On a summer day in 2022, a lonely, troubled youth appeared in a Hamilton courtroom to say he’s “very sorry” for stealing $48-million in cryptocurrency. “I intend to move forward only in a positive direction,” he said.
His lawyer said the 19-year-old now wanted to use his skills for good, to work in cybersecurity, “a fitting way for this case to come full circle.”
The judge sentenced the young man to a year of probation, taking into account the year he already spent in custody and the fact that he was 17 when he did the deed. The young man, who cannot be named under Canada’s Youth Criminal Justice Act, was forbidden from dealing with crypto during his probation – not a significant deprivation, admittedly, but certainly damaging to the career of a young cybercriminal.
Had the young man truly, in his words, “taken this time to reflect on my actions and learn from mistakes”?
The (alleged) anatomy of the $10-million heist that rocked Canadian music
Consider this: Authorities pegged the 2020 theft as the most crypto ever stolen from an individual. It’s a matter of contention how big a role the young man played and how much of the $48-million he still had. But police would later say that, the same month he was being sentenced, the young man was privately bragging about his heist and said he still kept US$15-million.
What’s more, throughout that sentencing period, the young man who promised he’d never do it again was, in fact, doing it again: He was operating a separate, high-profile crypto heist.
On July 29 this year, the young man, labelled by prosecutors as a “sophisticated, successful and repeat cybercriminal,” was before a judge once more. This time, it was in Alexandria, Va., and he was sentenced to a year in prison.
The young man, who can’t be named under Canada’s Youth Criminal Justice Act, was sentenced to a year in prison at a courthouse in Alexandria, Va., for operating another crypto heist.ALEX WROBLEWSKI/Getty Images
This series of heists reaped only about US$800,000, but it had garnered international attention and shook the crypto world. The 2022 heist targeted influential accounts on what was then called Twitter that dealt in NFT digital art.
The targets included “Beeple,” known for selling a record US$69-million NFT (nonfungible token) picture, which is based on crypto’s blockchain technology. Once compromised, those accounts scammed their followers out of crypto and NFTs. Nobody knew then that behind the heist was this young man from Hamilton.
The case shines a spotlight not just on the young industry of crypto, estimated to be worth more than US$4-trillion, but also the rising cybersecurity dangers as more of our lives move online. Court documents in the case, recently unsealed, grant insight into the dynamics among the hackers and scammers, almost always young men, and underscore a timeless truth: There is no honour among thieves.
The young man’s parents separated when he was 18 months old. He grew up with an absent father and in a household under financial strain. During his school years, he “was socially isolated, bullied for his weight,” the defence writes in a sentencing submission. A psychological evaluation showed the young man “experienced emotional neglect, chronic instability, and trauma” that “made him particularly vulnerable to the influence of others.”
The prosecution, though, had a different narrative. “The defendant was responsible for the ‘social engineering’ aspects of the fraud schemes. In other words, it was his job to manipulate and deceive,” prosecutors wrote. “He in fact appears quite adept at interacting with and reading people.”
The earlier $48-million heist had been a SIM swap, in which perpetrators trick telecommunications companies into porting over victims’ cellphone numbers to SIM cards they control. With that phone number, scammers then breach owners’ other accounts, such as crypto.
Opinion: Canada was once a global leader in crypto. It can be one again
According to the defence, when the young man was out on bail for the $48-million heist, he was “unsupervised and experimenting with dangerous narcotics that had been introduced to him by another juvenile at the detention facility.” This was when he decided to use a different scamming method: breaching Twitter, now called X.
It is unclear how exactly the young man took the preliminary step. Neither his lawyers in the United States nor his former lawyer in Canada responded to requests for comment. But the general idea is no secret.
In June, The Globe and Mail reported on the black market of social-media company insiders who sell their access – to reinstate banned profiles, for example – as these accounts become increasingly valuable. Somehow, the young man had gotten access to a special platform at Twitter called the “partner support panel.” It was meant for insiders and “entities associated with large or important customers” and allowed for expedited assistance in matters such as password resets.
The young man’s first target was the artist Beeple, real name Mike Winkelmann. Court documents do not explicitly name Mr. Winkelmann, but they showed the contents of the fraudulent tweets that ensued, which can be matched to the posts at the time from his account. Mr. Winkelmann has also been publicly identified by ZachXBT, a pseudonymous crypto sleuth who had first named the young man from Hamilton as the perpetrator.
The artist Beeple, whose real name is Mike Winkelmann, had his Twitter account taken over by the young man from Hamilton.
After taking over Mr. Winkelmann’s Twitter account, working with a fellow scammer, the young man posted a message with a link to a “raffle.” Users were to send one ether, a cryptocurrency running on the Ethereum network worth about US$2,000 at the time. Winners would get Louis Vuitton-branded NFTs.
Of course, there were to be no winners. When users click on the link, they’re brought to a fraudulent website to connect their digital wallets to participate in the raffle. Instead of sending one ether or receiving an NFT, victims would in fact be giving the greenlight for their entire digital wallets to be drained.
