Three men were sentenced at Sheffield Crown Court on November 18, 2024, following a June robbery where they stole over $4.3 million in cryptocurrency from a UK resident. The attackers posed as delivery drivers to gain entry and forced the victim to transfer funds under gunpoint. Nearly the entire haul was recovered by police after an investigation by blockchain analyst ZachXBT.
In June 2024, three individuals executed a robbery at a residential address in the United Kingdom, making off with more than $4.3 million worth of cryptocurrency. The perpetrators, including Faris Ali and two accomplices, disguised themselves as delivery drivers, complete with uniforms and a package, to approach the victim's door. The resident, anticipating a delivery, opened the entrance, allowing the group to force their way inside at gunpoint and compel the handover of private keys.
Under duress, the victim transferred the assets to two Ethereum addresses. The stolen cryptocurrency largely remained untouched in those wallets until authorities intervened. Blockchain investigator ZachXBT uncovered the scheme through on-chain analysis and leaked Telegram chat logs, which detailed the planning: the group shared photos of the building, confirmed their positions, and coordinated the ruse hours before the attack.
The operation stemmed from a crypto data breach that linked the victim's wallet holdings to their physical location, though the leak's exact origin was not specified. Weeks prior, Faris Ali had inadvertently revealed his identity by posting bail paperwork on Telegram. Post-robbery, an anonymous party registered the ENS domain farisali.eth and embedded an accusatory message on the Ethereum blockchain.
ZachXBT provided his findings to the victim, who passed them to law enforcement. The full investigation was published on October 10, 2024. On November 18, Sheffield Crown Court imposed sentences on the trio, with the Metropolitan Police recovering almost the complete amount. This incident highlights a rising trend of physical attacks on crypto holders in Western Europe, often enabled by data leaks exposing identities and assets to criminals.