A 21-year-old man from Indiana has pleaded guilty to charges related to a cyber intrusion that took place in February 2022.

The U.S. Department of Justice (DOJ) reports that cybercriminals often use tactics like phishing, email infections, and SQL injection to break into computer systems. Their goal? To cause harm or steal sensitive information.

Evan Frederick Light illegally accessed the personal identifiable information (PII) of a client from a South Dakota-based investment holding company. He then used this information to compromise the company’s servers, gaining unauthorized access to the PII of hundreds of other clients. In total, he stole over $37 million in cryptocurrency from around 600 victims.

To hide his identity and launder the stolen funds, Light turned to mixing services and gambling websites.

U.S. Attorney Alison J. Ramsdell commented, “This defendant tried to hide in the shadows of a cyber underworld. He was not beyond our reach. Today’s guilty verdicts remind us that we will bring cyber criminals to justice, no matter how sophisticated their crimes may be.”

Light faces charges of conspiracy to commit wire fraud and conspiracy to launder monetary instruments. The DOJ noted that he acted with one or more unidentified accomplices.