The U.S. Secret Service has seized about $700,000 in cryptocurrency stolen via business email compromise schemes involving accounts linked to Nigeria and is seeking its forfeiture in the United States District Court for the Eastern District of Texas.
Court documents obtained by Peoples Gazette showed $516,332.72 was seized from three cryptocurrency wallets on or about March 10, 2026, in Tyler, Texas. The first contained $201,801.06, the second had $15,200.63, and the third held $299,331.02, documents said.
In an affidavit, the law enforcement agency’s special agent, Brad Schley, said the suspected cybercriminals defrauded victims via business email compromise schemes.
He said the suspected fraudsters posed as business partners and contacted victims via email and persuaded them to send funds to fraudulent bank accounts. The funds were laundered through multiple accounts and layered across several crypto wallets before being converted to USDT.
Mr Schley said the funds were discovered in Tether wallet addresses during an investigation—which began in August 2024—into business email compromise schemes affecting victims in the Eastern District of Texas and elsewhere.
“This investigation has discovered that once the victims send their funds to a domestic bank account, the funds are laundered through additional domestic accounts and are eventually sent to a cryptocurrency exchange where the fiat currency is exchanged for cryptocurrency,” Mr Schley said.
The agent said a Texas Bank and Trust (TB&T) employee reported that a customer lost about $600,000 in a business email compromise scheme.
The victim, identified as Lapetco, Inc., had successfully completed two transactions with Pontem Energy Partners, LP and had communicated via email with an attorney before the fraud occurred.
On July 31, 2024, parties in the transaction received a fraudulent email impersonating the attorney by changing the email domain. The suspected cybercriminals instructed them to send funds to a new, illegitimate Citizens Bank account. The case was reported to the Addison, Texas, Police Department.
Mr Schley said Secret Service Task Force Officer John Partlow obtained details of six Kraken accounts via subpoena. He said the findings showed the accounts were operating under false identities, as some were linked to a common fraudulent identification photo later identified as Daniel Lee Sallay. One Kraken account opened on or about May 6, 2024, used the name Finven Concepts LLC, and a fake Illinois driver’s licence bearing the name James Levin. Another account, Shirk Roofing LLC, used a fraudulent Illinois driver’s licence with the name David Shirk.
“The driver’s licence photo was identical to the fraudulent driver’s licence used to open the Kraken account NVFI,” the affiant said.
According to Mr Schley, multiple accounts used the same identification photographs. Investigators said a victim, R.I., reported to the New Jersey Police Department that he lost $2,986,149.00 to a BEC scam while attempting to disburse inheritance funds to various unknown accounts as the family executor.
The document showed that $1,353,400.00 obtained from victim R.I. was laundered through the laundering network before being transferred to another Kraken account and converted into USDT.
Mr Schley said Secret Service personnel used blockchain analytics to identify Target Accounts A, B, and C as unhosted wallets that contained USDT derived from BEC scams. Investigators subsequently contacted Tether, requesting that the accounts be frozen, and the platform complied.
According to the affidavit, the owner of one of the accounts, John Mcraith, and the email address bigblackmajic@outlook.com, contacted Tether regarding the restriction, and personnel sent an email to the individual, who has yet to respond.
Further investigation showed the account was created in Nigeria on August 12, 2025, with the name Big Majic.
Another individual, Andrew Watkins, with the email address andrewwatkins1963@hotmail.com, was contacted by the USSS after he claimed ownership of the first account. Mr Watkins sent a copy of his passport number to the investigators but did not follow up by telephone or in person.
In a similar incident, the Secret Service also confiscated $181,346 traced to another Nigerian cyber fraudster, who was said to be at large, according to court filings seen by The Gazette.
