Bitcoin Password Kidnapping Case Highlights Escalating Crypto Crime
Woeltz allegedly detained the victim for weeks in a luxury townhouse and subjected him to horrific abuse, including electric shocks and drug coercion. Meanwhile, in London, an American tourist lost $123,000 in Bitcoin after being drugged and robbed by a fake taxi driver. Adding to the concern, a crypto user was scammed twice in three hours, losing $2.6 million in USDT to a zero-value phishing attack.
Bitcoin Ransom Horror Unfolds in Manhattan
A Manhattan-based crypto investor was charged in a deeply disturbing case involving the alleged kidnapping and torture of a 28-year-old Italian man, in an apparent attempt to steal access to his Bitcoin wallet. The accused, John Woeltz, was arraigned on Saturday in Manhattan criminal court and faces four felony charges, including kidnapping for ransom.
The incident reportedly took place inside a luxury Soho townhouse rented for $30,000 per month, where the victim claims he was held captive for several weeks beginning shortly after his arrival in the US on May 6.
According to law enforcement and reporting by The New York Times, Woeltz and an unidentified accomplice allegedly seized the man’s passport and electronic devices and demanded his Bitcoin wallet password. When the man refused to comply, he was subjected to a horrifying ordeal that included being beaten, electroshocked, assaulted with a firearm, and even dangled from upper floors of the five-story townhouse.
The victim also stated that Woeltz used a saw to injure his leg and forced him to smoke crack cocaine. Threats were reportedly made against the man’s family as well. Investigators found photographic evidence, including Polaroid pictures inside the residence, which appeared to corroborate the victim’s claims of sustained abuse.
The victim managed to escape on Friday and contacted authorities, which led to Woeltz’s arrest. At his court appearance, Woeltz pleaded not guilty and was ordered to be held without bail by Judge Eric Schumacher. He is due back in court on May 28. Police also detained a 24-year-old woman in connection with the case, but no formal charges against her appear in the court’s public records, and she was seen walking freely in New York the next day.
Authorities have not revealed the nature of the relationship between Woeltz and the victim or whether any digital assets were ultimately compromised.
The incident only added to the growing concerns over the physical security risks faced by people involved in the cryptocurrency space. Reports of kidnappings and extortion targeting crypto holders have risen sharply, particularly in France, where high-profile individuals are increasingly turning to private security.
Private security firm Infinite Risks International confirmed that there has been a surge in demand for bodyguards and long-term protection services from crypto entrepreneurs. In response, French authorities also rolled out enhanced protective measures, including fast-tracked police assistance and security briefings for those in the crypto industry.
The issue gained some urgency after multiple incidents over the past few years. This includes the January 2025 kidnapping of Ledger co-founder David Balland, who was rescued by French law enforcement after being held for several days. Similarly, in May, the father of an unnamed crypto entrepreneur was freed during a police raid in a Paris suburb after being kidnapped by organized criminals.
Tourist Drugged and Robbed of $123K in Bitcoin
An American tourist visiting London also recently reportedly lost $123,000 in Bitcoin after being drugged and robbed by a person impersonating a taxi driver. Jacob Irwin-Cline, the victim, spent the evening at a local bar before attempting to take an Uber home. However, he mistakenly entered a different vehicle driven by someone who resembled his expected Uber driver. The man was posing as a legitimate driver, and allegedly offered Cline a cigarette that was likely laced with scopolamine, which is a powerful and uncommon sedative that is known for its ability to incapacitate victims.
(Source: MyLondon)
Cline recalled feeling immediately drowsy and soon passed out for approximately 30 minutes. When he regained consciousness, the driver abruptly told him to get out of the car.
As he stepped out, the driver sped off, striking him with the vehicle and fleeing the scene. The assailant made off with Cline’s cellphone, which held access to his cryptocurrency holdings, including private keys and wallet applications. The theft amounted to a staggering $123,000 in stolen Bitcoin.
