The cryptocurrency industry is grappling with two alarming security incidents that show both the physical and digital risks facing modern investors. In New York, a second suspect tied to the high-profile kidnapping and abuse of Italian crypto investor Michael Carturan is reportedly preparing to surrender, deepening an already complex international investigation. Meanwhile, a separate case reported by compliance firm Cyvers highlights a stealthy onchain phishing attack that drained $2.6 million in stablecoins from a single wallet within hours. 

Second Suspect in Shocking NYC Crypto Kidnapping Expected to Surrender as Grisly New Details Emerge

A second man tied to the disturbing kidnapping and torture of Italian crypto investor Michael Valentino Teofrasto Carturan in a Manhattan townhouse is expected to turn himself in to authorities, according to multiple local news reports. 

The unnamed suspect, a Swiss national and alleged co-founder of a crypto trading firm, is believed to have assisted his business partner, Joel Woeltz — a man prosecutors have dubbed the “crypto king of Kentucky” — in orchestrating the violent plot aimed at extracting Carturan’s crypto wallet seed phrase.

The case has shaken the crypto community and stunned New York’s financial and tech elite with its violent details and surreal setting: a lavish Soho apartment allegedly turned into a “high-end frat house,” complete with stripper poles and luxury liquor, and, for at least one victim, a scene of nightmarish abuse.

<iframe width=”560” height=”315” src=”https://www.youtube.com/embed/PrUOfpYHgFg?si=vDA-HZ5qxDcbqvYz” title=”YouTube video player” frameborder=”0” allow=”accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share” referrerpolicy=”strict-origin-when-cross-origin” allowfullscreen></iframe>

While an NBC report on May 26 stated the Swiss suspect had not yet surrendered but planned to do so within a week, FOX5 New York cited conflicting sources claiming the man may already be in custody. His identity has not been released publicly, though The New York Post revealed he is a co-founder of a Swiss trading firm with business ties to Woeltz.

The emerging international angle adds yet another layer of complexity to the high-profile case, which already involves cross-border financial networks, alleged crypto wealth in the tens of millions, and a chilling escape from captivity in broad daylight.

The investigation began in earnest after Carturan, a 28-year-old crypto investor from Italy, managed to escape from the luxury Soho townhouse where he was allegedly held captive for 17 days. According to reports by CNN, May 23 was meant to be Carturan’s “death day” — a final deadline to turn over his wallet credentials or face death.

Carturan surrounded by local police (Source: la Repubblica)

In a final moment of desperation, Carturan agreed to hand over the seed phrase to his crypto wallet, estimated to contain part of his $30 million net worth. When he asked to retrieve his laptop from another room, his captor, Joel Woeltz, briefly turned his back, giving Carturan the split-second opportunity to bolt. Barefoot and terrified, he ran outside and flagged down a traffic officer, videos of which were later circulated widely by local news outlets.

A House of Horror in Soho

Following Carturan’s escape, police raided the five-story luxury residence and arrested Woeltz on-site. He remains in custody facing multiple felony charges, including kidnapping, assault, and unlawful imprisonment, with his next court appearance scheduled for May 28.

Investigators uncovered harrowing evidence inside the apartment, which was described as both opulent and chaotic. According to the New York Post, police discovered Polaroid photographs of Carturan tied to a chair, one with a firearm pressed to his head. Other evidence suggests he was electrocuted, beaten, forced to smoke crack cocaine, urinated on, and subjected to threats involving an electric chainsaw held to his leg. His feet were reportedly tased while submerged in water.

NBC New York reported that the kidnappers allegedly stole Carturan’s passport shortly after his arrival on May 6 and began a prolonged campaign of torture in an effort to obtain the seed phrase to his cryptocurrency holdings.

The main suspect, Joel Woeltz, has gained notoriety in crypto circles under the nickname “crypto king of Kentucky.” Described as flamboyant and well-connected, Woeltz reportedly operated in elite financial and digital asset communities and is said to have business interests spanning multiple jurisdictions.

