How the FBI tracked down a pair of 20 year old “rug pullers”

During the in-class discussion on cryptocurrency and NFT’s it was mentioned that federal authorities in many countries had been making strides in catching fraudsters. However, given the theme of anonymity that runs through cryptocurrency, I became curious as to how the authorities actually find these scammers and then prove these cryptocurrency frauds.

A recent example of a “rug pull” is that of Ethan Nguyen and Adre Llacuna from Los Angeles who now face fraud and money laundering charges for their role in a $1.1 million scheme involving NFTs. This is one of the first actions the FBI has taken to rein in this booming asset class which is now estimated to be worth an estimated 40 billion.

A recent study by Chainanalysis concluded that rug pulls have emerged as the go-to scam of the DeFi ecosystem, accounting for 37% of all cryptocurrency scam revenue in 2021, versus just 1% in 2020. It is estimated that “rug pulls” resulted in $2.8 billion worth of cryptocurrency being taken from victims in 2021. As such, it is clear that authorities in both Canada and the United States are behind in addressing consumer concerns regarding cryptocurrency and NFT scams. However, the arrest of these 2 individuals represents at least an attempt by authorities to stop some of the fraud taking place.

Ethan Nguyen and Andre Llacuna allegedly earned around $1.1 million by selling non-fungible tokens (or NFTs) based on cartoon-like characters called “Frosties.” After selling the NFTs, they shut down the project and transferred its funds to a series of separate crypto wallets. As such, many consumers were left “holding the bag.” According to the FBI, the pair were currently planning another scheme right before they were caught!

It was explained in the article on that the alleged fraudsters attempted to cover up the scam by using Tornado Cash, which is a “mixer” or “tumbler” that as explained in class, makes it possible to transfer cryptocurrency from one wallet to another without creating obvious links between them. Someone inspecting the blockchain would just see one wallet depositing crypto into the Tornado protocol, with no way of linking it to the wallet that eventually receives the funds. As a result, the FBI subpoenaed Discord, Coinbase, Metamask, Citibank, OpenSea, GoDaddy, T- Mobile, Charter Communications, Bitpay, Fiverr, and PayPal. According to the complaint, Nguyen was identified after the same IP that accessed his Discord account was used to conduct business on a Coinbase account registered to him. Llacuna was identified after the phone number and email address he registered in his Discord was linked to a Coinbase account registered to him. Once the authorities had these links, they were able to uncover other corroborating evidence. Nguyen used a Citibank credit card to register the Frosties website, buy a VPN in an attempt to mask his IP address, and pay for a freelance artist on Fiverr to design the art for the project and the website. Llacuna accessed his Discord account, under the username “heyandre,” from the same IP address used to access his Opensea account, which included his email address and an ENS registration for the “cryptoandre.eth” domain.

While the fraudsters were able to hide the money trail on the blockchain, they were unable to get past the reality that interactions with banks or exchanges often lead back to a real identity because of Know-Your-Consumer Requirements. Additionally, the alleged criminal while sophisticated in NFT’s apparently registered many of these accounts under the same email address which contained part of their legal names.

One interesting and funny part of the criminal complaint is that the fraudsters’ discord names were included. ETHAN NGUYEN, a/k/a “Frostie,” a/k/a “Jakefiftyeight,” a/k/a “Jobo,” a/k/a “Joboethan,” a/k/a “Meltfrost,” and ANDRE LLACUNA, a/k/a “heyandre,” were named as the defendants. If anyone is interested in reading the criminal complaint it can be accessed here:

This post was written by Ryan Buchanan


Leave a Reply

To use reCAPTCHA you must get an API key from