In the balmy late afternoon of Aug. 25, 2024, Sushil and Radhika Chetal were house-hunting in Danbury, Conn., in an upscale neighborhood of manicured yards and heated pools. Sushil, a vice president at Morgan Stanley in New York, was in the driver’s seat of a new matte gray Lamborghini Urus, an S.U.V. with a price tag starting around $240,000. As they turned a corner, the Lamborghini was suddenly rammed from behind by a white Honda Civic. At the same time, a white Ram ProMaster work van cut in front, trapping the Chetals. According to a criminal complaint filed after the incident, a group of six men dressed in black and wearing masks emerged from their vehicles and forced the Chetals from their car, dragging them toward the van’s open side door.
When Sushil resisted, the assailants hit him with a baseball bat and threatened to kill him. The men bound the couple’s arms and legs with duct tape. They forced Radhika to lie face down and told her not to look at them, even as she struggled to breathe, pleading that she had asthma. They wrapped Sushil’s face with duct tape and hit him several more times with the bat as the van peeled off.
Several witnesses saw the attack and called 911. Some of them, including an off-duty F.B.I. agent who lived nearby and happened to be at the scene, trailed the van and the Honda, relaying the vehicles’ movements to the police. The F.B.I. agent managed to obtain partial license plate numbers.
Danbury police officers soon located the van. A patrol vehicle activated its emergency lights and tried to make a stop, but the driver of the van accelerated, swerving recklessly through traffic.
About a mile from where the chase began, the driver careered off the road and struck a curb. Four suspects fled on foot. The police found one hiding under a bridge and apprehended him after a brief chase. Within a couple of hours, the other three were located hiding in a wooded area nearby. The police, meanwhile, found the shaken Chetals bound in the back of the van.
Detective Sgt. Steve Castrovinci of the Danbury Police Department had the day off when the shift commander called him at home about the incident. “We got a kidnapping, a legit kidnapping,” he remembers the shift commander telling him. Castrovinci called a few of his detectives to get up to speed and then stopped at the crime scene before driving to the station to speak to the suspects. Based on information provided by one of the suspects in custody, two more assailants were found and arrested the following morning at an Airbnb rental in Roxbury, a 30-minute drive from Danbury, where the white Civic was also parked.
For Castrovinci, it was a strange and dramatic case. Danbury is a well-off, quiet place, and while the police there did get the odd kidnapping case, they were almost always related to child custody. A violent midday abduction was unheard-of. There was no apparent connection between the suspects and the Chetals, and, stranger still, law enforcement discovered that the suspects — men between the ages of 18 and 26 — had traveled to Connecticut all the way from Miami. They’d rented the van on the app Turo. “This is a case — you may only get one of these, one or two of these, in a career,” Castrovinci, who has been in law enforcement for 20 years, including five with the New York Police Department, told me. “Not in this area. We don’t deal with stuff like this.”
For weeks, the police said very little. Castrovinci and his team worked to piece together a motive. It was hard to believe that the Chetals were targeted because of Sushil’s senior position at an investment bank. As a vice president at Morgan Stanley, he would have had an enviable salary, but nothing out of the ordinary for Danbury. And if money was the kidnappers’ motive, it was bizarre that they left behind the Chetals’ Lamborghini, which was found abandoned in the woods. None of it seemed quite right.
A few days after the attempted kidnapping, though, Castrovinci says his team received a tip from the F.B.I. that cast the case in a strange new light: a possible connection to an enormous cryptocurrency heist, one that happened just a week before the attack. A group of young men, some of whom connected on a Minecraft server, were suspected of taking a quarter of a billion dollars from an unwitting victim, setting off an incredible chain of events that involved an online network of cybercriminals, some of them teenagers; a group of independent digital detectives who track their efforts; and several law-enforcement agencies. Now, it seemed, the whole thing had culminated in the kidnapping of the Chetals — a real-world spillover from the brazen lawlessness of this expanding digital underworld and the culture that surrounds it.
