Sam Bankman Fried (SBF), co-founder of FTX, was dragged into the headlines after Zhang Rongxuan, a former captain in a Singapore naval diving unit, was sentenced to six years and ten months in prison for stealing cryptocurrencies from a known associate.
35-year-old Zhang allegedly stole 1.7 million Tether (USDT) from a friend’s cold wallet after sneaking into the victim’s apartment and photographing the device’s seed phrase. According to the accused, he needed the money because of the huge losses he incurred when FTX collapsed.
Ex-Singapore officer steals cryptocurrencies
Zhang Rongxuan, 35, pleaded guilty to charges including illegally accessing and misusing a computer system. The court heard that he stole nearly 1.7 million tether (USDT) from the cold wallet of a 30-year-old Chinese national.
Zhang met the victim through a mutual friend in June 2022. The cold wallet was something the victim mentioned to Zhang in a casual conversation.
The victim deposited funds into a Ledger Nano
On December 18, 2022, the victim invited Zhang and another friend to watch a football match. When a second guest arrived, Zhang offered to come downstairs to let him in. The victim handed over the access card to his apartment, and Zhang never returned it.
Thirteen days later, on New Year’s Eve, the three met again at Marina Bay to watch the fireworks. After the victim left his apartment, Zhang used the access card to sneak inside. He found the cold wallet and the paper containing the seed phrase inside a storage box, took pictures of the recovery phrase, and left everything in place.
By January 1, 2023, Zhang had used the initial phrase to drain all $1.7 million from the wallet into his own accounts. The victim did not discover the theft until March 23, 2023, when he filed a police report and hired blockchain security firm SlowMist, which traced the funds to Zhang.
What did Zhang do with the money?
Zhang spent the stolen money on luxury goods, gambling, and paying off his debts. Court documents show he bought an Audi A5 and several luxury watches.
He has paid off approximately S$115,449 of the remaining mortgage on his public housing flat. He also invested S$200,000 in shares of DiGi Selection Holdings, a company linked to a non-fungible token platform that he co-managed with the victim.
But Chang lost the majority of the money, approximately S$1.57 million, to licensed betting outlets and illegal online gambling.
When faced about TheftZhang admitted this and made excuses that he suffered huge losses from the collapse of FTX and that financial pressures led him to steal.
Chang faced 16 charges under Singapore’s Computer Misuse Act and the Corruption, Drug Trafficking and Serious Crime (Forfeiture of Benefits) Act and pleaded guilty to six of them. The remaining charges were taken into consideration during sentencing.
The police were able to confiscate some assets, including some luxury watches, an Audi car, and about S$130,000 in bank deposits. Zhang transferred his company shares to the victim but did not offer any other compensation.
The Singapore Ministry of Defense confirmed to Zaobao that Zhang is no longer a member of the Singapore Armed Forces.
Physical access has become a major risk to cryptographic security
The Singapore case highlights a growing vulnerability in the cryptocurrency industry called “splicing attacks” that involve using physical access, stealth, or violence to steal seed phrases or hardware wallets.
In the United States, it was Marlon Ferro, a 20-year-old Californian He was recently sentenced to 78 months in federal prison for breaking into homes to steal hardware wallets as part of a $250 million cryptocurrency theft ring allegedly led by Singaporean Malone Lam.
Deputy Attorney General Jeanine Pirro He said Viro “served as a tool of last resort for the criminal enterprise” when remote hacking and social engineering operations failed.
Formerly Cryptopolitan I mentioned France has been named a global capital for cryptocurrency hijacking, with at least 19 such attacks recorded in 2025 and another six in the first weeks of 2026.
Cold storage protects against remote hacking, but it cannot protect against someone gaining physical access to a seed phrase, whether through stealth, hijacking, or force.
