A Canadian teenager stole more than $13 million in cryptocurrency through social engineering and lived a lavish life in Miami and Los Angeles, financed by luxury vehicles, jewelry and private flights, according to U.S. prosecutors. The defendant in the case, Trenton Richard Johnston, pleaded guilty Tuesday to conspiracy to commit money laundering.
Social engineering method was at the center of the accusations
According to court documents, around January 2024, Johnston and his partners launched a scheme to target cryptocurrency users. Prosecutors stated that the defendant accessed the victims’ accounts by pretending to work for Google, Trezor and other cryptocurrency companies. Trezor is known as a hardware wallet manufacturer that aims to keep users’ private keys offline.
Mini dictionary: Social engineering is a method of deception that targets human behavior, not a technical vulnerability. Attackers attempt to persuade the user to share their password, verification code, or wallet access by posing as a trusted institution or individual.
According to the file, in February, a victim was led to believe that his Google email account and Coinbase account had been compromised, and approximately $41,000 worth of Ether was stolen. Less than a month later, another victim in California was tricked by people posing as Google and Trezor representatives. It was noted that in this incident, the wallet containing approximately $13 million worth of Bitcoin was emptied.
Cyvers CEO and co-founder Deddy Lavid stated that some of the biggest cryptocurrency thefts today are not caused by sophisticated software vulnerabilities, but by methods that directly manipulate people.
Some of the stolen assets went to luxury expenses
According to prosecutors, approximately $1.2 million of the stolen cryptocurrency was spent on expenses in Miami and Los Angeles in just two months. Most of this amount was directed to the purchase and rental of luxury vehicles, with the help of car rental company owner Brandon Tardibone, who pleaded guilty to money laundering. Two BMWs and a Lamborghini Aventador SVJ were also among the expenses.
The investigation file also included information that the stolen funds were used to rent a private jet, rent a house in North Miami, and buy plane tickets for two people from New York. Prosecutors claimed that these expenses were covered by proceeds of crime.
Lavid emphasized that such attacks have become even more dangerous because cryptocurrency transactions occur quickly and are irreversible in most cases.
Investigation deepened after speeding violation
The process of Johnston’s capture began in March when the Rolls Royce he was driving was stopped for speeding. Authorities announced that there were 21 pills considered to be amphetamines in the vehicle. It was reported that the computer, mobile phone and handwritten notes seized later revealed the connection with the fraud scheme.
The defendant then handed over approximately 53.16 Bitcoin and 275.23 Ether to authorities. At current prices, the total value of these assets is $3.7 million. The prosecution recommended a sentence of 51 to 63 months in prison for Johnston, based on his guilty plea and full cooperation with the investigation. It was also recommended that the wire fraud charges be dropped. A prison sentence of 27 to 33 months was requested for Tardibone.
US authorities also received penalties in similar cases
The case stood out as one of the latest steps taken by US authorities against high-stakes cryptocurrency scams. In April, a California resident was sentenced to 70 months in prison for his role in a $263 million cryptocurrency crime network linked to social engineering and residential burglaries. In February, a Chinese national defendant was sentenced to 20 years in prison in a US federal court for a global cryptocurrency scam that targeted mostly US investors and resulted in losses of more than $73 million.
Executives of cybersecurity company Cyvers argue that the industry cannot be satisfied with user education alone. Accordingly, wallet providers, exchanges, custodians and banks must establish instant security checks that can detect suspicious behavior and risky wallets before the money leaves the account.