The chain of events began a couple of weeks earlier when a resident of Washington, D.C., began receiving suspicious sign-in notifications on his Google account. The logins appeared as though they were coming from overseas. Then on Aug. 18, he received a phone call from someone claiming to be on Google’s security team. The caller said the user’s email account had been compromised. The call appeared to be legitimate — the caller knew the D.C. resident’s personal information. The account holder, the caller said, would need to shut down his account unless he could verify certain personal information over the phone, which he did.
Shortly after the call with the supposed Google agent, the same D.C. resident, whose identity remains concealed in federal court documents, received a second call from someone who said they were a security-team representative from Gemini, a prominent cryptocurrency exchange. Like the supposed Google employee, he had the man’s personal information; he explained that his Gemini account, which held about $4.5 million worth of coins, had been hacked and that the man needed to reset his two-factor authentication and transfer the Bitcoin in his account to another wallet to keep it safe.
The person on the phone then suggested that the account holder download a program that would provide additional security. The man agreed, not knowing that he was downloading a remote-desktop app, which would give the caller access to his computer — and access to a second crypto account, exposing him to an even more staggering theft. It turned out that the D.C. resident, an early investor in cryptocurrency, had more than 4,100 Bitcoin in total. Ten years ago, that much Bitcoin was worth about $1 million; that day, it was worth more than $243 million.
Within minutes, it was all gone.
A central paradox of crypto is that, although coin owners are generally not identifiable, transactions are recorded on a public ledger known as a blockchain. This means that when the currency moves, anyone can see it. This paradox has enabled a new class of sleuths who can identify suspicious transactions on the blockchain. One of the best of these digital detectives goes by the handle ZachXBT, an independent investigator of crypto-related crimes.
ZachXBT is a well-known and elusive figure in the crypto world. He regularly posts threads detailing his investigations on X, where he has about 850,000 followers, exposing supposed wrongdoers, sometimes by name. Often, he shares his findings with law enforcement. Wired described him as “the most prolific independent crypto-focused detective in the world.” He doesn’t share his real identity online.
Minutes after the D.C. resident’s funds were liquidated, ZachXBT was walking through the airport on his way to catch a flight when he received an alert on his phone about an unusual transaction. Crypto investigators use tools to monitor the global flows of various coins and set alerts for, say, any transaction over $100,000 that goes through certain exchanges that charge a premium for having few security safeguards. The initial alert that day was for a mid-six-figure transaction, followed by higher amounts, all the way up to $2 million. After he cleared airport security, ZachXBT sat down, opened his laptop and began tracing transactions back to a Bitcoin wallet with roughly $240 million in crypto. Some of the Bitcoin in the wallet dated back to 2012. “At that point it didn’t make sense,” he told me. “Why is a person who held their Bitcoin for this long using a sketchy service that typically sees a lot of illicit funds flow through it?”
He added the wallets associated with the transactions to his tracking and boarded the plane. Once he connected to in-flight internet, more alerts arrived. Throughout the day, the Bitcoin traced to the wallet was being liquidated through more than 15 different high-fee cryptocurrency services.
After he landed, ZachXBT messaged a few other investigators who specialize in cryptocurrency theft. Among them was Josh Cooper-Duckett, director of investigations for Cryptoforensic Investigators, one of a growing number of independent firms that track crypto theft and fraud and help law enforcement recover currency for the victims. Cooper-Duckett, a 26-year-old from London, developed an early interest in crypto, and after working in security at Deloitte for three and a half years, started investigating crypto theft, focusing on cases where the financial loss is at least $100,000, of which there are a lot these days.
ZachXBT told Cooper-Duckett and the other investigators what he discovered, and they all agreed it was suspicious to see a quarter-billion-dollar wallet liquidated this way. “Somebody like that, that has that much money, does not wake up one day on the weekend and decide, Well, I’m just going to start sending to a bunch of exchanges and trying to convert for Monero and Ethereum — they don’t do that.”
