Skip to Content
CNN - National

Cross-country scheme to steal cryptocurrency involved fake food orders and violent break-ins, prosecutors say

By
Published 8:39 AM

By Andy Rose, CNN

(CNN) — It might sound like a tale from the Gold Rush: Three men leave Tennessee hoping to strike it rich in California.

But the twists of their saga, as laid out this week in a federal indictment, are closer to a horror story – with pistol-whipping, lives threatened and people tied up in their own homes. And investigators say the men weren’t looking for gold – they sought something you can’t hold or even see.

The trio, according to prosecutors, wanted to make quick millions by stealing cryptocurrency, according to an indictment unsealed last month. Federal prosecutors say the defendants — Elijah Armstrong, 21; Nino Chindavanh, 21; and Jayden Rucker, 25 — all from the Nashville area, swept across several California cities in a little more than a month. They are accused of using several ruses to force their way into people’s homes, assaulting unsuspecting residents and holding them hostage for their own money, and demanding access to their crypto accounts.

“The scheme was not only sophisticated, it was brazen, violent and dangerous,” US Attorney Craig H. Missakian said in a news release this week.

Threatening violence against crypto owners to give up access to their funds is becoming more common, according to cryptocurrency experts, with hundreds of millions of dollars expected to be ripped off just this year. Thieves who might otherwise force people to go to an ATM to withdraw a limited amount of cash are instead demanding potentially unlimited crypto that is hard to trace.

“Bad guys always go where the money is,” said Ari Redbord of TRM Labs, which monitors cryptocurrency fraud and helps businesses and law enforcement respond to theft. “I think more and more right now, the money is in crypto, and we see bad actors taking advantage of that.”

Silicon Valley investor targeted for cybertheft

The case of the three men from Tennessee appears to have begun five days before Thanksgiving last year with a couple of pizza orders to a house in San Francisco, according to the indictment.

But these orders weren’t done as a prank, prosecutors say. They allegedly were an effort to see whether their mark was home.

The date and details in the federal charges match a case in Mission Dolores – San Francisco’s oldest neighborhood and one of its most expensive – that was previously being investigated by local police.

The initials of the victim in the federal indictment match the name of a resident in the home, a prominent tech financier who previously worked for the venture capital firm Y Combinator.

The CEO of Y Combinator, Garry Tan, said on social media he was a friend of the victim and posted surveillance video showing the hooded suspect approaching the door and asking for the victim, claiming to have a UPS package for him. The video shows the suspect following the person who answered the door inside after asking to borrow a pen.

Tan later took down the public video. CNN is not naming the victim because his full name is not listed in the federal indictment.

The intruder bound the victim with duct tape, threatening to kill him if he didn’t give access to his cryptocurrency, the indictment says. Getting instructions by phone from “unknown co-conspirators,” the kidnapper allegedly was able to get about $6.5 million from the account.

The victim told San Francisco police he was forced to crawl downstairs and had liquid dumped on him, with the intruder claiming he was going to burn the house down, according to a police report reviewed by the San Francisco Chronicle.

The victim told police it was publicly known that he owned a lot of crypto, according to the Chronicle, and Redbord believes that made him a tempting target.

“My recommendation would be to be much more careful, to be much more low-profile if you are a founder in the cryptocurrency space or an investor in (venture capital),” said Redbord.

The San Francisco Police Department declined to provide its police report this week or comment on the case, with a spokesperson citing “ongoing and active investigations.”

Armstrong and Rucker entered not-guilty pleas to the federal charges Tuesday, court records show. Chindavanh has not yet entered a plea. The indictment says it is believed “others known and unknown to the Grand Jury” may also be involved.

Armstrong, Chindavanh and Rucker remain detained without bond. A court-assigned attorney for Armstrong did not return messages from CNN. The head of the federal public defender’s office in San Francisco, which represents Chindavanh, declined to comment.

“Mr. Rucker is a very young man facing very serious charges,” said his attorney, Karen McConville. “It is too soon in the case to comment on the allegations and whether the government has sufficient evidence against my client to make those charges.”

Suspects staked out multiple victims in a single month, say investigators

After their successful, violent score in San Francisco, the indictment says, the trio moved on to San Jose, pulling the same pizza delivery test using the same fake name. But this time, they never got to confront the victim, prosecutors said.

Over the course of multiple trips between Tennessee and California in early December, the scams used to gain access to people’s homes changed, according to the court documents. Prosecutors say the men tried again unsuccessfully at the San Jose home, first pretending to be professional power washers, then returning two days later and hitting the victim in the head with a gun.

In a robbery attempt three days before Christmas, investigators say the crew made DoorDash orders to homes near a victim, grabbed the food themselves, and then took it to their intended target’s residence.

