September 16, 2022

Three men in the United Kingdom were arrested this month for attempting to assault a local man and steal his virtual currencies. The incident is the latest example of how certain cybercriminal communities are increasingly turning to physical violence to settle scores and disputes.

Shortly after 11 p.m. on September 6, a resident in the Spalding Common area in the district of Lincolnshire, U.K. phoned police to say three men were acting suspiciously, and had jumped a nearby fence.

“The three men made off in a VW Golf and were shortly stopped nearby,” reads a statement by the Lincolnshire Police. “The car was searched by officers who found an imitation firearm, taser, a baseball bat and police uniform in the boot.”

Thomas Green, 23, Rayhan Miah, 23, and Leonardo Sapiano, 24 were all charged with possession of the weapons, and “with intent to cause loss to another to make an unwarranted demand of Crypto Currency from a person.”

KrebsOnSecurity has learned that the defendants were in Spalding Common to pay a surprise visit to a 19-year-old hacker known by the handles “Discoli,” “Disco Dog,” and “Chinese.” In December 2020, Discoli took credit for hacking and leaking the user database for OGUsers, a forum overrun with people looking to buy, sell and trade access to compromised social media accounts.

Reached via Telegram, Discoli confirmed that police believe the trio was trying to force their way into his home in Spalding Common, and that one of them was wearing a police uniform when they approached his residence.

“They were obvious about being fake police, so much so that one of our neighbours called,” Discoli said in an instant message chat. “That call led to the arrests. Their intent was for robbery/blackmail of crypto, I just happened to not be home at the time.”

The Lincolnshire Police declined to comment for this story, citing an ongoing investigation.

Discoli said he didn’t know any of the men charged, but believes they were hired by one of his enemies. And he said his would-be assailants didn’t just target him specifically.

“They had a list of people they wanted to hit consecutively as far as I know,” he said.

The foiled robbery is the latest drama tied to members of certain criminal hacking communities who are targeting one another with physical violence, by making a standing offer to pay thousands of dollars to anyone in the target’s region who agrees to carry out the assaults.

Last month, a 21-year-old New Jersey man was arrested and charged with stalking in connection with a federal investigation into groups of cybercriminals who are settling scores by hiring people to carry out physical attacks on their rivals.

Prosecutors say Patrick McGovern-Allen recently participated in several of these schemes — including firing a handgun into a Pennsylvania home and torching a residence in another part of the state with a Molotov Cocktail.

McGovern-Allen and the three U.K. defendants are part of an online community that is at the forefront of a dangerous escalation in coercion and intimidation tactics increasingly used by competing cybercriminal groups to steal cryptocurrency from one another and to keep their rivals in check.

The Telegram chat channels where these young men transact have hundreds to thousands of members each, and some of the more interesting solicitations on these communities are job offers for in-person assignments and tasks that can be found if one searches for posts titled, “If you live near,” or “IRL job” — short for “in real life” job.

A number of these classified ads are in service of performing “brickings,” where someone is hired to visit a specific address and toss a brick through the target’s window. Indeed, prior to McGovern-Allen’s arrest, his alleged Telegram persona bragged that he’d carried out several brickings for hire.

Many of the individuals involved in paying others to commit these physical attacks are also frequent participants in Telegram chat channels focused singularly on SIM swapping, a crime in which identity thieves hijack a target’s mobile phone number and use that to wrest control over the victim’s various online accounts and identities.

Unsurprisingly, the vast majority of people currently being targeted for brickings and other real-life physical assaults via Telegram tend to be other cybercriminals involved in SIM swapping crimes (or individuals on the periphery of that scene).

The United Kingdom is home to a number of young men accused of stealing millions of dollars worth of cryptocurrencies via SIM swapping. Joseph James O’Connor, a.k.a. “Plugwalk Joe”, was arrested in Spain in July 2021 under an FBI warrant on 10 counts of offenses related to unauthorized computer access and cyber bullying. U.S. investigators say O’Connor also played a central role in the 2020 intrusion at Twitter, wherein Twitter accounts for top celebrities and public figures were forced to tweet out links to cryptocurrency scams. O’Connor is currently fighting extradition to the United States.

Robert Lewis Barr, a 25-year-old Scottish man who allegedly stole more than $8 million worth of crypto, was arrested on an FBI warrant last year and is also fighting his extradition. U.S. investigators say Barr SIM swapped a U.S. bitcoin broker in 2017, and that he spent much of the stolen funds throwing lavish parties at rented luxury apartments in central Glasgow.

In many ways, these violence-as-a-service incidents are a natural extension of “swatting,” wherein fake bomb threats, hostage situations and other violent scenarios are phoned in to police as part of a scheme to trick them into visiting potentially deadly force on a target’s address. According to prosecutors, both Barr and O’Connor have a history of swatting their enemies and their SIM swapping victims.

29 thoughts on “Botched Crypto Mugging Lands Three U.K. Men in Jail

  1. Luqman Gouled

    fam brian krebs mans not gonna tell you again you kno im the top driller in com i got down sy in a matter of seconds while i splashed vinnie shoutout M1 untouched we the untouched manor park goons

    1. Santa

      what language is that, because it ain’t any form of english. maybe ebonics?
      This is what it read as: family of brian’s is a man, who doesn’t like to repeat himself, who thinks people know he is a (top driller?) likes to be on top, but got on bottom quickly while splashing yourself with wine. while shouting at an old gun (m1) that is like brand new (untouched). or virgins not touching other virgins in a park with goons in it… no clue what the hell all that is, but I know what it isn’t – english.

      1. JamminJ

        It’s British slang speak. Likely PlugWalkJoe, since this is an article about UK slum hackers.
        Krebs’ article “2020/07/whos-behind-wednesdays-epic-twitter-hack” has a picture of him (white guy). The comments also references a Luqman Gouled.

      2. JamminJ

        I think M1 refers to the M1 motorway from London to Leeds. Kinda like someone talking about “8 mile” road. Street thugs like to represent their geographical location based on official numbering systems like zip codes, area codes, or well known roads.

        1. Crikey

          You mean everybody says that, because it’s the name of the road. Street thugs lol.

  2. G.Scott H.

    I may be a few steps away from this type of retaliation. Mr. Krebs, I believe you are closer than I because of your reputation, celebrity, and generally being a PITA to these types. I may pull back from being a thorn in the side to those who insist on pestering me and my family and friends. I can protect myself if need be, but I prefer not to stir the hornets nest and avoid such escalation.

    This escalation does appear to draw the attention of law enforcement since it crosses the boundary to traditional crime. Hopefully, it prompts law enforcement to become more digital savvy seeing the connection. As it stands now, law enforcement largely shuns following up on “virtual crimes”. I have personal experience with this. I have come so close to digital vigil ante-ism because of it, but just felt two wrongs don’t make a right.

    1. mealy

      Two wrongs make a prosecutable case against you, who goes to jail because you’re still here.

  3. PattiM

    This seems odd – but I guess if they assume everyone has their crypto wallets on their cellphones?

  4. Dream Grande

    Pray they don’t come after weedie he is too short to defend himself

  5. UK James


  6. Disprove

    Bro Kyle Tragic (@tragic on everything) stole 10 coins of mine, he needs to get done aswell bro

  7. Gurvinder

    What about That nxqqa Mason Dat Folded in His Underwear XDDD

  8. joey89

    Discoli said get it back in books. To steal virtual currency, that is a shame!

Comments are closed.