The incident also added to the growing list of alarming cases involving crypto-related crimes targeting unsuspecting individuals and well known figures in the digital asset industry. With an increasing number of crypto users carrying sensitive financial data on mobile devices, this attack shed some light on the rising risks and the urgent need for caution when navigating the digital space and the real world.
Investor Loses $2.6M in Double Crypto Scam
Kidnappings are not the only crimes people in the crypto space should be looking out for. A single crypto investor reportedly fell victim to two scams in just three hours, which caused them to lose a staggering $2.6 million in USDT (Tether) through an advanced form of on-chain phishing known as a zero-value transfer.
According to data shared by crypto compliance firm Cyvers on May 26, the victim first transferred $843,000 worth of USDT, followed by a second transaction totaling $1.75 million shortly after. The scam involved a deceptive tactic that exploits the structure of blockchain token transfers to trick users into sending funds to fraudulent addresses.
Zero-value transfers are a sophisticated phishing technique where attackers use the “From” function in token contracts to initiate transfers of zero tokens from the victim’s wallet to a spoofed address. Because the transaction amount is zero, it does not require the victim’s signature or approval, but it still appears in their on-chain transaction history. This subtle deception can mislead users into believing the address is trustworthy or familiar, increasing the chance that they later send real funds to the attacker.
(Source: Coinbase)
This method is seen as an evolution of the older address poisoning technique, in which attackers send small amounts of tokens from lookalike wallet addresses—often mimicking the beginning and end of a known address. Users who rely on partial matching or past transaction history may then accidentally send funds to these malicious addresses. When combined with zero-value transfers, this attack becomes even more convincing and difficult to detect.
The threat is growing across multiple blockchains. A study that was published in January 2025 revealed more than 270 million poisoning attempts on BNB Chain and Ethereum between July of 2022 and June of 2024. Of those, more than 6,000 attacks were successful, and resulted in over $83 million in total losses. In one high-profile case in 2023, a scammer used the zero-transfer technique to steal $20 million before being blacklisted by Tether.
Read More
Quantum Threat to Bitcoin: Q-Day May Arrive Early
Bitcoin Password Kidnapping Case Highlights Escalating Crypto Crime
Woeltz allegedly detained the victim for weeks in a luxury townhouse and subjected him to horrific abuse, including electric shocks and drug coercion. Meanwhile, in London, an American tourist lost $123,000 in Bitcoin after being drugged and robbed by a fake taxi driver. Adding to the concern, a crypto user was scammed twice in three hours, losing $2.6 million in USDT to a zero-value phishing attack.
Bitcoin Ransom Horror Unfolds in Manhattan
A Manhattan-based crypto investor was charged in a deeply disturbing case involving the alleged kidnapping and torture of a 28-year-old Italian man, in an apparent attempt to steal access to his Bitcoin wallet. The accused, John Woeltz, was arraigned on Saturday in Manhattan criminal court and faces four felony charges, including kidnapping for ransom.
The incident reportedly took place inside a luxury Soho townhouse rented for $30,000 per month, where the victim claims he was held captive for several weeks beginning shortly after his arrival in the US on May 6.
According to law enforcement and reporting by The New York Times, Woeltz and an unidentified accomplice allegedly seized the man’s passport and electronic devices and demanded his Bitcoin wallet password. When the man refused to comply, he was subjected to a horrifying ordeal that included being beaten, electroshocked, assaulted with a firearm, and even dangled from upper floors of the five-story townhouse.
The victim also stated that Woeltz used a saw to injure his leg and forced him to smoke crack cocaine. Threats were reportedly made against the man’s family as well. Investigators found photographic evidence, including Polaroid pictures inside the residence, which appeared to corroborate the victim’s claims of sustained abuse.
The victim managed to escape on Friday and contacted authorities, which led to Woeltz’s arrest. At his court appearance, Woeltz pleaded not guilty and was ordered to be held without bail by Judge Eric Schumacher. He is due back in court on May 28. Police also detained a 24-year-old woman in connection with the case, but no formal charges against her appear in the court’s public records, and she was seen walking freely in New York the next day.
