How luxury cars, $500,000 bar tabs and a mysterious kidnapping attempt helped investigators unravel the heist of a lifetime.
In the balmy late afternoon of Aug. 25, 2024, Sushil and Radhika Chetal were house-hunting in Danbury, Conn., in an upscale neighborhood of manicured yards and heated pools. Sushil, a vice president at Morgan Stanley in New York, was in the driver’s seat of a new matte gray Lamborghini Urus, an S.U.V. with a price tag starting around $240,000. As they turned a corner, the Lamborghini was suddenly rammed from behind by a white Honda Civic. At the same time, a white Ram ProMaster work van cut in front, trapping the Chetals. According to a criminal complaint filed after the incident, a group of six men dressed in black and wearing masks emerged from their vehicles and forced the Chetals from their car, dragging them toward the van’s open side door.
After the August 2024 crypto heist, ZachXBT was able to track Lam through what’s called OSINT — open-source intelligence. In other words, social media. In Com chat groups, word was spreading that Lam was on a wild spending spree. Nobody seemed to know the source of his money, but they spoke of his lavish exploits at Los Angeles nightclubs. ZachXBT researched the most popular nightclubs in the city and then searched Instagram stories from partyers and the clubs themselves. In one post, Malone was filmed wearing a white Moncler jacket and what appeared to be diamond rings and diamond-encrusted sunglasses. He stood up on the table and began showering the crowd with hundred-dollar bills. As money rained down, servers paraded in $1,500 bottles of Champagne topped with sparklers and held up signs that read “@Malone.” He spent $569,528 in one evening alone. At one nightclub, Lam and his crew trolled ZachXBT, getting clubgoers to hold up signs reading “TOLD U WE’D WIN,” while another read, “[Expletive] ZACHXBT.”
Most of the funds drained from a U.S. government crypto wallet in an apparent attack Thursday were sent back early Friday.
Bluenoroff or APT38, more commonly referred to as Lazarus Group is a threat group which has been tied to the North Korean government since as early as 2009 primarily being financially motivated utilizing malware custom built for each target.
Early on, the threat group gained notoriety for cyberattacks such as Sony Pictures Hack in 2014 and $81M Bangladesh Bank heist in 2016 and in more recent years has shifted focus to targets in the cryptocurrency industry.
Analytics firms such as TRM and Chainalysis release annual reports summarizing crypto related incidents linked to DPRK and since 2017 they estimate between $3B to $4.1B has been stolen.
