A man was arrested in Florida after being accused of stealing nearly $1.9 million in bitcoin (BTC) from his former employer, in a case that came to light this Tuesday, May 27, 2026 and that once again puts the spotlight on the risks associated with the custody of seed phrases in trusted environments.
According to the police reportthe victim began investing in bitcoin in December 2017 and acquired a hardware wallet, whose configuration and security were managed by the accused, Nahum Reynaldo Castro, his employee since 2013 and an information technology specialist. By January 2018, the wallet already stored more than $217,000 worth of bitcoin.
The device, a physical Trezor wallet, It remained stored in a safe inside the victim’s home. until July 2025, when he, during a move, accessed the wallet and discovered that the funds had disappeared.
The investigation later determined that the unauthorized transfers would have occurred in 2020, when the defendant still maintained access to critical security elements of the system.
According to detectives, Only two people had access to the recovery seed phrase: the victim and the accused. This element would have allowed the wallet to be recreated and funds to be moved remotely without the need for physical access to the device.
The investigation included the analysis of transactions linked to exchange platforms such as Bitstamp, in addition to bank records from JPMorgan Chase, where deposits associated with the outflow of crypto assets would have been detected. Investigators also noted the existence of identity verification processes, including a selfie video linked to the accused.
The authorities maintain that the accused would have used a series of chained transactions through intermediary wallets and exchange platforms to hide the origin of the funds and make them difficult to trace. In total, he is charged with grand theft, money laundering, illegal use of communication devices and crimes against users of computer systems.
Castro was arrested this week and appeared in court, where bail was set at $50,000, according to the police report.
A case that once again puts the focus on custody
Beyond the judicial process, the case reinforces an increasingly frequent pattern in the ecosystem: the majority of high-value thefts do not occur due to technical failures in cryptocurrency networks, but due to improper access to private keys or seed phrases.
Among the recent thefts through seeds we can mention a case reported by CriptoNoticias, in which hackers posing as Trezor employees managed to induce a victim to reveal their seed phrase, which led to the loss of more than $282 million in bitcoin and litecoin through a social engineering scheme that shows the recurrence of this type of attacks in the ecosystem.
In this type of incident, the attack vector is not the protocol, but operational trust between individuals with privileged access. This makes the management of the seed phrase the most critical point of security for any user or company that custody bitcoin.
In a context where the value of digital assets can multiply in a few yearsthe separation of roles, the use of shared custody schemes and the reduction of centralized knowledge of keys are consolidated as essential measures. Cases like this show that, even in environments with physical wallets and cold storage, a single exposure of the seed phrase can compromise years of value accumulation.