Authorities have not revealed the nature of the relationship between Woeltz and the victim or whether any digital assets were ultimately compromised.
The incident only added to the growing concerns over the physical security risks faced by people involved in the cryptocurrency space. Reports of kidnappings and extortion targeting crypto holders have risen sharply, particularly in France, where high-profile individuals are increasingly turning to private security.
Private security firm Infinite Risks International confirmed that there has been a surge in demand for bodyguards and long-term protection services from crypto entrepreneurs. In response, French authorities also rolled out enhanced protective measures, including fast-tracked police assistance and security briefings for those in the crypto industry.
The issue gained some urgency after multiple incidents over the past few years. This includes the January 2025 kidnapping of Ledger co-founder David Balland, who was rescued by French law enforcement after being held for several days. Similarly, in May, the father of an unnamed crypto entrepreneur was freed during a police raid in a Paris suburb after being kidnapped by organized criminals.
Tourist Drugged and Robbed of $123K in Bitcoin
An American tourist visiting London also recently reportedly lost $123,000 in Bitcoin after being drugged and robbed by a person impersonating a taxi driver. Jacob Irwin-Cline, the victim, spent the evening at a local bar before attempting to take an Uber home. However, he mistakenly entered a different vehicle driven by someone who resembled his expected Uber driver. The man was posing as a legitimate driver, and allegedly offered Cline a cigarette that was likely laced with scopolamine, which is a powerful and uncommon sedative that is known for its ability to incapacitate victims.
(Source: MyLondon)
Cline recalled feeling immediately drowsy and soon passed out for approximately 30 minutes. When he regained consciousness, the driver abruptly told him to get out of the car.
As he stepped out, the driver sped off, striking him with the vehicle and fleeing the scene. The assailant made off with Cline’s cellphone, which held access to his cryptocurrency holdings, including private keys and wallet applications. The theft amounted to a staggering $123,000 in stolen Bitcoin.
The incident also added to the growing list of alarming cases involving crypto-related crimes targeting unsuspecting individuals and well known figures in the digital asset industry. With an increasing number of crypto users carrying sensitive financial data on mobile devices, this attack shed some light on the rising risks and the urgent need for caution when navigating the digital space and the real world.
Investor Loses $2.6M in Double Crypto Scam
Kidnappings are not the only crimes people in the crypto space should be looking out for. A single crypto investor reportedly fell victim to two scams in just three hours, which caused them to lose a staggering $2.6 million in USDT (Tether) through an advanced form of on-chain phishing known as a zero-value transfer.
According to data shared by crypto compliance firm Cyvers on May 26, the victim first transferred $843,000 worth of USDT, followed by a second transaction totaling $1.75 million shortly after. The scam involved a deceptive tactic that exploits the structure of blockchain token transfers to trick users into sending funds to fraudulent addresses.
Zero-value transfers are a sophisticated phishing technique where attackers use the “From” function in token contracts to initiate transfers of zero tokens from the victim’s wallet to a spoofed address. Because the transaction amount is zero, it does not require the victim’s signature or approval, but it still appears in their on-chain transaction history. This subtle deception can mislead users into believing the address is trustworthy or familiar, increasing the chance that they later send real funds to the attacker.
(Source: Coinbase)
This method is seen as an evolution of the older address poisoning technique, in which attackers send small amounts of tokens from lookalike wallet addresses—often mimicking the beginning and end of a known address. Users who rely on partial matching or past transaction history may then accidentally send funds to these malicious addresses. When combined with zero-value transfers, this attack becomes even more convincing and difficult to detect.
The threat is growing across multiple blockchains. A study that was published in January 2025 revealed more than 270 million poisoning attempts on BNB Chain and Ethereum between July of 2022 and June of 2024. Of those, more than 6,000 attacks were successful, and resulted in over $83 million in total losses. In one high-profile case in 2023, a scammer used the zero-transfer technique to steal $20 million before being blacklisted by Tether.
Read More