Even the ex-boyfriend of ChatGPT's creator was scammed of millions of dollars, how crazy can online scams get

Just this month, the cryptocurrency industry has seen at least three serious real-world robberies.

For criminals, forcing someone to reveal their cryptocurrency wallet password is apparently quicker and easier than robbing someone's home of all cash or bank card PIN.

What's even worse is that the lifestyle of people in crypto itself is very "highly exposed": flaunting wealth on social media, appearing at conferences, being mentioned in articles, using insecure Wi-Fi, or even just attending an industry event... All of these leave clues in the shadows, telling others which "crypto asset millionaire" is worth targeting.

Sam Altman's Ex-Boyfriend Targeted in Home Robbery

Several streets near Mission Dolores in San Francisco are part of a community belonging to Silicon Valley's capital and tech nouveau riche. Mark Zuckerberg once owned a $31 million mansion near the intersection. And this home robbery took place in this community of tech elites.

The surveillance footage from that day showed a man wearing a dark hoodie, sunglasses, and gloves, carrying a white box, slowly walking towards the front door along a clean sidewalk. His pace was steady and natural, like a regular package delivery person.

Suspect under homeowner's surveillance footage, image source NY Post

Only one detail in the surveillance footage revealed an anomaly: as he approached the camera, he deliberately turned his head to keep his face in the shadow, the doorbell rang twice.

"Looking for Joshua, got a package that needs signing." The suspect's voice was calm, without any emotional fluctuations.

The homeowner heard a noise and opened the door. The suspect continued to follow the script: rummaging through pockets, pretending to not find a pen, and then opportunely asking, "Can I borrow one of your pens?" It was just such an ordinary action, but in that moment when the homeowner turned around, the suspect lifted his foot and stepped inside.

Subsequently, the police report described the incident with restraint: the suspect brandished a gun, bound the victim with duct tape, and threatened to force the victim to disclose the access to their encrypted wallet.

What actually took place was far more brutal than this official language implies. According to sources familiar with the matter, the suspect did more than just threaten. After binding the victim, they opened a hands-free phone, allowing another accomplice with a foreign accent on the other end to read out the victim's personal information line by line. At the same time, the gunman physically assaulted the victim inside the house to verify if the victim provided the "correct password." This was a meticulously designed form of torture—ensuring the victim, in extreme fear, dared not lie.

For a full ninety minutes, the suspect emptied all of the victim's cold and hot wallets using this method. The suspect took away the victim's phone, computer, and ultimately transferred approximately $11 million in cryptocurrency before fleeing.

When the police arrived, the homeowner was covered in bruises but remained conscious.

But as mentioned earlier, those who lived in this neighborhood are not ordinary people. As the media became involved, the victim's identity surfaced. The homeowner is 31-year-old Lachy Groom, a former executive at the payment company Stripe and seemingly a billionaire. He is also the former boyfriend of OpenAI co-founder Sam Altman, with whom he had a discreet relationship before Altman's marriage in 2024.

Sam Altman and Lachy Groom in a 2014 social media photo

The house where Lachy Groom currently resides was purchased in 2021 for $1.8 million from Sam Altman's brother. The media has confirmed that Joshua (the name the suspect initially used as a delivery signee) residing in this four-bedroom house is also an investor in Silicon Valley circles.

Therefore, this was clearly a meticulously planned, precisely targeted "physical attack." The suspect evidently had knowledge of the homeowner's name, address, routine, and even the assets possibly stored inside the house.

This case gained significant exposure after another friend of the victim, Y Combinator CEO Garry Tan, shared residential surveillance footage on social media. In the post, he wrote, "Time is of the essence, we must find him." Although this tweet was quickly deleted, the ensuing discussion rapidly spread within the San Francisco tech and crypto community.

Mock Grenade Robbery at a Cryptocurrency Exchange Office

Bank robberies are quite common in heist plots, but a robbery at a cryptocurrency exchange office is certainly a rare occurrence.

November in St. Petersburg is usually colder and wetter than other months. On the evening of November 22, in a cryptocurrency exchange platform located in an apartment-style hotel building, with not a particularly crowded scene, a 21-year-old young man pushed open the door.

He was dressed casually, carrying a bulky bag, appearing more like a walk-in customer for over-the-counter exchange.

It wasn't until the door closed behind him that he quickly pulled out two realistically shaped "grenades" from his bag, followed by two "bangs" echoing in the narrow space. Subsequently, a smoke bomb was lit, and a pungent white smoke swiftly spread, engulfing the entire office in chaos.

Through the thick smoke, his voice sounded anxious and trembling, "Transfer all the cryptocurrency assets in the platform to this wallet address!"

Fortunately, these simulated grenades burst like firecrackers in midair, with plastic beads exploding, creating a noisy impact on the walls but without causing any casualties.

However, the staff found themselves trapped between their seats and the walls, unable to see clearly if he had a real weapon or determine if there was something more dangerous behind the smoke bomb. Seconds stretched into what felt like minutes, computer screens flickering in the smoke, displaying backend asset balances, while the air was filled with only two sounds—the hiss of the smoke bomb and the suspect's rapid breathing.

