California man gets 78-month term in $250M crypto theft conspiracy

California man gets 78-month term in $250M crypto theft conspiracy

A California man linked to a nationwide crypto-theft ring has been sentenced to six and a half years in federal prison after pleading guilty to a RICO conspiracy that prosecutors say defrauded victims of more than $250 million.

Marlon Ferro, known online as “GothFerrari,” received 78 months in prison, plus three years of supervised release and $2.5 million in restitution, according to the U.S. Attorney’s Office for the District of Columbia. Ferro pleaded guilty in October 2025 and was described by the U.S. Attorney as the criminal enterprise’s “instrument of last resort” for break-ins when co-conspirators could not persuade victims to surrender crypto or hack into accounts remotely.

According to the filing, Ferro’s co-conspirators operated across California, Connecticut, New York, Florida and overseas, conducting a mix of hacking, social engineering and physical burglaries to seize funds stored on hardware wallets that could not be accessed remotely. In one February 2024 incident, Ferro traveled to Winnsboro, Texas, broke into a home and walked out with a hardware wallet containing about 100 Bitcoin, valued at more than $5 million at the time. Months later, he traveled to New Mexico, spending days staking out a residence and using a brick to smash his way inside while accomplices monitored the victim’s location via iCloud. A home surveillance camera captured him in the act.

Key takeaways

Ferro was sentenced to 78 months in prison, 3 years of supervised release and $2.5 million in restitution for his role in a RICO conspiracy tied to a crypto-heist operation that prosecutors say defrauded victims of over $250 million.

The ring operated from late 2023 to early 2025 across multiple states with international links, combining hacking, social engineering and targeted burglaries to access hardware wallets that could not be reached remotely.

Physical break-ins were used as a last resort when remote access to wallets or cloud-based accounts failed, illustrating a hybrid attack model that blends cyber and on‑site theft.

Investigators credit the FBI and IRS Criminal Investigation with leading the case, which documented a wide network and varied roles, from targeting and laundering to the seizure of illicit proceeds spent on luxury goods and high-end travel.

Separately, April 2025 marked a record month for crypto hacks, with losses totaling about $629.7 million, driven largely by high-profile exploits such as KelpDAO’s $293 million breach and Drift Protocol’s $280 million incident, according to DeFi analytics tracker DefiLlama.

Hybrid attacks and a sprawling operation

The court documents lay out a cross‑state network that relied on a diverse set of skills: hacking databases to identify victims, social‑engineered calls to extract information, and money laundering schemes to disguise proceeds. When the group faced hardware wallets stored offline or in cold storage, they pivoted to physical theft. The scheme’s geographic footprint—California, Connecticut, New York, Florida and overseas—highlights the challenge for enforcement as criminals exploit both digital and physical pathways to access crypto assets.

Ferro’s leadership role, described by prosecutors as the “instrument of last resort,” underscores a coercive tactic that adds a tangible danger layer to crypto crime. The defendants’ ability to follow through on physical intrusions demonstrates a willingness to employ force to recover inaccessible assets, a stark reminder that custody arrangements remain a critical risk factor for hardware wallets.

According to the DOJ filing, the group/directorate funneled funds into conspicuous purchases: Hermès Birkin bags, watches valued up to $500,000, private jets and exotic cars reaching as high as $3.8 million. Nightclub tabs alone could reach $500,000 in a single evening. The money was laundered using fake identities, and proceeds helped cover legal fees for a jailed conspirator, among other expenses.

The FBI and IRS Criminal Investigation led the inquiry, with authorities tracing the flow of stolen assets and identifying the network’s operational nodes. The sentencing outcome, while focused on Ferro, closes only one chapter in a larger, evolving picture of crypto-crime where physical access to devices can be as decisive as a remote breach.

April’s hack surge and what it signals for the crypto security landscape

Parallel to the court case, the broader security environment faced a brutal month in April, when crypto hacks totaled about $629.7 million—the largest monthly tally in more than a year, according to DefiLlama. The bulk of the losses came from two major incidents: KelpDAO’s $293 million exploit and Drift Protocol’s $280 million breach, which together accounted for more than 90% of the monthly total.

Yaniv Nissenboim, head of security at Chainalysis, attributed the spike to attackers shifting toward more sophisticated techniques that target the infrastructure connecting on-chain protocols to off-chain systems. The evolving threat landscape underlines the risk that attackers pose not just to wallets and exchanges, but to the broader bridge and integration layers that enable cross-chain or off-chain data interactions.

As the industry digests these incidents, security teams and policymakers face a dual challenge: strengthening custody solutions for users and fortifying the protocols and bridges that connect different parts of the ecosystem. The April surge, juxtaposed with Ferro’s case, shows how both criminal networks and defensive strategies are pushing in parallel toward more robust, auditable security postures.

Overall, the month’s losses contrast with an improving trend in crypto-safety tooling and best practices, yet they also remind market participants that risk remains highly context-dependent—ranging from remote exchange breaches to the physical theft of hardware wallets, and from on-chain exploit vectors to the security of off-chain infrastructure.

The combination of a high-profile RICO case centered on physical theft and the broader April hack wave underscores a critical point for readers: custody, hardware wallet resilience, and secure multi‑party computation approaches remain central to protecting value in an increasingly interconnected crypto space. As enforcement actions unfold and security practices mature, market participants should monitor how custody providers and protocol developers adapt to the shifting risk landscape.

Readers should watch for further policy updates and industry-led security standards that address both on-chain and off-chain vulnerabilities, particularly around device storage, identity verification, and the integrity of cross-chain bridges as attack surfaces continue to evolve.

This article was originally published as California man gets 78-month term in $250M crypto theft conspiracy on Crypto Breaking News – your trusted source for crypto news, Bitcoin news, and blockchain updates.

Source: California man gets 78-month term in $250M crypto theft conspiracy