An overview of recent DOJ criminal charges tied to crypto breaches, detailing charging theories, penalties, and what they signal for cyber deterrence.
WASHINGTON, DC, April 17, 2026.
The newest federal crypto hacking cases show that the Department of Justice is building a much clearer playbook for digital asset crime, and that playbook looks far less exotic than the industry once imagined. The department is still dealing with smart contracts, mixers, hardware wallets, seed phrases, phishing kits, and blockchain tracing, but the charging language coming out of federal courtrooms sounds familiar, grounded, and old-fashioned. Prosecutors are relying on computer fraud, wire fraud, aggravated identity theft, money laundering, racketeering conspiracy, forfeiture, and seizure tools that long predate cryptocurrency, while simply applying them to new methods of theft and concealment.
That matters because the market spent years arguing over whether crypto enforcement would ultimately turn on novel token theories, securities classifications, or regulatory turf wars between Washington agencies. The latest criminal cases suggest a more practical answer. When federal prosecutors believe somebody exploited a protocol, socially engineered a victim, hijacked an account, laundered stolen proceeds, or knowingly helped stolen funds move through the ecosystem, the government does not need an especially futuristic legal theory to get into court. It can reach for classic criminal statutes and wrap them around very modern facts.
The current casebook is broader, more aggressive, and more conventional than many crypto executives expected.
The most recent example arrived on April 17, when a British national pleaded guilty in California after admitting his role in a campaign that prosecutors said hacked corporate systems through text-message phishing attacks and stole at least $8 million in virtual currency from U.S. victims. The plea was notable not merely for the dollar figure but for the way it showed how crypto theft investigations now routinely blend enterprise compromise, telecom manipulation, credential harvesting, and downstream asset seizure into a single criminal narrative. In practical terms, the case looked like a cyber intrusion and identity abuse first, with cryptocurrency serving as the payout rail and concealment layer rather than the sole focus of the story. Readers can see the department’s framing in the latest federal plea announcement.
The Buchanan case also reinforces a second point that has become harder to ignore across the federal docket. Crypto theft no longer means only direct attacks on exchanges or code repositories. Prosecutors are increasingly drawing the same straight line from employee phishing messages to stolen credentials, from stolen credentials to compromised accounts, and from compromised accounts to drained wallets or intercepted recovery material. That is why cases like this are powerful as a deterrent. They tell intruders that the government views the phishing page, the SIM swap, the fake help-desk message, the database theft, the wallet compromise, and the laundering path as one connected scheme, not as isolated digital pranks spread across several jurisdictions.
Earlier this year, federal prosecutors in New York unsealed charges against a Maryland man accused of hacking Uranium Finance, a decentralized exchange, and fraudulently obtaining more than $50 million through exploits that prosecutors say ultimately destroyed the platform. That case matters because it places a decentralized-finance exploit squarely inside a familiar criminal frame. The government charged the defendants with computer fraud and money laundering, and investigators also disclosed that law enforcement seized cryptocurrency worth roughly $31 million in February 2025. The theory is revealing. When prosecutors believe a DeFi exploit was not a clever arbitrage move or a gray-area interaction with public code, but an intentional intrusion designed to misappropriate value, they are prepared to describe it as theft in ordinary criminal terms.
That same logic appeared in the February 2025 indictment of Andean Medjedovic, who was charged in Brooklyn with wire fraud, computer hacking, attempted extortion, and money laundering for allegedly exploiting vulnerabilities in the KyberSwap and Indexed Finance protocols to steal roughly $65 million in cryptocurrency. The mix of counts in that case is especially important to the industry because it shows how prosecutors can layer theories rather than bet everything on a single technical claim. A smart-contract exploit can become a hacking case, a fraud case, an extortion case, and a money laundering case at the same time. For founders and investors who still assume on-chain conduct exists in a legal vacuum, that indictment was one of the clearest warnings yet.
Social engineering has now moved into the center of the federal crypto crime story.