The crypto investigators contacted the exchanges and services to inform them of the theft so they could freeze the currency and coordinate with the authorities. Some did; others didn’t. “In this case, it was a lot of Whac-a-Mole,” Cooper-Duckett says. “They’re trying a lot of different exchanges, a lot of different services to see what works. I mean, they have $240 million to launder. That’s a lot of money.”
On X, ZachXBT notified his followers about the heist in progress. “Seven hours ago a suspicious transfer was made from a potential victim for 4064 BTC ($238M),” he wrote. Funds were transferred to THORChain, eXch, KuCoin, ChangeNOW, RAILGUN and Avalanche Bridge, all crypto services.
ZachXBT noticed that the victim had received bankruptcy payouts from Genesis, a lending platform, which filed for bankruptcy in 2023, related to the collapse of Sam Bankman-Fried’s FTX. Using his network, he was eventually able to connect with the victim over email. The shocked D.C. resident hired ZachXBT, Cryptoforensic and another crypto investigation firm to help track his stolen funds. That same day, he filed a police report with the F.B.I.’s Internet Crime Complaint Center, and ZachXBT messaged his contacts in law enforcement. (The F.B.I. and the Department of Justice declined to comment for this article.)
Cryptocurrency theft is growing at such a rate that federal investigators struggle to keep up. According to its latest report, the Internet Crime Complaint Center received more than 69,000 claims in 2023 regarding financial fraud involving crypto, resulting in more than $5.6 billion in reported losses, a 45 percent increase from 2022. Although just 10 percent of all financial fraud complaints were crypto-related, the losses associated with those complaints accounted for nearly 50 percent of the total. Cryptocurrency’s decentralized nature, the irreversibility of transactions and the ability to move digital coins around the world make it appealing to criminals and difficult for the F.B.I. to recover funds, the report said. In 2022, the F.B.I. created a special unit to combat crypto theft, called the Virtual Assets Unit (V.A.U.).
Because of the scale of the crimes and the difficulty combating them, government agencies — including the F.B.I., the Department of Homeland Security, the Secret Service, even the I.R.S. — rely on private firms and individuals who have a deep knowledge of the digital criminal underground, experts say. “Josh and Zach, they’re so good and so fast at the tracing,” says Nick Bax, founder of the cryptocurrency analysis firm Five I’s. Bax has worked with ZachXBT on several cases but has never seen his face; in their early meetings, ZachXBT used a voice-altering software that made him sound like Mickey Mouse. “Like, I’m very good, but they’re — I will never be as good as them,” Bax says. “And I think their brains are, like, legitimately altered, because they started doing this at a young age.”
Crypto investigators use fake accounts to immerse themselves in the forums where cybercriminals gather — Telegram, Discord and other platforms — to plot and brag about their exploits. The thieves are generally young and cavalier and sometimes leave a trail of clues in their wake.
After ZachXBT’s X post about the heist, a source reached out to him through a throwaway account with potential clues about the identities of the thieves. The source sent ZachXBT several screen-share recordings, which he said were taken when one of the scammers livestreamed the heist for a group of his friends. The videos, which totaled an hour and a half, included the call with the victim. One clip featured the scammers’ live reaction when they realized they’d successfully stolen $243 million worth of the D.C. resident’s Bitcoin. A voice can be heard yelling: “Oh, my god! Oh, my god! $243 million! Yes! Oh, my god! Oh, my god! Bro!”
In private chats they used screen names like Swag, $$$ and Meech, but they made a crucial mistake. One of them flashed his Windows home screen, which revealed his real name in the start icon pop-up at the bottom of the screen: Veer Chetal, an 18-year-old from Danbury — the son of the couple who were kidnapped.
