Feds sentence 12 crypto thieves behind SIM swaps, home invasions

Siva Ramakrishnan
A dozen people involved in a string of armed cryptocurrency robberies have been sentenced this month — including a Florida man handed a 47-year jail term in relation to the brutal home invasions.

A dozen people involved in a string of armed cryptocurrency robberies have been sentenced this month — including a Florida man handed a 47-year jail term in relation to the brutal home invasions.

According to court documents, the group began with traditional crypto thievery, by hacking victims’ accounts through SIM-swapping, whereby cybercriminals get access to a target’s phone by tricking their service provider. 

Jarod Seemungal of West Palm Beach and several co-conspirators carried out the SIM swaps starting in 2020, and according to Wired were able to steal more than $3 million from one victim. In 2022, however, Seemungal decided that physical robberies would be a lucrative shift for the gang, and he recruited another Florida resident, Remy St. Felix, to lead a home invasion crew. 

Seemungal was sentenced to 20 years in prison, while St. Felix, who received a 47-year sentence, was convicted on nine counts “relating to conspiracy, kidnapping, Hobbs Act robbery, wire fraud and brandishing a firearm in furtherance of crimes of violence.” 

The crimes perpetrated by the group were shocking in their brutality — involving kidnapping, torture and ransom demands.  

In one instance, Wired reported, the group went after a fellow SIM swapper who Seemungal thought had robbed him of cryptocurrency the year before. They bound his hands, loaded him into their rental car and began extorting his loved ones before the man was able to escape. 

An associate of Seemungal would hack into people’s email accounts in order to view their crypto assets, helping the crew determine lucrative targets. 

During their last successful robbery, St. Felix and an accomplice, Elmer Ruben Castro, pretended to be construction workers inspecting pipes and forced their way into the home of an elderly North Carolina couple. 

They forced the husband to install AnyDesk remote access software, which Seemungal then used to steal over $150,000 worth of cryptocurrency.

“The victims in this case suffered a horrible, painful experience that no citizen should have to endure,” said U.S. Attorney Sandra J. Hairston for the Middle District of North Carolina at the time of St. Felix’s conviction in June. “The defendant and his co-conspirators acted purely out of greed and callously terrorized those they targeted. The jury’s verdict in this case represents a vital step in securing justice for these victims.”

According to the blockchain intelligence firm TRM Labs, it was the group’s sloppy covering of their tracks that ultimately did them in. The bitcoin and ethereum stolen in the North Carolina burglary was laundered into four accounts, which the FBI was able to link to the gunmen and other accomplices. 

St. Felix was arrested in July 2023 on his way to another home invasion in New York, prosecutors said, and 13 co-conspirators have pleaded guilty since then. Two of the men are scheduled for sentencing on October 1.  

The nexus between SIM-swapping and violence has raised alarms in recent years, with young hackers settling scores between one another with Molotov cocktails and violent confrontations. 

Late last year, the Federal Communications Commission (FCC) adopted new rules requiring wireless carriers to implement better protections against SIM-swapping, including requiring the companies to “notify customers whenever a SIM change or port-out request is made on customers’ accounts.”

CybercrimeNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

James Reddick

has worked as a journalist around the world, including in Lebanon and in Cambodia, where he was Deputy Managing Editor of The Phnom Penh Post. He is also a radio and podcast producer for outlets like Snap Judgment.

 

Total
0
Shares
Previous Post

‘Clipper’ malware is being used to steal crypto, Binance warns

Next Post

Owner of only US platinum mine confirms data breach after ransomware claims

Related Posts

Over 300K Prometheus Instances Exposed: Credentials and API Keys Leaking Online

Cybersecurity researchers are warning that thousands of servers hosting the Prometheus monitoring and alerting toolkit are at risk of information leakage and exposure to denial-of-service (DoS) as well as remote code execution (RCE) attacks. "Prometheus servers or exporters, often lacking proper authentication, allowed attackers to easily gather sensitive information, such as credentials and API
Avatar
Read More