Noah Urban's role in the notorious "Scattered Spider" gang involved persuading people to unknowingly give criminals access to sensitive computer systems.
One afternoon in September 2022, in a Telegram group chat filled with gold bag emojis and clown emojis, and filled with "lmfaos" and "loooools," a pixelated image of a teenager covered in blood appeared. Noah Urban, then 18, of Palm Coast, Florida, clicked on the video.
In the video, the teenager pleads with Noah to wire $200,000 to his kidnapper, who holds a gun to his head. "Elijah, real brother, you know we used to work together," the teenager says, using an alias for Noah. His face is swollen, and his mouth is full of blood, which drips onto the white Hollister sweatshirt he's wearing. "You know I've always got your back. Just tell me, and I'll do whatever you want."
Noah immediately recognized the teenager. Justin had worked for him, helping him steal cryptocurrency. He didn't know Justin's full name, but he knew he couldn't compromise with the kidnappers. Furthermore, he thought the video might be a fake. So, he didn't transfer any funds.
Such clips might horrify most teenagers, but by 2022, Noah had seen plenty of it. He was on the run from the FBI as a member of a cybercrime ring that would later become known as Margi Murphy, known as "TechFlow Spider." The group had become one of the world's most notorious cybercrime organizations, linked to dozens of attacks against companies in the United States and the United Kingdom. Among the most serious were the 2023 ransomware attack on MGM Resorts International, which crippled the casino's computer systems and cost the company $100 million, and the attack on British retailer Marks & Spencer Group Plc earlier this year, estimated to have cost the company approximately $400 million.
The FBI and the UK's National Crime Agency have designated Scattered Spider as a priority target. The US Cybersecurity and Infrastructure Security Agency (CISA) describes the group as a "serious and persistent threat to US institutions." Cyber defense firm Mandiant has listed it as one of the "most aggressive and penetrating threat actors impacting European and US organizations." Last year, "60 Minutes" also reported on Scattered Spider's links to Russian ransomware hackers.
Noah played a key role in the ring as a "caller." His story serves as a cautionary tale, illustrating how a high school student with limited technical skills transitioned from gaming to rapid cryptocurrency theft, and then to using phone scams to gain access to telecom and tech companies' computer networks and steal sensitive data. Growing up in a middle-class family in Central Florida, he wore Crocs sandals and board shorts to go fishing, ziplining at Gatorland, and visiting Universal Studios Orlando—normal boy activities. However, as his criminal activity escalated, his virtual world activities began to spill over into the real world. Kidnappings, firebombings, and sexual extortion cases attracted the attention of law enforcement. Friends Noah had made online now face lengthy prison sentences.
This report was compiled from court documents, conversations on Discord and Telegram messages, and interviews with dozens of threat intelligence analysts, law enforcement officials, and others familiar with Noah’s criminal career. This included Noah himself, who spoke with Bloomberg Businessweek in dozens of phone calls from a Florida prison, requesting that the conversations remain unreported until after he was sentenced.
“Hi, my name is Kevin, and I’m calling on behalf of T-Mobile Internal Security.”
Noah wasn't really a hacker. He was born in 2004, the year Facebook launched. He preferred swimming and rugby to programming. He had a few friends and a high school sweetheart, but mostly kept to himself and didn't participate much in class. "I was the weird kid," Noah recalls. "I didn't have a lot of friends, so I didn't pick up the social cues that come from being around people." Three years after graduation, his favorite teacher didn't even remember him.
Noah started playing Minecraft when he was 8 or 9 years old. At 15, he met people through the game and first heard about SIM swapping scams. This scam involves transferring someone's phone number to a phone you own in order to intercept security codes, take over their online accounts, and transfer funds. This operation doesn't require any programming skills; the key skill is social engineering—persuading or bribing telecom company employees to "activate" the number for you.
Noah quickly demonstrated excellent conversational skills, possessing a deep voice that belied his age, which allowed him to trick victims into handing over personal information. He also attributed his social engineering skills to his parents. "Politeness and respect were the two most important things I learned as a child," he said.
The leader of the SIM swapping ring, whom Noah met through Minecraft, paid him $50 every time he successfully caused cryptocurrency to be stolen via phone. He made $3,000 in his first week.
