In brief
- A 22-year-old California man became the ninth defendant to plead guilty in a RICO-designated crypto-theft ring tied to more than $263 million in stolen Bitcoin.
- Prosecutors say Evan Tangeman helped launder millions, securing luxury rentals under false identities and converting stolen crypto into bulk cash for the group.
- A new indictment adds three more alleged members, as authorities depict the Social Engineering Enterprise as a coordinated network of criminals.
A 22-year-old California man has become the ninth defendant to plead guilty in a RICO-style crypto theft ring that drained roughly $263 million in Bitcoin from a single Washington, D.C. victim, and hundreds of millions more from other targets across the U.S.
In a statement on Thursday, the Justice Department said Evan Tangeman has admitted to a federal court in Washington, D.C., to participating in a racketeering conspiracy tied to the “Social Engineering Enterprise,” or SE Enterprise.
Tangeman acknowledged helping launder at least $3.5 million for the group and faces sentencing on April 24, 2026, before a U.S. District Judge.
Prosecutors are leaning on RICO charges, a statute once aimed at the mafia and drug cartels, to treat the SE Enterprise as a single criminal organization rather than a string of isolated hacks.
Alongside Tangeman’s plea, the court unsealed a second superseding indictment adding three new defendants, Nicholas “Nic” / “Souja” Dellecave, Mustafa “Krust” Ibrahim, and Danish “Danny” / “Meech” Zulfiqar, all charged with RICO conspiracy.
The indictment details how the SE Enterprise began no later than October 2023 and ran through at least this May, growing out of friendships on online gaming platforms.
Members then split into specialized roles, including database hackers, organizers, target identifiers, “callers” posing as support staff for major exchanges and email providers, money launderers, and even in-person burglars sent to steal hardware wallets from victims’ homes.
In last year’s attack on the D.C. victim, co-defendant Malone Lam, Zulfiqar, and others allegedly siphoned more than 4,100 BTC, worth about $263 million at the time, now worth over $370 million.
Last September, authorities arrested alleged ringleader Lam and co-defendant Jeandiel Serrano on fraud and money-laundering charges after investigators, assisted by crypto sleuth ZachXBT, traced the stolen funds through mixers and peel chains.
Prosecutors say the crew laundered the stolen crypto by first converting portions into privacy coin Monero, then routing funds through opaque exchanges and “crypto-to-cash” brokers, all while spending the proceeds on opulence.
Tangeman’s role, they noted, was to turn stolen crypto into bulk fiat, secure luxury rental homes under false identities, and help Lam collect roughly $3 million in cash immediately after the 4,100 BTC theft.
He also monitored home-security feeds as FBI agents raided Lam’s Miami residence and later instructed another member to retrieve and destroy digital devices to hinder investigators.
“The speed of crypto allows stolen assets to be moved at the speed of the internet, while the use of violence or threats adds an immediate physical layer of risk for victims, creating a hybrid threat model that law enforcement and the private sector are now confronting head-on,” TRM Labs' Global Head of Policy Ari Redbord told Decrypt.
“Having prosecuted both violent and cyber crimes, this mix is particularly harrowing,” he added.
Redbord said applying RICO here shows prosecutors increasingly view these cases not as isolated hacks but as “a single, organized operation”—an approach that lets them charge fraud, laundering, and related violence “under one unified legal theory.”