His assistant, Beatrice Folchi, an Italian national, was also detained during the early stages of the investigation but was later released. As of now, no charges have been brought against her.

Fallout and Questions for Crypto Security

The Carturan case is one of the most violent physical attacks on a crypto investor in recent US history and has reignited debates around digital asset security, the risks of peer-to-peer financial dealings, and the psychological warfare that can arise when fortunes are secured only by a seed phrase.

With one alleged co-conspirator behind bars and another reportedly cooperating with law enforcement, the investigation is expected to widen in scope, potentially encompassing global jurisdictions and digital asset tracing.

The disturbing ordeal also highlights a chilling reality: unlike traditional bank accounts with institutional oversight, crypto wallets protected solely by seed phrases make individuals uniquely vulnerable if targeted, a fact that is increasingly exploited by sophisticated criminals.

Authorities have not yet disclosed the current status of Carturan’s crypto holdings or whether the perpetrators succeeded in accessing any of his assets.

$2.6M Gone in Hours: Crypto Investor Scammed Twice in One Day by Sophisticated Onchain Phishing Scheme

In related news, a crypto investor has fallen victim to a devastating double blow, losing a staggering $2.6 million worth of stablecoins within a three-hour window due to a stealthy and highly advanced form of blockchain-based phishing known as a zero-value transfer attack. The incident was flagged by crypto compliance firm Cyvers on May 26 and is the latest reminder of just how complex and dangerous the evolving world of crypto scams has become.

According to Cyvers, the victim first lost approximately $843,000 in USDt (Tether), one of the most widely used stablecoins in crypto, followed by a second, even larger transfer of $1.75 million, also in USDT. Both transfers were made within three hours, with no indication the victim realized they had been compromised until it was too late.

At the heart of the incident is an attack vector that’s as insidious as it is deceptive: zero-value transfers. This method, Cyvers says, is among the most refined versions of “onchain phishing” used today.

Zero-value transfers take advantage of a feature in many blockchain token standards — like Ethereum’s ERC-20 — where it is possible to initiate a transfer of tokens from one wallet to another with a value of “zero.” Unlike conventional token transfers, these zero-value transactions require no private key signature from the sender. As a result, attackers can initiate transactions that appear in the victim’s transaction history, all without the victim doing anything.

The attacker will typically forge a transfer that appears to come from the victim's own address or from a known or trusted contact. When the victim later consults their transaction history to double-check a wallet address before sending funds, they may mistakenly select the attacker’s spoofed address, believing it to be safe.

“Address Poisoning” Evolved

This strategy is widely seen as a sophisticated evolution of a technique known as address poisoning, where attackers send tiny amounts of crypto from addresses that closely resemble the victim’s own. The similarity, often replicating the beginning and end of a wallet address, is meant to lull the victim into thinking the address is trustworthy, especially when copy-pasting from transaction history.

In the case of zero-value transfers, the deception is even more potent. Because the transaction appears legitimate in the blockchain ledger and mimics a prior action, victims may treat it as a verified address and unwittingly send large sums to it.

This isn’t the first time a zero-value transfer scam has resulted in eye-watering losses. In mid-2023, a single attacker reportedly stole $20 million worth of USDT using the same method before being blacklisted by Tether, the stablecoin’s issuer.

That high-profile case prompted wallet providers and analytics firms to issue warnings about the growing prevalence of address-based phishing attacks on major blockchains like Ethereum and BNB Chain.

Poisoning on the Rise Across Chains

The risk isn’t isolated. A joint January 2025 study by cybersecurity firm Trugard and onchain safety protocol Webacy found that over 270 million poisoning attempts occurred between July 1, 2022, and June 30, 2024. These attempts spanned across Ethereum and BNB Chain alone.

Of those, more than 6,000 attempts were successful, leading to confirmed losses exceeding $83 million. The report emphasized that most attacks were preventable if users had properly verified wallet addresses before sending funds.