Or, at least, that’s how the scam was supposed to go. The website “had trouble stealing NFTs and cryptocurrency,” according to the prosecution. The reason is unclear. Perhaps there were technical issues. Perhaps the fraudulent website to which the scam link led was poorly built and looked suspicious to the crypto crowd.
Ethan Lou: America is the buck-wild cryptoland now. Canada will have to live with that
The young man knew how to take over people’s phone numbers and accounts. But he was no crypto expert. He would soon up his game, however, with the help of someone else.
Court files do not name this person, describing him only as a U.S. resident who “indicated that he had a better drainer that would steal” from victim’s digital wallets.
This ringer, who evidently had more knowhow in this area than the young man, would also build a replica of Mr. Winkelmann’s website that had a similar address. When people visited the scam link to hand over their digital assets, as long as they did not pay too much attention to the browser’s address bar, they’d still think they are on the artist’s legitimate site.
This heist was relatively successful, netting 80 victims and nearly US$450,000. But the tech-savvy ringer who built the replica website never split the loot as agreed. The young man was betrayed.
The young man then recalibrated his methods. In a gold rush, the man who sells shovels has a more guaranteed income than the one who digs. In war, the safest side is that of the arms dealer.
Instead of depending on the likes of the undependable tech ringer, the young man would focus on the advantage he already had: the means to steal.
The young man got access to a special platform at Twitter that was meant for insiders and ‘entities associated with large or important customers’ and allowed for expedited assistance for password resets.CARLOS BARRIA/Reuters
In June of 2022, he sold his access to the Twitter panel to another young scammer, whom the court has not named but described as a U.S. resident and a minor. The price was 230 ethers – worth more than US$280,000 at the time – and 10 per cent of the loot from any future heist. It was to be exclusive, meaning that the young man from Hamilton would not sell that access to anyone else.
The deal closed on June 27, three days after the young man told an Ontario court how sorry he was for stealing $48-million in crypto.
Clearly, he was not quite ready to walk away from his life of crime. Perhaps the young man from Hamilton, who had started scamming when he was underage, saw a bit of himself in the American minor. He became what the prosecution called a “mentor” to the minor. The pair teamed up with other scammers and struck four times. The targets can be traced to the accounts of DeeKay, Zeneca, Nouns DAO and JRNY Club, all prominent artists or collectives in the NFT world.
For the uninitiated, those names might not mean much, and that underscores the sheer size and fast growth of the crypto world. It began with only bitcoin in 2009, then worth next to nothing, and in a little over 10 years one unit is worth more than US$100,000, and the combined value of the thousands of other coins is worth more than US$4-trillion. Banks and governments are dabbling in the technology. Whatever one thinks about the asset, it cannot be denied that the money and jobs in it are real.
Yet so is the danger. When objects that can be irreversibly moved with the click of a mouse are worth so much, a whole new breed of criminal evolves to take advantage of that. According to Chainalysis, a blockchain data firm, nearly US$3-billion in crypto had been stolen by the end of June, 2025, setting the stage for this to be a record year.
Amid the four new crypto heists, the dynamic duo of the young man from Hamilton and the American minor started to unravel. At one point, perhaps still reeling from the tech-savvy ringer’s earlier betrayal, when he did not split the loot, the young man did unto others what had been done unto him.
While the specifics are unclear, court records show the young man “extorted” the American minor for a bigger cut. Then, police say, he tried selling his access to the Twitter panel to others, even though he had promised the minor exclusivity.
But it would turn out to be a meaningless move. The value of that Twitter panel was plunging. One can only repeat the same scam so many times before people catch on. Additional heists were increasingly unsuccessful, with one fraudulent tweet taken down within minutes. Eventually, the Twitter panel stopped working altogether. X did not respond to a request for comment.
As the scam dried up, the young man left that world behind, defence said. “In 2023, he travelled to Portugal at the strong urging of a friend,” the defence wrote. Postpandemic, Portugal had introduced a new visa for digital nomads, offering affordable rents, vibrant social scenes and modest winters. It was the place to be. For the young man, it was “the first time in years that he began forming genuine in-person relationships and experiencing a world beyond the computer.” There, the young man “found companionship and purpose,” and enrolled in a computer programming course.
Paradise, however, was soon lost. First the U.S. Federal Bureau of Investigation went after the people around the young man. The American minor, who had been extorted and lied to by the young man, would end up co-operating with the FBI. So would the tech-savvy ringer who had once burned the young man – he would burn him again, giving information to the FBI in exchange for immunity.
In December, 2024, the young man was arrested. He was extradited to the U.S. in March, where he took a deal, pleading guilty to conspiracy to commit wire fraud, wire fraud and conspiracy to commit aggravated identity theft.
It’s an open question what awaits him when he eventually gets deported back to Canada. He had clearly violated the terms of his probation for the $48-million heist when he carried out this new series of scams. That risks legal consequences.
The Ontario Ministry of the Attorney-General referred questions to police. Hamilton Police Service, the force that first arrested the young man in the $48-million case, did not respond to a request for comment.