Miami IT worker arrested in $1.9 million bitcoin theft from former boss

A Miami information technology specialist was arrested Monday on charges of stealing nearly $2 million in bitcoin from a former employer, with the theft going undetected for years because the funds remained in a hardware wallet, according to an arrest report from the Miami Beach Police Department.

"The victim discovered unauthorized outbound Bitcoin transactions from a Trezor hardware wallet that occurred in 2020," the arrest report states. At the time the theft was discovered, bitcoin was valued at about $115,363 per coin, bringing the estimated loss to roughly $1.9 million.

Nahum Reynaldo Castro, who worked as an IT specialist for the victim since 2013, was one of only two people known to possess the wallet's seed phrase — the recovery key that allows access to cryptocurrency assets, investigators said. Possession of the seed phrase would have allowed someone to remotely recreate and access the wallet without physical possession of the Trezor device, enabling transfers from anywhere. Records obtained from cryptocurrency exchange Bitstamp included copies of Castro's driver's license and a "selfie-style verification video," while linked JPMorgan Chase bank records showed deposits originating from Bitstamp accounts tied to the cryptocurrency transactions, according to the report.

The case highlights the security risks inherent in self-custodied cryptocurrency storage, where a single compromised seed phrase can result in the loss of funds with limited recourse. Castro faces charges including money laundering involving more than $100,000, unlawful use of a communications device, offenses against computer users and first-degree grand theft exceeding $100,000. He was being held at the Turner Guilford Knight Correctional Center as of Wednesday morning, with bond listed as "to be set," according to jail records.

The arrest follows a broader pattern of law enforcement actions targeting crypto-related crimes, with agencies increasingly using exchange know-your-customer records and bank account data to trace stolen digital assets. The case also underscores the importance of seed phrase security for bitcoin holders, as hardware wallets — while resistant to remote hacking — remain vulnerable to physical or social engineering attacks against individuals who have access to the recovery phrase.

This article is for informational purposes only and does not constitute investment advice.