![Should I be concerned my typically in person one-on-one is moved to a WFH day? [closed]](https://cdn.sstatic.net/Sites/workplace/Img/apple-touch-icon@2.png?v=d39b333f5c58)
High School Dropout Sentenced to 20 Years for $38M Retirement Fund Hack
Evan Frederick Light, a 22-year-old from Lebanon, Indiana, has been sentenced to 20 years in federal prison for orchestrating a sophisticated cyber intrusion that led to the theft of over $37 million in cryptocurrency. The sentencing took place on February 6, 2025, and was announced by the U.S. Attorney Alison J. Ramsdell for the District […] The post High School Dropout Sentenced to 20 Years for $38M Retirement Fund Hack appeared first on Cyber Security News.
Evan Frederick Light, a 22-year-old from Lebanon, Indiana, has been sentenced to 20 years in federal prison for orchestrating a sophisticated cyber intrusion that led to the theft of over $37 million in cryptocurrency.
The sentencing took place on February 6, 2025, and was announced by the U.S. Attorney Alison J. Ramsdell for the District of South Dakota.
Court documents revealed that Light, a high school dropout, executed the hack in February 2022 by exploiting the stolen identity of a client from an investment holdings company based in Sioux Falls, South Dakota.
Using this identity, Light infiltrated the company’s servers and exfiltrated the personally identifiable information (PII) of hundreds of clients. He then leveraged this stolen data to siphon cryptocurrency from 571 victims who held their assets with the company.
To cover his tracks and obscure the origin of the stolen funds, Light employed advanced money-laundering techniques.
He transferred the cryptocurrency through global locations, including crypto mixers—services designed to anonymize transactions by blending digital assets and gambling websites.
These methods are commonly used in cryptocurrency laundering schemes to obfuscate transaction trails.
Light’s operation was not a solo endeavor. During his guilty plea in September 2024, he admitted to collaborating with co-conspirators who helped orchestrate the intrusion and subsequent laundering of funds, reads the report.
The group even staged a fake kidnapping report to evacuate employees from the investment holdings company’s premises, enabling them to carry out their cyberattack undetected.
The stolen cryptocurrency was eventually stored in a cold wallet, an offline storage device used for securing digital assets against online threats. This meticulous planning underscores the technical expertise involved in the crime.
This was not Light’s first cyber intrusion. Evidence presented during the trial indicated that he had stolen millions in cryptocurrency during a prior attack, bringing his total haul to approximately $80 million when adjusted for current cryptocurrency values.
The financial and emotional toll on victims was severe, as many lost their retirement savings.
Evan Light Sentenced
Light’s sentence includes 20 years in federal prison followed by three years of supervised release. He was also ordered to pay a $200 special assessment and will face a restitution hearing to determine repayment obligations, expected to exceed $37 million.
U.S. Attorney Ramsdell emphasized the gravity of Light’s actions: “From his mother’s basement in Indiana, Evan Light set out to steal millions of dollars in cryptocurrency, thereby destroying the retirement savings of hardworking, honest Americans.”
“His 20-year sentence demonstrates the severity of his crime and its impact on hundreds of victims.”
As cryptocurrencies continue to gain mainstream adoption, robust cybersecurity measures and vigilant law enforcement will remain critical in combating such sophisticated crimes.
PCI DSS 4.0 & Supply Chain Attack Prevention – Free Webinar
The post High School Dropout Sentenced to 20 Years for $38M Retirement Fund Hack appeared first on Cyber Security News.