The cryptocurrency industry is grappling with two alarming security incidents that show both the physical and digital risks facing modern investors. In New York, a second suspect tied to the high-profile kidnapping and abuse of Italian crypto investor Michael Carturan is reportedly preparing to surrender, deepening an already complex international investigation. Meanwhile, a separate case reported by compliance firm Cyvers highlights a stealthy onchain phishing attack that drained $2.6 million in stablecoins from a single wallet within hours. 

Second Suspect in Shocking NYC Crypto Kidnapping Expected to Surrender as Grisly New Details Emerge

A second man tied to the disturbing kidnapping and torture of Italian crypto investor Michael Valentino Teofrasto Carturan in a Manhattan townhouse is expected to turn himself in to authorities, according to multiple local news reports. 

The unnamed suspect, a Swiss national and alleged co-founder of a crypto trading firm, is believed to have assisted his business partner, Joel Woeltz — a man prosecutors have dubbed the “crypto king of Kentucky” — in orchestrating the violent plot aimed at extracting Carturan’s crypto wallet seed phrase.

The case has shaken the crypto community and stunned New York’s financial and tech elite with its violent details and surreal setting: a lavish Soho apartment allegedly turned into a “high-end frat house,” complete with stripper poles and luxury liquor, and, for at least one victim, a scene of nightmarish abuse.

<iframe width=”560” height=”315” src=”https://www.youtube.com/embed/PrUOfpYHgFg?si=vDA-HZ5qxDcbqvYz” title=”YouTube video player” frameborder=”0” allow=”accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share” referrerpolicy=”strict-origin-when-cross-origin” allowfullscreen></iframe>

While an NBC report on May 26 stated the Swiss suspect had not yet surrendered but planned to do so within a week, FOX5 New York cited conflicting sources claiming the man may already be in custody. His identity has not been released publicly, though The New York Post revealed he is a co-founder of a Swiss trading firm with business ties to Woeltz.

The emerging international angle adds yet another layer of complexity to the high-profile case, which already involves cross-border financial networks, alleged crypto wealth in the tens of millions, and a chilling escape from captivity in broad daylight.

The investigation began in earnest after Carturan, a 28-year-old crypto investor from Italy, managed to escape from the luxury Soho townhouse where he was allegedly held captive for 17 days. According to reports by CNN, May 23 was meant to be Carturan’s “death day” — a final deadline to turn over his wallet credentials or face death.

Carturan surrounded by local police (Source: la Repubblica)

In a final moment of desperation, Carturan agreed to hand over the seed phrase to his crypto wallet, estimated to contain part of his $30 million net worth. When he asked to retrieve his laptop from another room, his captor, Joel Woeltz, briefly turned his back, giving Carturan the split-second opportunity to bolt. Barefoot and terrified, he ran outside and flagged down a traffic officer, videos of which were later circulated widely by local news outlets.

A House of Horror in Soho

Following Carturan’s escape, police raided the five-story luxury residence and arrested Woeltz on-site. He remains in custody facing multiple felony charges, including kidnapping, assault, and unlawful imprisonment, with his next court appearance scheduled for May 28.

Investigators uncovered harrowing evidence inside the apartment, which was described as both opulent and chaotic. According to the New York Post, police discovered Polaroid photographs of Carturan tied to a chair, one with a firearm pressed to his head. Other evidence suggests he was electrocuted, beaten, forced to smoke crack cocaine, urinated on, and subjected to threats involving an electric chainsaw held to his leg. His feet were reportedly tased while submerged in water.

NBC New York reported that the kidnappers allegedly stole Carturan’s passport shortly after his arrival on May 6 and began a prolonged campaign of torture in an effort to obtain the seed phrase to his cryptocurrency holdings.

The main suspect, Joel Woeltz, has gained notoriety in crypto circles under the nickname “crypto king of Kentucky.” Described as flamboyant and well-connected, Woeltz reportedly operated in elite financial and digital asset communities and is said to have business interests spanning multiple jurisdictions.