A quiet honor student who had recently graduated from Immaculate High School in Danbury, Veer Chetal was about to begin studying at Rutgers University in New Jersey. In 2022, he completed a “future lawyers” program, and a story that year on the Immaculate website showed a photo of a smiling kid with glasses wearing a Tommy Hilfiger windbreaker over a red polo.
Classmates remember Chetal as shy and a fan of cars. “He just kind of kept to himself,” says Marco Dias, who became friends with Chetal junior year. According to another classmate named Nick Paris, this was true of Chetal until one day in the middle of his senior year, when he showed up at school driving a Corvette. “He just parked in the lot. It was 7:30 a.m., and everyone was like, What?” Paris says. Soon Chetal rolled up in a BMW, and then a Lamborghini Urus. He started wearing Louis Vuitton shirts and Gucci shoes, and on Senior Skip Day, while Paris and many of his classmates went to a nearby mall, Chetal took some friends, including Dias, to New York to party on a yacht he had rented, where they took photos holding wads of cash.
Chetal said that he had made his money trading crypto; Dias says Chetal showed him trades on his phone as proof one morning during homeroom class. Once, Chetal rented a large house in Stamford, Conn., and hosted a three-day gathering with friends. “I was in the basement at one point, and I was just messing around with my friends, and I just see him, like, just on the couch, just like on his phone, pretty much avoiding everyone at the party,” Dias says. “And I thought, Oh, that’s kind of weird.” Paris remembers that during a school parade, the police stopped Chetal in his Lamborghini Urus for a traffic violation. “He literally called his lawyer on the spot before answering the cops’ questions, which everyone was like: Wow, this guy’s got, like, something going for him. Like, this guy’s got serious money.”
Independent investigators say Chetal was secretly a member of the Com, also referred to as the Comm or the Community, an online network of chat groups that has its roots in the hacking underground of the 1980s and functions as a kind of social network for cybercriminals or aspiring ones. In an affidavit from an unrelated case, an F.B.I. agent described the Com as “a geographically diverse group of individuals, organized in various subgroups, all of whom coordinate through online communication applications such as Discord and Telegram to engage in various types of criminal activity.” According to the F.B.I. affidavit and experts who study the Com, the various subgroups’ activities include swatting, which entails making false reports to emergency services or institutions like schools to trigger a police response; SIM swapping, when hackers take over a target’s phone number, sometimes by tricking customer-service representatives; ransomware attacks, using a malware that denies users or organizers access to computer files; cryptocurrency theft; and corporate intrusions.
Allison Nixon, the chief research officer of Unit 221B, a collective of cybersecurity experts, has been following this growing corner of the internet since 2011 and is widely considered to be a pre-eminent expert on the Com. She says most Com members are young men from Western countries. In group chats, many talk about college and taking classes in cybersecurity, which they use to their advantage, she says. The gateway for many is through video games like RuneScape, Roblox and Grand Theft Auto.
By the mid-2010s, a more sinister world was also blossoming within Minecraft — the creative building game — facilitated by the advent of online servers, owned and operated by users, that allowed gamers to kill one another in teams, or “factions.” On these servers, Minecraft evolved into a highly competitive battle zone. With that came opportunities to monetize and scam. Servers soon began to introduce in-game purchases that gave players upgrades, like the ability to fly and to fight with more powerful weapons and armor. Other in-game purchases bought users stylish character outfits, which were wielded to show status online.
As players gravitated toward these competitive servers, a large black market for in-game items and valuable user names started to blossom on Discord. With Minecraft dominated by young players, the black market became ripe for fraud. Users agreed to trade in-game items for real money via PayPal, but once the money was received, scammers would block the user’s account. This became so rampant that people started advertising themselves as verified middlemen who would take both the money and the in-game item and then hand it off to each party for a fee.
One prized possession in this world is high-value user names, often no more than four letters — such as Tree, OK, Mark, YOLO or G, any of which could go for upward of $10,000.
