into the network, eventually stealing the personal information of the company’s clients. Using this data, they accessed and stole cryptocurrency from 571 victims, totaling over $37 million.
Once in control of the stolen cryptocurrency, Light and his accomplices used coin-mixing services and gambling websites to obscure the assets and conceal their identities. This laundering process helped them attempt to hide the stolen funds across various locations globally.
Investigation and Arrest
Despite efforts to cover their tracks, the FBI was able to trace the stolen cryptocurrency back to Light, leading to his arrest and indictment in May 2023. Initially, he did not plead guilty, but he has now admitted his involvement in the cyberattack.
Light faces up to 20 years in prison for each count, three years of supervised release, and the potential for restitution. Whether victims will recover their stolen funds is still unclear, as authorities have not yet announced the seizure of any assets linked to Light.
Growing Cryptocurrency Theft
This case is part of a rising trend in cryptocurrency-related crimes. The FBI recently reported that crypto losses reached a record $5.6 billion in 2023, with annual losses increasing each year since 2019. Experts advise using cold wallets to store cryptocurrency offline, enabling multi-factor authentication, and limiting the exposure of sensitive information to better safeguard digital assets from hackers.
