Exchanges
Best Crypto Exchanges Futures Exchanges Options Platforms Derivatives Exchanges Decentralized Exchanges DEX Aggregators Crypto Bridges Memecoin Platforms Binance MEXC Coinbase Bybit
Wallets
Best Crypto Wallets Best Hardware Wallets Best Ethereum Wallets Ledger Trezor
Trading Tools
Best Trading Bots Telegram Trading Bots Best Staking Best Lending Copy Trading 3Commas
Guides
How to Buy Ethereum Day Trading Guide
News Subscribe to newsletter

Teen tied to ‘Scattered Spider’extradited to US over $8 Million crypto ransom attack

Share IT

A 19-year-old suspected member of the Scattered Spider hacking group has been extradited to the United States over his alleged role in an $8 million crypto ransom demand targeting a luxury jewelry retailer.

The US Department of Justice (DOJ) confirmed Wednesday that Peter Stokes, a dual US-Estonian national, was arrested in Finland in April on an Interpol Red Notice and brought to the US last week. He appeared before a federal court in Chicago on Tuesday facing six counts spanning hacking, cyber extortion, fraud and conspiracy. Stokes operates online under the nicknames “Bouquet” and “Jordan.”

The criminal complaint unsealed in court traces back to May 2025 and a breach at a luxury jewelry retailer. The entry point wasn’t a sophisticated technical exploit. Stokes and others allegedly picked up the phone and called the company’s technology help desk, pretending to be employees who needed their login credentials reset. Within about two hours, that approach had compromised three accounts, including two belonging to IT administrators whose elevated access privileges gave the attackers a deeper foothold inside the company’s systems.

Once embedded in the network, the group allegedly fired off a ransom note from a compromised company email account, threatening to publish credit card and payment data unless demands were met.

When that approach didn’t produce results, they contacted the company separately with a direct demand: $8 million in crypto. The company refused, pushed the attackers out of its network and walked away without paying, though the intrusion still cost it roughly $2 million in operational disruption.

Prosecutors described Stokes as someone who “has engaged in numerous intrusions, or assisted in them” well beyond this single incident, naming multiple unnamed companies as additional victims. A search of a storage device allegedly connected to Stokes turned up downloads from a virtual private server that Microsoft had flagged as being used to carry out corporate intrusions. The same device allegedly held “exfiltrated records from multiple victim-companies.”

Scattered Spider, which also goes by Octo Tempest, UNC3944, and 0ktapus, has built its operation around a consistent playbook: gain access to corporate systems through social engineering, encrypt or steal data, then demand cryptocurrency to either restore access or keep sensitive information from being published.

Meanwhile, FBI Cyber Division Assistant Director Brett Leatherman said, “Scattered Spider has repeatedly targeted US companies, extorting employees, inflicting millions of dollars in losses, and disrupting essential operations.”

Stokes is one of only a handful of individuals that authorities have publicly connected to the group. His arrest comes as ransomware’s financial toll remains enormous. Ransomware actors collected more than $820 million in payments last year, an 8% drop from 2024, but the number of attacks climbed 50% over the same period.

Share IT
Saniya
Saniya

Get Daily Updates

Crypto News, NFTs and Market Updates