As faction-based servers and the Minecraft black market thrived, so did cryptocurrencies, which eventually supplanted PayPal on these servers. It was this combination of a consequence-free training ground for competition, gambling and fraud, with a growing familiarity with crypto, that turned Minecraft servers into a cesspool for budding cybercriminals.
When the price of Bitcoin began to rise rapidly in 2017, Com members made an easy shift from Minecraft fraud to crypto theft. One of the popular Com forums was called “OGUsers.” It was initially dedicated to discussing and buying social media accounts and user names, but it evolved into a platform for cybercrime, including SIM swapping and Twitter account hijackings. “Very, very quickly these antisocial communities turned into overnight millionaires and propagated this culture, because people notice when other people turn into millionaires overnight, and they want to learn how they did that,” Nixon explains. “The size of the Com exploded.”
A common tactic used by the Com today to steal cryptocurrency is what’s called social engineering, which entails manipulating users into divulging sensitive information. Com members put together long lists of potential victims, obtained through data breaches, and then directly target them, which is what occurred in the case of the D.C. victim. They will sometimes post job listings online to recruit people to help them with their schemes. One listing posted on Telegram that Nick Bax, the crypto investigator, shared with me promised “5f a week” — that is, five figures — “if ur not slow” to phone potential targets. “American professional customer service voice is required,” it read. Sometimes, Com members will then return to the Minecraft black market to launder their stolen crypto by buying valuable game items and selling the items for real dollars using PayPal.
After ZachXBT had Veer Chetal’s name, it didn’t take long for him and other investigators to figure out the identities of others involved in the crypto heist. In the recordings ZachXBT obtained, the thieves referred to one another by their Com aliases, but also in some cases by their real first names. One name frequently uttered was Malone. This was Malone Lam, a known figure in the Com who went by the aliases Greavys and Anne Hathaway.
Lam was a 20-year-old from Singapore and a notorious Minecraft player with bangs roughly chopped at his eye line. He had been banned from Minecraft servers only to maneuver his way back in. In the spring of 2023, when he got into a minor disagreement with the managers of the server Minecadia that resulted in him losing in-game items, he doxxed the staff, releasing their addresses and Social Security numbers online and, in at least one case, sending emergency services to their house, according to several users and Discord chats from the time. It was within Minecraft that Chetal and Lam first connected, playing together on a faction led by Lam. In October 2023, Lam arrived in the United States on a 90-day visa. He had largely stopped playing Minecraft. According to court documents, he began funding his lifestyle with other crypto-related fraud.
After the August 2024 crypto heist, ZachXBT was able to track Lam through what’s called OSINT — open-source intelligence. In other words, social media. In Com chat groups, word was spreading that Lam was on a wild spending spree. Nobody seemed to know the source of his money, but they spoke of his lavish exploits at Los Angeles nightclubs. ZachXBT researched the most popular nightclubs in the city and then searched Instagram stories from partyers and the clubs themselves. In one post, Malone was filmed wearing a white Moncler jacket and what appeared to be diamond rings and diamond-encrusted sunglasses. He stood up on the table and began showering the crowd with hundred-dollar bills. As money rained down, servers paraded in $1,500 bottles of Champagne topped with sparklers and held up signs that read “@Malone.” He spent $569,528 in one evening alone. At one nightclub, Lam and his crew trolled ZachXBT, getting clubgoers to hold up signs reading “TOLD U WE’D WIN,” while another read, “[Expletive] ZACHXBT.”
Over the course of a few weeks, Lam bought 31 automobiles, including custom Lamborghinis, Ferraris and Porsches, some valued as high as $3 million. On Aug. 24, he apparently sent a photo of a pink Lamborghini to a model. “I got you a present, we’ll call it an early birthday gift,” he texted her. She wrote back, “I am taken once again.” He replied, “idc” — I don’t care.