Noah had no shortage of money. His parents separated when he was a toddler, but they both lived comfortably. His mother owned a house in a gated community north of Orlando and worked in human resources; his father, a Navy veteran who ran an online marketing company, owned a nearby home with a pool and Jacuzzi.
Yet, Noah was captivated by the adrenaline rush of SIM swapping, and the camaraderie that's hard to find in real life. "If you're standing in line with 10 people at Walmart, you're probably not going to find a lot of people you're compatible with," he says. "But if you can pick the friends you want online—people who share common interests—it's much easier to get along."
Noah joined a group of about 15 gamers, including 17-year-old Daniel Junk from Portland, Oregon, and another 17-year-old, Tyler Buchanan, from Scotland. Noah explained that they purchased a database stolen from the cryptocurrency wallet company Ledger SAS, which provided a list of cryptocurrency holders and their email addresses. The next step was to gain access to those email accounts, and they began looking for anyone with an Outlook, AOL, or Yahoo! account. These accounts, they told Noah, were the easiest to compromise.
These new friends were part of an underground network called "Com," a network of young people spread across Discord and Telegram, seeking valuable usernames, video game loot, and cryptocurrency that could be stolen through account takeovers. The FBI began investigating "Com" in 2018, and agents estimated that by then, the group had stolen $50 million.
As more "Com" members discovered the ease of stealing cryptocurrency, demand for SIM swaps increased. Some speculated about which telecom companies, such as T-Mobile US Inc. or AT&T Inc., call center support contractors, were most vulnerable to being scammed. Others hired children to break into cell phone stores and steal customer representatives' iPads. For fun, thieves often filmed these acts and posted them online.
Noah said Janke discovered a way to gain access to T-Mobile's SIM card activation tool by registering his personal computer with the company's corporate network and using remote access software. When T-Mobile detected suspicious logins, it would reset the account, locking Janke out. So, he began paying Noah to call employees and trick them into handing over their login information. Noah, pretending to be from the IT department, successfully obtained the login information.
Others involved in SIM swapping would listen in on Noah's calls on Discord while playing Counter-Strike or Call of Duty and reading scripts that Janke had written for him. "Hello, my name is Kevin," the script began. "I'm calling on behalf of T-Mobile Internal Security." When unsuspecting sales representatives accidentally let Noah into the system, Janke and his friends would hang on every word. When Noah made a mistake, they would laugh their heads off. (A T-Mobile spokesperson said the company has improved its security measures to "reduce illegal SIM swapping.")
As Noah tricked more and more people, he discovered that his targets were not only predictable but also inherently benign. While it was difficult to convince employees that they had submitted an IT ticket, he could convince them that the ticket must have been mistakenly linked to their account—could they please close the ticket so he could finish his work? They almost always complied. When Noah talked a new account into his account, the validation from his new friends was more satisfying than a game of Minecraft.
"It's shocking that children so young are capable of inciting a shooting somewhere in the world with so little accountability."
Noah's mother began to suspect he was up to something. Mysterious pizzas ordered by strangers began arriving at her door. She overheard conversations about SIM card swapping. As she tried to impose stricter rules, 16-year-old Noah moved in with his father.
Robert Urban lives in a five-bedroom house in Deland, Florida. The garage is piled high with tools, and the living room is filled with toys for his partner's two children. A white Malinois barks at his feet. He says he noticed a change when Noah started calling him "buster." Noah was about 15 then. "You don't drive a Ferrari, you have a mortgage, you work your ass off, and you're still struggling," he recalls Noah saying. From then on, Urban noticed a "drastic change" in his son's behavior.
When designer clothes arrived at his doorstep, or during rare social events, when Noah wore a $35,000 diamond-encrusted Rolex watch and Louis Vuitton sneakers, he would tell his father that he was selling items through Minecraft and using the proceeds to invest in cryptocurrency. Urban, a Bitcoin fan himself, boasted about his son's success to friends.
Urban tried to get Noah to liquidate some of his cryptocurrency holdings and invest them in more traditional investments. “No, Dad,” Noah would tell him, “I have plans.” Instead, he spent $80,000 on a Minecraft account with the username Elijah, another $30,000 on @e on Twitter, and another “ridiculous” amount on @autistic.
