FTX co-founder Sam Bankman-Fried (SBF) was dragged into the headlines after Zhang Rongxuan, a former captain in Singapore’s Naval Diving Unit, has been sentenced to six years and 10 months in prison for stealing crypto from a known associate. The 35-year-old Zhang allegedly stole 1.7 million Tether (USDT) from a friend’s cold wallet after sneaking into the victim’s apartment and photographing the device’s seed phrase. According to the accused, he needed the funds because of the heavy losses he took when FTX collapsed. Former Singapore officer steals crypto Zhang Rongxuan, 35, has pleaded guilty to charges including gaining illegal access and misuse of a computer system. The court heard that he stole approximately 1.7 million Tether (USDT) from a 30-year-old Chinese national’s cold wallet. Zhang met the victim through a mutual friend in June 2022. The cold wallet was something the victim mentioned to Zhang in casual conversation. The victim had deposited the funds into a Ledger Nano X hardware wallet on December 14, 2022, and kept the 24-word seed phrase that grants access to the crypto on a piece of paper hidden in his bedroom wardrobe. On December 18, 2022, the victim invited Zhang and another friend to watch a football match. When a second guest arrived, Zhang offered to go downstairs to let him in. The victim handed over his apartment access card, and Zhang never returned it. Thirteen days later, on New Year’s Eve, the three met again at Marina Bay to watch fireworks. After the victim left his apartment, Zhang used the access card to sneak inside. He found the cold wallet and the paper with the seed phrase inside a storage box, took photos of the recovery phrase, and left everything in place. By January 1, 2023, Zhang had used the seed phrase to drain all 1.7 million USDT from the wallet into his own accounts. The victim didn’t discover the theft until March 23, 2023, when he filed a police report and hired blockchain security firm SlowMist, which traced the funds back to Zhang. What did Zhang do with the money? Zhang spent the stolen funds on luxury items, gambling and paying off his debt. Court documents show he bought an Audi A5 and several luxury watches. He paid off roughly S$115,449 in remaining mortgage on his public housing flat. He also invested S$200,000 in shares of DiGi Selection Holdings, a company tied to a non-fungible token platform he co-ran with the victim. But Zhang lost a majority of the money, approximately S$1.57 million, to licensed betting outlets and illegal online gambling. When confronted about the theft , Zhang admitted it and made excuses that he had suffered heavy losses from the collapse of FTX and that the financial pressure drove him to steal. Zhang faced 16 charges under Singapore’s Computer Misuse Act and the Corruption, Drug Trafficking and Serious Crimes (Confiscation of Benefits) Act and pleaded guilty to six. The remaining charges were taken into consideration during sentencing. Police managed to seize some of the assets, including some luxury watches, the Audi, and approximately S$130,000 in bank deposits. Zhang transferred his company shares back to the victim but made no other restitution. Singapore’s Ministry of Defense confirmed to Zaobao that Zhang is no longer a member of the Singapore Armed Forces. Physical access is becoming a major crypto security risk The Singapore case highlights a growing vulnerability in the crypto industry called “wrench attacks” involving the use of physical access, stealth, or violence to steal seed phrases or hardware wallets. In the United States, Marlon Ferro, a 20-year-old Californian, was recently sentenced to 78 months in federal prison for breaking into homes to steal hardware wallets as part of a $250 million crypto theft ring allegedly led by Singaporean Malone Lam. Deputy Attorney General Jeanine Pirro said Ferro “served as the criminal enterprise’s instrument of last resort” when remote hacking and social engineering failed. Cryptopolitan previously reported that France has been labeled the global capital of crypto kidnappings, with at least 19 of these wrench attacks recorded in 2025 and six more in the first weeks of 2026. Cold storage protects against remote hacking, but it cannot protect against someone who gains physical access to a seed phrase, whether by stealth, burglary, or force. If you're reading this, you’re already ahead. Stay there with our newsletter .