On Sept. 10, after a 23-day party spree in Los Angeles, Lam headed to Miami on a private jet with a group of friends. There, he rented multiple homes, including a 10-bedroom, $7.5 million estate. Within a few days, Lam had filled the driveway with more luxury cars, including multiple Lamborghinis, one with the name “Malone” printed on the side.
Every few days, ZachXBT sent the intelligence he’d collected to law enforcement. The information generally flowed one way, but federal authorities were conducting their own investigation simultaneously. According to court filings, the supposed co-conspirators used sophisticated money-laundering methods to hide the funds and mask their identities, using crypto exchanges like eXch, which does not require personal customer information, and VPN connections that disguise their locations. But in at least one instance, according to the authorities, one of them was sloppy, neglecting to use a VPN when he created an account with TradeOgre, a digital currency exchange, which connected to an I.P. address that was registered to a $47,500-per-month rental home in Encino, Calif. It was leased to Jeandiel Serrano, 21, who went by VersaceGod, @SkidStar and Box online. By the time the authorities identified Serrano, he was on vacation in the Maldives with his girlfriend.
On Sept. 18, Serrano flew back from the Maldives to Los Angeles International Airport, where the authorities were waiting for him. He was wearing a $500,000 watch at the time of his arrest. Serrano initially denied knowledge of the theft and agreed to speak with law enforcement without a lawyer. But he soon acknowledged his involvement, according to court reports, specifically to impersonating a Gemini employee. Serrano admitted that he owned five cars, two of which were gifts from one of his co-conspirators, given to him with proceeds from a previous fraud. He also confessed to having access to approximately $20 million of the victim’s crypto on his phone and agreed to transfer the funds back to the F.B.I.
At the same time, agents in Miami were preparing to raid one of Lam’s rented mansions. Lam knew it was coming: Immediately after Serrano’s arrest, Serrano’s girlfriend called to warn his co-conspirators. They then deleted their Telegram accounts and other incriminating evidence from their phones.
Later that day, a team of F.B.I. agents working with the Miami police raided a mansion near Miami Shores. Agents blew open the front metal gate while another group entered by boat via a small saltwater canal in the rear. The sound of flashbangs rang in the neighborhood as the agents entered the home.
Moments later, an agent escorted a handcuffed Lam, who wore a long-sleeve white top, maroon basketball shorts and sneakers, as smoke hung in the air, followed by at least five other people who were in the house with him. Serrano and Lam were charged with money laundering and conspiracy to commit wire fraud. They face up to 20 years in prison for each charge.
Exactly one month after the heist, the party was over.
In Danbury, in the days and weeks after the kidnapping of the Chetals, Castrovinci and the police worked with federal investigators to build cases against the group from Florida. They obtained emergency access to the suspects’ phones, where they could view group chat exchanges and record the groups’ movements.
They learned that the trip was organized and paid for in part by Angel Borrero, a 23-year-old from Miami who went by Chi Chi. In the group conversation, Borrero wrote to the others, “If this go good we out to Cali next,” which federal investigators took to mean the group was planning something else in California. The same day, Josue Alberto Romero, who used the nickname Sway, sent a message to the group: “Chichi we are more ready than ever.” The chats indicated that the group began coordinating as early as 7 a.m. and spent part of the afternoon surveilling the Chetals.
By then, the authorities had established a motive: The men, the police believed, had targeted the Chetals to hold them ransom for the money their son had. Independent investigators think that at least one member of the group, Reynaldo (Rey) Diaz, who they say went by the alias Pantic, was a member of the Com; ZachXBT speculates that the thieves might have made themselves targets by sharing stories of their spending with other Com members. “You would think you commit a crime, you would shut up and keep to yourselves,” he says. “But they kind of have to compensate, showing off to their friends — who they think are their friends. But they might not be their friends.”