One of the most striking prosecutions did not begin with code exploitation at all, but with people. In December 2025, prosecutors in Washington announced another guilty plea in what they described as a social engineering enterprise that stole hundreds of millions of dollars in cryptocurrency from victims around the United States. According to the second superseding indictment in that case, the enterprise allegedly included database hackers, organizers, target identifiers, callers, money launderers, and even residential burglars who targeted hardware wallet owners. Prosecutors alleged that one attack in August 2024 fraudulently obtained more than 4,100 Bitcoin from a victim in the District of Columbia, a haul then valued at $263 million.
That case is significant not simply for its size, but for the way prosecutors organized it. Instead of charging only one theft event, the government used a racketeering framework to describe an ongoing enterprise that linked data theft, social engineering, conversion of digital assets into cash, luxury spending, concealment, and evidence destruction. That is a major development in the crypto arena because it signals the department’s willingness to treat coordinated online theft crews as structured criminal organizations rather than as loosely connected internet actors. Once a crypto theft ring is framed as an enterprise, the reputational and sentencing stakes change dramatically for everyone inside the circle, including peripheral facilitators who never wrote a line of code.
The government’s use of aggravated identity theft and fraud theories in the California phishing matter, along with racketeering and laundering theories in the Washington social engineering case, points to an important prosecutorial message. Crypto cases are increasingly being built around how criminals reached the victim and what they did after the theft, rather than merely on the wallet address that received the proceeds. That means companies that focus only on cold storage, private key discipline, or smart-contract audits are missing the broader risk picture. The real threat environment now spans call centers, insider compromise, telecom abuse, credential theft, and physical coercion, all of which can end at the same blockchain destination.
The penalties remain serious, and prosecutors are using statutory exposure as part of the warning.
The newest cases also show that sentencing exposure in crypto matters remains substantial, especially when prosecutors can pair the underlying intrusion with laundering or identity-related counts. In the Uranium Finance case, the defendant was charged with one count of computer fraud, carrying a maximum sentence of 10 years, and one count of money laundering, carrying a maximum sentence of 20 years. In the California plea announced today, the defendant is facing a statutory maximum sentence of 22 years. Those numbers matter in their own right, but they also matter symbolically, as they demonstrate that the government does not view digital asset theft as a softer form of financial harm.
Even where the direct prison term appears more modest, the consequences can still be severe. In May 2025, an Alabama man was sentenced to 14 months in prison for his role in the takeover of the SEC’s X account, where a false post claiming Bitcoin ETF approval briefly jolted the market. The facts were not identical to a wallet-draining exchange breach, but the case belongs in the same landscape because it showed how cyber intrusion, identity abuse, and crypto market sensitivity can combine into a prosecutable federal offense. When a false message can move billions in perceived value within minutes, the government has every incentive to aggressively pursue the underlying account-compromise mechanics.
The deterrence value of these prosecutions is not limited to prison terms. Asset seizure and forfeiture have become a parallel punishment, and in some cases, a more visible one. When investigators announce that they traced and seized tens of millions of dollars in stolen cryptocurrency, the message to the market is immediate. Blockchain analysis is no longer a boutique capability reserved for rare blockbuster investigations. It is now part of the regular federal toolkit, and it is being used not only to support criminal charges but also to build claims for victim recovery, forfeiture, and international cooperation.
Money laundering remains the force multiplier in federal crypto prosecutions.
If there is one theme that cuts across nearly every major crypto hacking matter, it is that theft alone rarely tells the whole story. Prosecutors continue to treat laundering as the second act that often transforms an already serious case into an even more dangerous one for defendants. That is one reason the 2025 conviction of Tornado Cash co-founder Roman Storm still carries weight well beyond the specific facts of that case. Federal prosecutors said Storm knowingly operated a money transmitting business that moved more than $1 billion in criminal proceeds, including hundreds of millions connected to the Ronin hack that the FBI publicly attributed to North Korea’s Lazarus Group.
