US Charges 3 With Vast 'Crypto Jacking' Computer Fraud Scheme

The officers of Chinese "white hat" firm Chengdu 404 allegedly hit computer networks around the world.

AccessTimeIconSep 16, 2020 at 4:12 p.m. UTC
Updated Sep 14, 2021 at 9:56 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

U.S. prosecutors charged three Chinese nationals with allegedly mounting a global hacking campaign to steal sensitive corporate data from over 100 companies and installing a mass network of crypto-mining malware.

According to an indictment dated May 2019 and unsealed Wednesday, Jiang Lizhi, Qian Chuan and Fu Qiang ran their multi-year front out of the purportedly “white hat” Chinese cybersecurity firm Chengdu 404 Network Technology Co. They’re being charged with money laundering, conspiracy, identity theft and a raft of computer-related allegations, based on allegations they operated a vast crypto-jacking scheme and installed malware on victim computers, among other charges.

Chengdu 404’s “offensive” operations are what raised prosecutors’ ire. Their indictment outlines how Chengdu 404’s chief officers targeted at least 100 “victim companies, organizations and individuals” with a multi-year cyber scheme that employed “big data” analytics to maximize its impact. 

Beginning in May 2014, the trio “conspired to commit a sprawling array of computer intrusions targeting protected computers belonging to hospitality, video game, technology and telecommunications companies, research universities, non-governmental organizations, and other organizations around the world,” according to the indictment.

They allegedly stole source code and customer data from the companies, deployed “supply chain hacks” to knock out customers’ own computers like dominoes, infected networks with ransomware and installed cryptocurrency mining malware to bolster Chengdu 404’s bottom line.  

“The underlying common goal of the conspiracy was to obtain commercial success for CHENGDU 404 – and personal financial gain for members of the conspiracy – through computer intrusions targeting protected computers,” the indictment read.

The alleged perpetrators brought a hands-on approach to their crypto-jacking operations. As alleged in court filings, Jiang, the vice president for the Technical Department of Chengdu 404, told an unnamed fourth hacker to “get more domains to increase the computing power” of a Singaporean target. “Let's see how the profit is if we get a total of around 10,000 machines.”

Jiang allegedly advised the same hacker to sniff out French and Italian companies as potential targets, saying, “The only thing is that the time difference is a bit troublesome. Going on [ECS #1] at night happens to be their work hours."

The indictment did not state which cryptocurrencies the defendants tried to mine.


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.