On Aug. 27, Danbury police filed charges against the six suspects in the case: multiple counts of first-degree assault, first-degree kidnapping and reckless endangerment. Federal charges followed. On Sept. 24, a grand-jury indictment filed in Federal District Court in Connecticut charged the six Florida men with kidnapping, carjacking and conspiracy crimes.
The six Florida men reflect a growing faction of the Com, those less interested in online schemes and more concerned with using brute force. Diaz was himself shot in Florida two years earlier when he was the target of a robbery attempt.
In the F.B.I. affidavit, an agent said the Com regularly commits “brickings, shootings and firebomb attacks.” In 2022, according to reporting from Brian Krebs, an independent investigative journalist, a young man who went by the moniker Foreshadow was kidnapped and beaten by a rival SIM-swapping gang and held for a $200,000 ransom. In October 2023, a 22-year-old named Patrick McGovern-Allen of Egg Harbor Township, N.J., was sentenced to 13 years in prison for participating in violence-for-hire jobs after being contracted by a group of cybercriminals. Last November, it was reported that the chief executive of a Toronto-based crypto company was kidnapped and held for a $1 million ransom. A few weeks later, after a 13-year-old known as the Gen Z Quant Kid created a crypto coin and inflated its value, the crypto community responded by doxxing him and his family and, it is rumored, kidnapping his dog. In January this year, a founder of the French crypto company Ledger was kidnapped with his wife; the kidnappers mutilated his hand and demanded a multimillion-dollar ransom in cryptocurrency.
But increasingly, people who have nothing to do with the Com are being targeted, says Nixon, the researcher. Some alleged Com members participate in what are known as harm groups, whose members coerce young women and girls into committing acts of self-harm and violence. Seven years ago, Nixon says, there were maybe a few dozen people in the Com worth being concerned about; today, there are thousands. “Right now,” she says, “we are seeing an evolution from disorganized crime to organized crime, and we are somewhere in the middle point of that.”
The twin episodes — the crypto heist and the kidnapping — suggest that the complete lawlessness of Com members’ online lives allowed them to imagine that they could get away with similar exploits in the real world. “I don’t think they really learn,” ZachXBT says. “I’ve seen a lot of them, after they either get either arrested, have assets seized, et cetera — I see a lot of them go back to what they were doing before.”
This year, five of the six Florida men pleaded guilty to federal kidnapping and conspiracy charges. They could face 15 years in prison. In a Hartford court in January, 19-year-old Michael Rivas apologized for his actions, calling them “dumb” and saying he was helping another man carry out a “vendetta,” although he didn’t elaborate.
In February, a 22-year-old Georgia man named James Schwab was indicted in connection with the kidnapping plot. According to the federal criminal complaint, Schwab had an altercation with Veer Chetal in a Miami nightclub a month before the kidnapping, and he helped fund the plot and arrange transportation and lodging for the attackers. He pleaded not guilty.
On March 25, ZachXBT posted a new message to his original thread on X chronicling his investigation into the stolen crypto. “Update: Wiz (Veer Chetal) was arrested,” he wrote. “Here is his mug shot.” The photo attached featured a young man in a white T-shirt with bushy hair, a dark beard, a downturned mouth and exhausted eyes. He bore little resemblance to the kid pictured on the Immaculate High School website. The charge listed in jail records is a federal misdemeanor offense but doesn’t specify what that offense is.
According to ZachXBT, the stolen Bitcoin he traced to addresses belonging to Chetal is now in a wallet controlled by law enforcement. The matte gray Lamborghini Urus — the one that Sushil and Radhika Chetal were driving the day of the kidnapping — is still sitting as evidence in a secure police lot in Danbury. It’s the same Lamborghini their son once drove to school.
Additional reporting by Johnny Liesman.
Read by Eric Jason Martin
Narration produced by Emma Kehlbeck
Engineered by Joel Thibodeau
The post They Stole a Quarter-Billion in Crypto and Got Caught Within a Month appeared first on New York Times.
