Ninth defendant pleads guilty in $263M crypto social‑engineering case
A 22‑year‑old man from California has admitted his role in a sprawling crypto theft and money laundering operation that prosecutors say siphoned hundreds of millions of dollars from victims across the United States. Evan Tangeman has become the ninth person to plead guilty in connection with the so‑called “Social Engineering Enterprise” (SE Enterprise), a criminal ring accused of orchestrating a $263 million Bitcoin theft from a single victim in Washington, D.C., along with other large‑scale heists.
According to the U.S. Department of Justice, Tangeman pleaded guilty in federal court in Washington, D.C., to participating in a racketeering conspiracy. The charges were brought under laws typically associated with organized crime, underscoring how seriously authorities view large, coordinated crypto fraud schemes.
As part of his plea, Tangeman admitted that he helped launder at least $3.5 million in illicit funds for the SE Enterprise. Prosecutors say his role included converting stolen cryptocurrency into bulk cash, a crucial step for turning on‑chain, traceable assets into harder‑to‑track physical money. Sentencing is scheduled for April 24, 2026, before a U.S. District Judge.
Prosecutors have framed the SE Enterprise as a sophisticated criminal organization whose primary weapon was not malware or code exploits, but psychological manipulation. The group allegedly relied on “social engineering” – tricking individuals or employees into revealing login credentials, approving transfers, or giving access to accounts – to seize control of digital wallets holding vast sums in Bitcoin and other assets.
The Washington, D.C. victim targeted in the $263 million theft reportedly lost the equivalent amount in Bitcoin in a single incident, making it one of the largest individual crypto thefts ever linked to social engineering rather than a direct technical hack. Authorities say this victim was not the only one: the SE Enterprise is believed to have stolen hundreds of millions more from other people and entities across multiple states.
To build the case, the Justice Department turned to the Racketeer Influenced and Corrupt Organizations Act, or RICO – a statute originally designed to dismantle mafia families and major drug cartels. By applying RICO in a crypto context, prosecutors are signaling that coordinated online fraud rings can be treated in the same category as traditional organized crime, with similar penalties and investigative tools.
In practice, RICO allows prosecutors to connect multiple criminal acts—such as wire fraud, identity theft, and money laundering—into a single overarching conspiracy. That makes it easier to show that individual participants like Tangeman were part of a broader criminal enterprise, even if they only handled a portion of the stolen funds or played a specialized role in the scheme.
Court documents and official statements describe SE Enterprise as operating much like a corporate structure, but for illegal purposes. Some members allegedly focused on identifying and profiling high‑net‑worth targets. Others specialized in contacting victims—posing as customer support agents, bank staff, exchange representatives, or even as internal IT personnel—to convince them to reveal sensitive account details or approve fraudulent transfers. Downstream members, like Tangeman, are said to have concentrated on “off‑ramping” the stolen crypto: mixing funds, moving assets across wallets and services, and ultimately transforming them into cash.
A key reason social‑engineering operations like this can succeed, even against technically savvy victims, is their reliance on urgency and authority. Scammers often create scenarios that feel time‑critical—such as alleged security breaches, compliance issues, or frozen accounts—and then pressure victims into quick, poorly scrutinized actions. In a crypto context, where large transfers can be irreversible and confirmations instantaneous, a single moment of panic can lead to catastrophic loss.
The scale of the Washington, D.C. theft also highlights how the growth of digital asset markets has changed the stakes for fraud. In traditional banking, very large wire transfers usually trigger strict checks, multiple approvals, and built‑in fraud monitoring. By contrast, an individual with control of a self‑custodied crypto wallet can move enormous sums with just a few clicks and a single private key—making that key an extremely attractive target for social engineers.
Tangeman’s admission that he converted stolen cryptocurrency into bulk cash illustrates another important point: the crypto economy, though global and digital, ultimately feeds back into the traditional financial system. Criminal groups still need to spend money in the real world, which means they rely on people willing to handle physical currency, set up shell accounts, or use money mules. These conversion points are often where law enforcement can gain leverage, trace flows, and bring charges like money laundering.
From a legal perspective, Tangeman’s guilty plea strengthens the government’s case that SE Enterprise was not just a loose band of online scammers, but a coordinated racket. Each guilty plea adds corroboration to the government’s narrative about how the group operated, how responsibilities were divided, and how the stolen funds were moved. It also raises the pressure on remaining defendants, who now face the prospect of testifying co‑conspirators and a detailed evidentiary record.
For the crypto industry, the case is a stark reminder that the most significant vulnerabilities are often human, not technical. Even the most secure protocol or wallet can be compromised if the person controlling it is tricked into handing over keys, codes, or approval. As criminals refine their social‑engineering playbooks, exchanges, wallet providers, and financial platforms are increasingly being pushed to invest not only in backend security, but also in user education and robust identity‑verification processes.
In response to this evolving threat, some companies and security experts advocate for wider use of multi‑party or multi‑factor authorization for high‑value transfers. For instance, requiring two separate devices, multiple signers, or a time‑delay mechanism for large withdrawals can create a buffer against impulsive actions under pressure. Others are encouraging organizations that hold large crypto reserves to treat access controls like corporate treasury management, with strict internal segregation of duties and independent oversight.
The Tangeman case also underscores how law enforcement has adapted to the blockchain era. While early crypto crimes sometimes went unpunished due to limited expertise, investigators today regularly trace funds across chains, identify mixing patterns, and connect on‑chain activity with off‑chain identities. By combining blockchain forensics with traditional investigative methods—subpoenas, informants, and surveillance—authorities have become more adept at unraveling even complex laundering networks.
For ordinary users, the lessons are both sobering and practical. No legitimate service will ask for a seed phrase, full private key, or remote control over a wallet to “fix” a problem. Any unsolicited request to move funds to a “safe” wallet, approve an unexpected transaction, or urgently share security codes should be treated as a red flag. Verifying communications through separate, trusted channels—and taking a pause before authorizing any large transfer—can be the difference between safety and loss.
As for Tangeman, his sentencing in 2026 will hinge on multiple factors, including the extent of his cooperation, his exact role in the conspiracy, and the financial damage attributable to his actions. Federal racketeering and money‑laundering charges can carry lengthy prison terms, substantial fines, and mandatory restitution orders aimed at compensating victims, at least in part, for their losses.
The broader SE Enterprise case is still unfolding, but the growing list of guilty pleas suggests that the government’s RICO strategy is gaining traction. By treating crypto‑focused social‑engineering rings as organized crime, prosecutors are sending a clear message: digital assets may be new, but the legal tools to dismantle criminal organizations that exploit them are already well‑established—and will be used aggressively.