U.S. Charges 19-Year-Old in Scattered Spider Case
Scattered Spider is said to have demanded more than $100 million in ransom across more than 100 breaches, often in crypto. The case highlights the role of social engineering and international law enforcement.

Key Takeaways
- The U.S. Department of Justice is charging 19-year-old Peter Stokes in a case tied to the Scattered Spider hacking group.
- Federal investigators say Scattered Spider carried out more than 100 network breaches and pulled in more than $100 million in ransom.
- The group mainly uses social engineering and, in a recent attack, demanded about $8 million in cryptocurrency.
The U.S. Department of Justice has brought charges against 19-year-old Peter Stokes in a case connected to the Scattered Spider hacking group. Federal investigators say the group is believed to have taken in more than $100 million (€87.9 million) in ransom. The case is another reminder that cybercriminals can inflict major damage with relatively simple tactics and often push victims to pay in crypto.
Charges in Chicago
Stokes faces charges of conspiracy, computer intrusion, and fraud. Finnish authorities arrested the dual U.S. and Estonian national in April and extradited him to the U.S. last week. He appeared in federal court in Chicago on Tuesday, where a judge ordered that he remain in custody.
The indictment says his alleged role was linked to Scattered Spider, which is also known as 0ktapus, Octo Tempest, and UNC3944. Investigators say the group has been behind more than 100 network breaches. The FBI and federal prosecutors announced the extradition jointly.
How Scattered Spider Works
Investigators say Scattered Spider is not especially known for sophisticated code. Instead, the group reportedly relies on social engineering, using deception to get employees or help desks to hand over login credentials before encrypting or stealing data and demanding payment. That approach fits the broader dual-extortion model, where attackers not only seek ransom but also threaten to leak stolen information.
The complaint also lays out a May 2025 attack on a luxury jeweler. In that incident, the suspects allegedly copied company data and demanded about $8 million (€7 million) in cryptocurrency. The company managed to remove the intruders from its network and did not pay, but it still reported at least $2 million (€1.8 million) in losses tied to business disruption, investigation, and mitigation.
Why This Also Matters for Crypto
For European crypto readers, the main takeaway is that ransom in cases like this is often demanded in crypto, even when the underlying case has nothing to do with a blockchain protocol or exchange. It underscores how crypto remains a common tool in extortion schemes, while law enforcement agencies are increasingly coordinating across borders to track down suspects.
The case falls under Operation Riptide, the FBI's ongoing campaign against cybercrime and fraud. Authorities say U.S. cybercrime losses topped $20 billion (€17.6 billion) last year, up 26 percent from the year before. The Justice Department's computer crime unit says it has secured convictions for more than 180 cybercriminals since 2020, while judges have ordered more than $350 million (€307 million) to be returned to victims.