US federal prosecutors have filed charges against five individuals accused of conducting a complex phishing and hacking operation targeting employees of companies across the country.
According to authorities, the scheme led to the theft of intellectual property, sensitive corporate data and millions of dollars in cryptocurrency, including $6.3 million stolen from a single victim.
Details of the alleged regime
The alleged operation, which lasted nearly two years from September 2021 to April 2023, used deceptive tactics to obtain login credentials and gain unauthorized access to corporate systems and cryptocurrency wallets.
Court documents reveal that the defendants used mass text messages as their primary method of deceiving victims. These phishing messages were created to appear as urgent company alerts to employees or service providers warning that their accounts were at risk of being deactivated.
Recipients were directed to fake websites designed to look like legitimate corporate portals. Unsuspecting employees who entered their credentials on these websites provided hackers with the information needed to breach internal systems.
Prosecutors allege the stolen data, which included intellectual property and personally identifiable information such as account credentials and email addresses, was used to access crypto accounts and steal millions in virtual assets.
Arrests and charges
The defendants have been identified as Ahmed Hossam Eldin Elbadawy, 23, of College Station, Texas; Noah Michael Urban, 20, of Palm Coast, Florida; Evans Onyeaka Osiebo, 20, of Dallas, Texas; Joel Martin Evans, 25, of Jacksonville, North Carolina; and Tyler Robert Buchanan, 22, of the United Kingdom.
They face multiple charges including conspiracy to commit wire fraud, conspiracy, wire fraud and aggravated identity theft. If convicted, the group faces up to 20 years in federal prison on conspiracy and wire fraud charges and a mandatory two-year sentence on identity theft.
“This group of cybercriminals executed a sophisticated scheme to steal intellectual property and personal data worth tens of millions,” said US Attorney Martin Estrada.
He urged the public to be vigilant, warning that phishing and hacking tactics are becoming increasingly sophisticated.
FBI Deputy Director Akil Davis emphasized the scale of the crime, noting that the defendants took advantage of victims’ trust to steal sensitive data and cryptocurrency.
Phishing schemes have become increasingly common in crypto, with many people falling victim this year. Scam Sniffer’s February report highlighted that many of these exploits originated in X, where spoofed accounts posted misleading comments to lure users to fake sites.
In one notable case from October, a crypto investor lost $36 million in crypto. Security experts identified it as a “fishing permit scam,” in which the attacker tricked the victim into signing a malicious signature. This action granted them full access to the investor’s funds.
SPECIAL OFFER (Sponsored) Binance Free $600 (Exclusive to CryptoPotato): Use this link to register a new account and receive an exclusive welcome offer of $600 to Binance (full details).
LIMITED OFFER for CryptoPotato readers on Bybit – Use this link to register and open a FREE $500 position with any currency!
Bitcoin 
Ethereum 
Tether 
Solana 
BNB 
XRP 
Dogecoin 
USDC 
Cardano 
Lido Staked Ether 
TRON 
Stellar 
Avalanche 
Toncoin 
Shiba Inu 
Wrapped stETH 
Wrapped Bitcoin 
Polkadot 
Chainlink 
Bitcoin Cash 
WETH 
Sui 
Pepe 
NEAR Protocol 
LEO Token 
Litecoin 
Aptos 
Uniswap 
Wrapped eETH 
Hedera 
Internet Computer 
USDS 
Cronos 
POL (ex-MATIC) 
Ethereum Classic 
Render 
Artificial Superintelligence Alliance 
Ethena USDe 
Kaspa 
Bittensor 
Bonk 
VeChain 
WhiteBIT Coin 
Dai 
Arbitrum 
Filecoin 
Cosmos Hub 
Celestia 
MANTRA 
OKB