Chindavanh allegedly posed as a DoorDash driver and then used a gun to force his way into the victim’s home in Sunnyvale, California – a key tech sector hub – but was forced out before anything could be stolen. He was arrested that same day, according to the US Attorney’s office.

On New Year’s Eve, the two remaining conspirators tried another scam, according to prosecutors. Armstrong claimed to be a US Postal Service employee needing to deliver a package to a home in Los Angeles. This time, the scheme worked, and the victim was held with zip ties and duct tape and assaulted.

Armstrong and Rucker “called unknown co-conspirators for assistance in accessing Victim 4’s cryptocurrency and successfully accessed one of his accounts,” the indictment says.

The court document does not say how much was stolen from the victim in Los Angeles. The thieves left after being spooked by the sound of a helicopter passing overhead, according to investigators.

Armstrong and Rucker were arrested in Los Angeles later that day, the US Attorney’s Office said.

“As alleged, this was a calculated scheme involving robbery, kidnapping, and the theft of millions in cryptocurrency – crimes that put innocent people at risk and threaten the sense of safety we all rely on,” said Matt Cobo, acting special agent in charge of the FBI San Francisco field office.

The federal indictment does not explain how the men who were charged – two of whom have criminal records – allegedly became interested in stealing crypto.

Rucker was sentenced to probation in 2024 for using a firearm in an attempt to commit a dangerous felony in Maury County, Tennessee, according to records from the Tennessee Department of Correction. He is listed in their records as “absconded.”

Before his federal arrest, Chindavanh was free on a $100,000 bond in a pending attempted murder case in Rutherford County, Tennessee, according to county court records. After a not guilty plea and two years of continuances, his state trial was scheduled to begin on January 26 but has been delayed again, according to court records.

CNN did not find any previous criminal charges against Armstrong in the Nashville area listed in court records.

The tech behind crypto entices thieves, but also helps police

Although cryptocurrency didn’t even exist 20 years ago, its anonymous nature has led it to be sometimes associated with criminal activity – from illicit financing to cyberattacks to ATM scams.

While much of that crime is conducted remotely through phone conversations and internet connections, experts have seen a rise in these types of direct physical threats in order to steal crypto – what they call “wrench attacks.”

“We saw about 70 wrench attacks globally last year,” said Redbord. “I think the issue with that number is it’s just wildly underreported because most law enforcement wouldn’t know how to log it. It’s going to be logged as a home invasion or a robbery or a theft.”

Redbord was a federal prosecutor for more than a decade, working on both violent crime and cybercrime. “And I think what we’re seeing here with these wrench attacks is this really scary confluence of the two,” he said.

The cybersecurity firm Certik estimates wrench attacks were up 41% in the first quarter of this year compared to the same period in 2025, although the vast majority of the attacks they documented were in Europe. The threat has become so serious in France that a crypto conference in April had reinforced security, with some attendees getting police escorts, CoinDesk reported.

But documented cases are also piling up in the US. In September 2025, prosecutors said a family in Grant, Minnesota, was held at gunpoint for nine hours in a crypto theft. Not only was $8 million in cryptocurrency stolen, but safety concerns prompted a nearby high school to cancel its homecoming football game, federal prosecutors said at the time.

At this rate, Certik expects victims will lose hundreds of millions of dollars to wrench attacks this year.

All cryptocurrency transactions are recorded on a log called a blockchain, which anyone can see. Each account is listed on the blockchain as a unique code called a public key, but that key doesn’t reveal who owns it, and only a person with a special passcode called the private key can access the money.

That gives cryptocurrency the appearance of anonymity, but Redbord says many criminals don’t realize it comes at a cost to them. If a public key can be linked to them, every transaction they’ve ever made with it can be found.

“The reality is that we can trace and track crypto in ways we never could before,” said Redbord.

A thief who knows law enforcement is on their tail can destroy documents but can’t destroy the blockchain. Criminals trying to convert the crypto into old-fashioned cash have to use an exchange like Coinbase. Those services can be subpoenaed to access account records that can identify suspects and recover the currency.

Just as robbers who steal physical items usually want to unload them as quickly as possible, Redbord says cyberthieves know their time is limited.

“These types of cases become a race between law enforcement and the bad actors to those off-ramps,” he said.

And in these dramatic cases worthy of a Hollywood movie, prosecutors say they are intent on catching up with the bad guys.

“We will not let our guard down and continue to do all we can to ensure this does not happen again,” said US Attorney Missakian.

The-CNN-Wire
™ & © 2026 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.

Article Topic Follows: CNN - National

Jump to comments ↓

Author Profile Photo

CNN Newsource

BE PART OF THE CONVERSATION

KIFI Local News 8 is committed to providing a forum for civil and constructive conversation.

Please keep your comments respectful and relevant. You can review our Community Guidelines by clicking here

If you would like to share a story idea, please submit it here.