From later descriptions by the police, this young man from the 47th district of Leningrad Oblast was unemployed and had no clear accomplices. It was evident that prior to bursting into the office, he had planned to some extent, possibly even confirming the office hours and floor location beforehand. Local residents' speculation was more straightforward: he may have suffered significant losses in the crypto market and this attempt to "recover his investment" seemed both reckless and desperate.

Fortunately, the chaos lasted only a few minutes. Before the smoke cleared, the St. Petersburg police and National Guard had already stormed the floor, swiftly cordoning off the entire area. The suspect was apprehended on the spot in the office, with no further injuries inflicted and no opportunity to coerce the staff into making transfers. Two additional unexploded simulated grenades were also found in his backpack.

When the bomb disposal expert arrived at the scene, it was confirmed that all the devices he had used were "tactical props" from a live-action role-playing game. These devices could not cause actual harm, but they could create enough intimidation and smoke effects. In other words, this was a robbery launched relying on "fake weapons" and "real panic," except he did not wait for the panic to take effect before being tackled to the ground by the police.

The 21-year-old man was subsequently investigated under Article 162 of the Russian Criminal Code (Robbery) and remained in custody. Neither the Ministry of Internal Affairs nor the local media publicly disclosed the specific name of the involved exchange platform, but a public map record showed that a cryptocurrency exchange platform named Yzex was indeed located in the building where the incident occurred.

The smell of smoke in the hallway had not dissipated by the next morning, and some beads that had been shaken loose by the explosion could be seen on the floor in the corner. It was a somewhat unprofessional yet absurd enough robbery, but it was enough to make cryptocurrency industry professionals, especially exchange platform employees, feel cautious.

Oxford Outskirts, Highway Hijacking

In November, with short days and long nights in the UK, moisture often descends on the outskirts of Oxford before twilight, sticking to the car windows like a thin mist. On the afternoon of the 4th, a car traveling from Oxford towards London was moving along a rural stretch between Kidlington and Yarnton.

There were five people in the car: three females and two males. They were all heading from the university town to London, and according to the original plan, they were supposed to arrive before dusk. The atmosphere in the car was relatively relaxed until a few minutes before the attack.

It wasn't until a black BMW saloon suddenly approached from behind that anyone paid attention, initially thinking it was just the usual impatience of a British driver. But the next second, another blue Hyundai Ioniq cut in from the side, forcing them to slowly squeeze the car towards the side of the road. As soon as the car stopped, several figures rushed out of the side door of a silver Mercedes-Benz Vito.

In the split second that the door was forcefully pulled open, the air was filled with nothing but heavy dread. The attackers were dressed in all black, with their faces covered by balaclavas, and not a single extra word was spoken, their actions as if rehearsed countless times. In less than thirty seconds, they had already taken positions inside the victims' car.

Robbery scene of the case

The robbers forced the driver to turn towards a more secluded area near Five Mile Drive. The space inside the car was so narrow that it was hard to breathe. Phones were taken one by one and thrown into the robbers' bags, with curses and suppressed sobs mingling in the confined space. One woman tried to stay calm, while another man kept nodding, almost instinctively following all orders, just hoping not to anger the masked individuals in front of him.

The robber's target was very clear, much more professional than a typical roadside robbery. They first stole a high-end watch worth £450,000, and just the weight and dial craftsmanship indicated it was a luxury item. Additionally, they took the mobile phones of the other terrified victims.

Subsequently, a man who appeared to be the leader held up the phones in front of the victims and said, "Unlock your wallet. Now." The victims had no choice but to enter their recovery phrase, verification code, and transaction confirmation, with each step being completed under the robber's watchful eye. The victims' fingers trembled slightly in fear, the screen light reflecting on their faces, sweat sliding down their temples.

The entire process lasted a long thirty minutes, and in the end, approximately £1.1 million (about $1.44 million) of cryptocurrency was forcibly transferred to a designated wallet.

After the confirmation sound of the funds being transferred played, the robbers didn't say much more. They stopped the car, opened the doors, and pushed each of the five individuals out of the vehicle. The location was the Five Mile Drive area of Oxford, surrounded by low residential buildings and the dusky blue evening light. The robbers then abandoned the car, got into another vehicle, and left at a speed that made it hard to realize the ordeal was over.

As the five victims stood by the roadside, their legs were still weak. One of them immediately called the police, their voice shaking to the point of being barely audible.

Over the next few days, the police's actions were rapid and intensive. Based on CCTV footage, phone records, and vehicle trajectories, the Thames Valley Police began simultaneous searches in London, Kent, and Birmingham. The black BMW, blue Ioniq, and that silver Mercedes-Benz Vito all became key subjects of the investigation.

Within a few short days, four perpetrators had been arrested, all of whom are currently on bail pending trial, but the police investigation is ongoing. This includes digital forensics, tracking of cryptocurrency flows, license plate recognition records, and extensive CCTV footage comparisons around the crime scene.

Such a criminal modus operandi has been classified in an internal report of the UK police as "New Type Organized High-Value Robbery."