His assistant, Beatrice Folchi, an Italian national, was also detained during the early stages of the investigation but was later released. As of now, no charges have been brought against her.

Fallout and Questions for Crypto Security

The Carturan case is one of the most violent physical attacks on a crypto investor in recent US history and has reignited debates around digital asset security, the risks of peer-to-peer financial dealings, and the psychological warfare that can arise when fortunes are secured only by a seed phrase.

With one alleged co-conspirator behind bars and another reportedly cooperating with law enforcement, the investigation is expected to widen in scope, potentially encompassing global jurisdictions and digital asset tracing.

The disturbing ordeal also highlights a chilling reality: unlike traditional bank accounts with institutional oversight, crypto wallets protected solely by seed phrases make individuals uniquely vulnerable if targeted, a fact that is increasingly exploited by sophisticated criminals.

Authorities have not yet disclosed the current status of Carturan’s crypto holdings or whether the perpetrators succeeded in accessing any of his assets.

$2.6M Gone in Hours: Crypto Investor Scammed Twice in One Day by Sophisticated Onchain Phishing Scheme

In related news, a crypto investor has fallen victim to a devastating double blow, losing a staggering $2.6 million worth of stablecoins within a three-hour window due to a stealthy and highly advanced form of blockchain-based phishing known as a zero-value transfer attack. The incident was flagged by crypto compliance firm Cyvers on May 26 and is the latest reminder of just how complex and dangerous the evolving world of crypto scams has become.

According to Cyvers, the victim first lost approximately $843,000 in USDt (Tether), one of the most widely used stablecoins in crypto, followed by a second, even larger transfer of $1.75 million, also in USDT. Both transfers were made within three hours, with no indication the victim realized they had been compromised until it was too late.

At the heart of the incident is an attack vector that’s as insidious as it is deceptive: zero-value transfers. This method, Cyvers says, is among the most refined versions of “onchain phishing” used today.

Zero-value transfers take advantage of a feature in many blockchain token standards — like Ethereum’s ERC-20 — where it is possible to initiate a transfer of tokens from one wallet to another with a value of “zero.” Unlike conventional token transfers, these zero-value transactions require no private key signature from the sender. As a result, attackers can initiate transactions that appear in the victim’s transaction history, all without the victim doing anything.

The attacker will typically forge a transfer that appears to come from the victim's own address or from a known or trusted contact. When the victim later consults their transaction history to double-check a wallet address before sending funds, they may mistakenly select the attacker’s spoofed address, believing it to be safe.

“Address Poisoning” Evolved

This strategy is widely seen as a sophisticated evolution of a technique known as address poisoning, where attackers send tiny amounts of crypto from addresses that closely resemble the victim’s own. The similarity, often replicating the beginning and end of a wallet address, is meant to lull the victim into thinking the address is trustworthy, especially when copy-pasting from transaction history.

In the case of zero-value transfers, the deception is even more potent. Because the transaction appears legitimate in the blockchain ledger and mimics a prior action, victims may treat it as a verified address and unwittingly send large sums to it.

This isn’t the first time a zero-value transfer scam has resulted in eye-watering losses. In mid-2023, a single attacker reportedly stole $20 million worth of USDT using the same method before being blacklisted by Tether, the stablecoin’s issuer.

That high-profile case prompted wallet providers and analytics firms to issue warnings about the growing prevalence of address-based phishing attacks on major blockchains like Ethereum and BNB Chain.

Poisoning on the Rise Across Chains

The risk isn’t isolated. A joint January 2025 study by cybersecurity firm Trugard and onchain safety protocol Webacy found that over 270 million poisoning attempts occurred between July 1, 2022, and June 30, 2024. These attempts spanned across Ethereum and BNB Chain alone.

Of those, more than 6,000 attempts were successful, leading to confirmed losses exceeding $83 million. The report emphasized that most attacks were preventable if users had properly verified wallet addresses before sending funds.