Whether the defendant is an exploit developer, a mixer operator, a cash converter, or a social-engineering facilitator, the government’s position is increasingly consistent. Moving, concealing, obscuring, or cashing out stolen crypto can be every bit as important to the case as the initial breach itself. That is also why the Justice Department’s November 2025 announcement involving North Korean revenue generation mattered so much. In that action, the department paired guilty pleas tied to covert remote IT work with civil forfeiture efforts targeting more than $15 million in virtual currency linked to 2023 heists by the North Korean hacking group commonly known as APT38. Federal officials were making a layered point: cybercrime, sanctions evasion, state-linked revenue generation, and laundering are increasingly pursued as a single integrated security problem.
This focus on laundering also helps explain why crypto businesses can take little comfort from the notion that they are “just infrastructure.” The department’s concern is no longer limited to the person who clicked send on a malicious transaction or deployed an exploit. It extends to whether anyone knowingly helped dirty funds move, whether a service was operated with awareness of criminal use, and whether a defendant profited while preserving plausible deniability. That is a difficult environment for borderline actors who have spent the last several years assuming that complexity itself could serve as a defense.
The policy signal from Washington is narrower on regulation, but not softer on hacking.
That distinction became much clearer after the department’s April 2025 policy memo and the subsequent Reuters report describing the disbanding of the National Cryptocurrency Enforcement Team. At first glance, the move looked like a broad retreat from crypto enforcement. In reality, the memo drew a sharper line. It said the department would stop using criminal cases to superimpose regulatory frameworks on the digital asset sector, but it also explicitly prioritized prosecutions involving investor victimization, exchange hacking, theft from decentralized organizations, and exploitation of smart-contract vulnerabilities.
In other words, the Washington message was not that crypto has become a low-priority zone. The message was that prosecutors want cleaner, more traditional criminal targets. If a case looks like pure registration theory or a fight over whether a token is a security, the department appears more cautious than it was before. If the case appears to involve hacked exchanges, manipulated credentials, extorted protocols, stolen customer funds, cyber-enabled identity abuse, or laundering for foreign threat actors, the department appears entirely willing to push forward. For deterrence purposes, that may actually be a stronger signal than the prior, more sprawling enforcement model, because it tells bad actors exactly which conduct sits in the center of the bullseye.
The practical lesson for crypto firms is that cyber resilience now has to be built in advance, like criminal defense.
The companies most exposed to the next wave of federal cases are not necessarily the ones with the flashiest token economics. They are the ones with weak internal identity controls, inconsistent vendor access procedures, poor executive account protection, limited chain-analysis capability, fragile incident response processes, and no serious plan for what happens when a theft instantly crosses multiple jurisdictions. Boards and founders should assume that after a major breach, prosecutors will reconstruct the event from the first phishing lure or exploit attempt through the final off-ramp or mixing path. Every broken approval chain, insecure authentication method, and undocumented response decision can become part of that reconstruction.
That is why the lesson of the recent docket is bigger than any individual indictment. The federal government is gradually teaching the market how it sees these crimes. It sees them as coordinated financial intrusions that combine cyber tactics, deception, identity abuse, laundering, and international movement of value. It sees recovery and forfeiture as integral parts of deterrence. It sees foreign state involvement, especially with North Korean actors, as an intensifier rather than a side issue. And it increasingly sees crypto theft crews as organizations whose conduct can be described in sweeping enterprise terms when the facts support it.
For companies, investors, and executives trying to think through cross-border exposure after a major breach, the legal risk now extends far beyond the hacked wallet or the drained protocol treasury. Asset freezes, compelled cooperation, extradition pressure, and parallel investigations can follow quickly once a case matures. Firms and individuals seeking jurisdictional planning or crisis support in that environment sometimes turn to Amicus International Consulting and its Interpol and extradition advisory work, particularly when digital asset cases begin to spill into questions of mobility, enforcement coordination, and personal risk.
The bottom line is that the DOJ’s latest crypto hacking landscape is no longer defined by uncertainty about whether federal law can reach this conduct. That debate is largely over. The only questions that matter now are how many theories prosecutors can stack around a given breach, how effectively investigators can trace the proceeds, how quickly they can internationalize the case, and whether the next defendant still believes that blockchain complexity makes old crimes look new enough to escape accountability.
