A California man who participated in a cryptocurrency theft ring that stole more than $250 million in digital assets through a combination of physical home invasions and digital surveillance was sentenced to 78 months in federal prison on May 7, 2026, as federal prosecutors continued pursuing the remaining defendants charged across two indictments.
Marlon Ferro, “GothFerrari,” Receives 78-Month Sentence for Home Invasions, Surveillance, and Laundering
Marlon Ferro, 20, known by the alias “GothFerrari,” was sentenced to 78 months — approximately 6.5 years — along with a $2.5 million restitution order and three years of supervised release. Ferro was one of 14 suspects charged across two federal indictments filed in September 2024 and May 2025. The group collectively stole more than 4,100 Bitcoin — valued at over $250 million at time of theft — from targeted individuals between late 2023 and early 2025.
The ring identified victims believed to hold significant cryptocurrency positions, then conducted physical home invasions to seize hardware wallets and compel victims to transfer their holdings under duress. Targeting hardware wallet holders — individuals who store cryptocurrency offline specifically to protect against remote digital theft — represented a deliberate strategic choice to bypass the cryptographic security of cold storage by attacking the person rather than the system.
Ferro’s Role: Texas and New Mexico Break-Ins, iCloud Victim Tracking, and Proceeds Diversion
Ferro personally participated in residential burglaries in Texas and New Mexico that netted approximately 100 Bitcoin, valued at more than $5 million. Beyond direct participation in break-ins, Ferro used compromised iCloud account access to track victim locations and monitor their movements in advance of planned home invasions — a digital intelligence-gathering layer that gave the group operational awareness of when and where specific targets could be found.
Ferro also served a money-laundering function within the organization, handling conversion and movement of stolen cryptocurrency to obscure its origins. Court filings detail that Ferro directed a portion of stolen proceeds specifically to fund the legal defense costs of an imprisoned ring leader — evidence of a structured criminal organization that allocated resources to protect its leadership from ongoing prosecution.
The Ring’s Conspicuous Spending of Stolen Cryptocurrency Proceeds
Court filings document extraordinary expenditure of stolen funds by ring members. The group attended nightclub events at costs exceeding $500,000 per evening, acquired 28 luxury vehicles with individual valuations ranging from $100,000 to $3.8 million, and rented residential properties at monthly rates of $40,000 to $80,000. The spending pattern is consistent with conspicuous wealth displays documented in prior cryptocurrency theft prosecutions and proved operationally significant: investigators used financial transaction records and asset acquisition histories to identify group members and trace stolen funds.
Fourteen Charged Across Two Federal Indictments as DOJ Prosecution Continues
The 14 suspects charged across the September 2024 and May 2025 indictments represent the federal government’s most comprehensive action to date against a physical cryptocurrency theft network. Ferro’s 78-month sentence reflects his multi-role participation — direct participation in break-ins, victim surveillance, and money laundering — a scope that federal sentencing guidelines treat as an aggravating factor relative to single-role participation.
The case represents the maturation of a hybrid threat model in which digital intelligence gathering enables and directs physical criminal operations. Unlike purely cyber-based cryptocurrency theft, which targets exchange vulnerabilities, phishing victims, or protocol flaws, the hardware wallet home-invasion model uses compromised digital accounts — including iCloud and likely social media — to identify high-value targets, map their physical locations, and time operations. The approach bypasses the cryptographic protections that make hardware wallets resistant to remote attack.
Law enforcement agencies have noted increasing frequency of similar attacks on cryptocurrency holders in the United States and internationally as digital asset valuations have made even individual holders targets worth significant criminal planning investment. The DOJ has not announced a timeline for completing prosecution of the remaining defendants charged in the two indictments.
