A 23-year-old man from Sheepshead Bay, Brooklyn, was charged with a complicated phishing scheme that allegedly stole about $16 million from Coinbase users.

Brooklyn District Attorney Eric Gonzalez charged Ronald Spektor with using the digital assets of unsuspecting investors as his own personal bank. The DA’s Virtual Currency Unit says that a nationwide “social engineering” operation went after victims.

The indictment says that fear and haste were the main reasons for the plot. Spektor is said to have pretended to be Coinbase customer support. His story was simple but powerful: their accounts had been hacked or were about to be hacked.

Spektor is said to have tricked victims into giving him remote access to their computers or sensitive login passwords by telling them he needed to “secure” their money once they were scared. In fact, he did the opposite. It was said that wallets were emptied when people came in.

District Attorney Gonzalez said, “This indictment charges the defendant of operating a long-running social engineering scam that amounted to a digital robbery,” stressing the breach.

The first step was to take the crypto. The money was moved illegally and then cleaned up in a complicated way. The assets were “swapped” between decentralized and centralized exchanges to hide the theft.

The investigators put the money into “cash-out locations,” where it could be traded for other cryptocurrencies, used for online betting, or taken out as cash. Even though he tried to hide his digital footprint, investigators were able to find him at his father’s home in Brooklyn through transaction records and blockchain analysis.

As the case proceeds in the New York State Supreme Court, crypto investors should remember that reputable exchanges would never ask for remote access or your password to “rescue” your account.