The scheme was not complicated, which is part of what makes it so troubling. Someone calls you or sends a message. They say they are from Google, or from Trezor, or from your cryptocurrency exchange's support team. They tell you that your account has been compromised — that someone, right now, is trying to drain your wallet. They are calm, authoritative, and very convincing. And then, while you believe you are following their instructions to protect yourself, you hand them everything. That is how Trenton Richard Johnston and his associates stole more than thirteen million dollars in cryptocurrency, and it is the same social engineering playbook that is draining crypto wallets across North America every week.

Johnston, a Canadian who was nineteen at the time the scheme began, has now pleaded guilty in Miami to conspiracy to commit money laundering. U.S. court documents describe a coordinated operation that started in January 2024 and escalated quickly. An early target was deceived into believing his Google email and Coinbase accounts had been breached, allowing the group to steal roughly $41,000 in Ether. Within weeks, Johnston and his co-conspirators had identified a far larger opportunity. Posing as representatives of Google and hardware wallet maker Trezor, they persuaded a California resident that someone was actively attempting to access their cryptocurrency wallet. The victim transferred control of the account. Johnston's group drained it of approximately 185 bitcoin — worth around $13 million at the time.

What followed the theft was, by any measure, conspicuous. Court records show that within two months of the California heist, approximately $1.2 million of the stolen funds had been spent on luxury vehicles — including two BMWs and a Lamborghini Aventador SVJ — private jet travel, high-end rentals in Miami and Los Angeles, jewelry, and nightclub spending. Johnston had, by his own account in intercepted messages, made a fortune from targeting crypto holders. One text cited by prosecutors referred to a successful operation involving exactly 185 bitcoin. The digital trail was not difficult to follow.

The arrest came in March 2026, when Johnston was stopped during a traffic check in North Miami. He was a passenger in a white Rolls-Royce Cullinan. Deputies reported the smell of cannabis, found drug residue and suspected amphetamine tablets in a Hermès bag, and noted that multiple individuals in the vehicle described themselves as living off Johnston's money. The evidence had, by that point, already been building for two years. Brandon Tardibone, the owner of the exotic car rental business through which a significant portion of the proceeds flowed, also pleaded guilty to money laundering. Prosecutors have recommended 27 to 33 months for him, reflecting his more limited role compared to Johnston, for whom they have asked for 51 to 63 months.

Johnston's original charges — which included wire fraud counts that could have resulted in a maximum sentence of 40 years — were narrowed as part of a plea agreement conditional on his full cooperation. Sentencing has not yet been scheduled. He is expected to be deported to Canada once a sentence is served.

The broader context is one that cybersecurity professionals have been flagging with increasing urgency. Blockchain investigator ZachXBT documented at least $65 million in losses from social engineering attacks targeting Coinbase users alone during a two-month window at the end of 2024 and start of 2025. A separate Canadian case identified by ZachXBT involved a scammer who impersonated Coinbase support staff and stole over $2 million before spending the proceeds on gambling and luxury goods. A New York-based operator used nearly identical tactics to take more than $4 million from Coinbase customers. The technology enabling these attacks — including AI voice cloning and convincing fake verification interfaces — continues to improve faster than most users' ability to detect the deception.

Deddy Lavid, chief executive of blockchain security firm Cyvers, has argued that the standard industry response — educating users to spot impersonation attempts — is structurally insufficient. The sophistication of modern social engineering, he contends, demands that exchanges and custodians build intervention capability directly into the transaction layer: systems that flag suspicious destination wallets and anomalous transfer patterns before funds move, rather than after the damage is done. Johnston's case, with its neat paper trail and recoverable asset history, is in some ways an unusually tidy ending for this category of crime. Most victims never get that far.