Noah soon began hiring his own scammers, including Justin, whom he knew. He would pay them anywhere from $60 to $1,000, depending on the security level of the telco account. He would pay them up to $4,000 if they could get employees to install remote access tools. When the COVID-19 pandemic closed schools nationwide, Noah appreciated the extra free time his employees had.
Intermittent access to telecom companies has led some SIM swappers to steal from each other. Some have resorted to "doxing," posting the real names and personal information of other hackers online to blackmail them. Bloomberg Businessweek reviewed dozens of Discord and Telegram videos showing young people throwing bricks at homes while chanting the names of their respective SIM swapping factions, a practice known as "bricking." They also hack and leak nude photos and personal information of rivals' girlfriends, encouraging others to harass them. There are even dedicated Telegram chat groups dedicated to humiliating the girlfriends of "Com" members.
David Hale, a detective with the Weston-East Goshen Police Department in eastern Pennsylvania, said he learned of "Com" in January 2022, when he was called to a home in an affluent suburb where eight shots had been fired into the living room with three people inside. Two weeks earlier, a firebombing attack had been reported at another home in the area. Both attacks targeted young women associated with "Com." "It's shocking that someone so young could be capable of inciting a shooting somewhere in the world with so little accountability," Hale said.
Noah said he wasn't involved in any internal fighting, but he knew trouble was coming. In 2021, hackers threw bricks at his mother's home, thinking she was still living there. She received anonymous messages threatening to continue the attacks unless her son transferred hundreds of thousands of dollars in cryptocurrency. Noah refused, and the attacks eventually stopped.
Allison Nixon is increasingly concerned. As chief research officer at cybersecurity firm Unit221B, she's frustrated that hackers are evading police scrutiny and worried about the aggressive nature of their attacks.
Adults in the cybersecurity field often tolerate teenage hackers, trying to guide them into industrial careers to capitalize on their talents. But in Nixon's view, this approach is no longer effective. "The only way to solve this problem," she says, "is for the government to address it the way it has historically addressed violent street gangs."
Her advice didn't resonate with government officials, whom she described as "totally overwhelmed" and acting as if they had more important things to do than chase children online. She and other cybersecurity investigators warned law enforcement officials that members of "Com" could become a greater threat.
By 2022, Noah was about to finish high school. He became increasingly withdrawn, missing assemblies and dances and failing to submit a YouTube compilation video showing classmates wearing masks. According to court records, Noah was already a millionaire, but he was more focused on taking his criminal enterprise to the next level.
“I just want financial freedom, to hang out with friends and listen to music all day.”
While searching for a list of new cryptocurrency holders, Noah came up with the idea of targeting the communications technology company Twilio Inc. Because its software was used by 50,000 companies to manage text messages and calls with customers, Noah believed it would possess a wealth of valuable data. In August 2022, a few weeks before his 18th birthday, he and a friend purchased a fake domain with a webpage that looked like the login page for the user authentication company Okta Inc. and sent text messages with a link to Twilio employees.
“Warning!!! Your Twilio schedule has changed. Visit twilio-okta.com to view the changes!”
Noah successfully tricked a Twilio employee into giving him the data he wanted. However, when that person didn't have the data he wanted, he logged into their Slack account and sent a message to a higher-level employee he had found on LinkedIn. "I basically told them we needed this data for audit purposes or something like that," Noah said. "And they exported the database and sent it to me."
Using Twilio's enterprise access codes, Noah and his accomplices were able to break into even more companies. In total, they ultimately gained access to customer data, including SMS verification codes, for 209 companies using Twilio. "We felt like gods," Noah says.
A few days later, Group-IB, a cybersecurity firm that assists Twilio clients, announced the data theft on its blog and named the hacker 0ktapus. Terrified, Noah threw away his $3,000 computer and phone and replaced them with new equipment. Soon after, a 0ktapus member shared the data with another SIM swapper, who then circulated it widely. As more and more "Com" members culled names from the database, the data lost its value on the black market.
Members of Noah's group laid low for a while, but when the police didn't come knocking, they became bolder. According to Group-IB, 0ktapus continued to steal thousands of employee credentials throughout 2022. Once they successfully accessed a corporate account, they would identify and target employees with higher privileges. In December of that year, the group also stole the personal information of 5.7 million customers of Gemini Trust Co., a cryptocurrency exchange owned by the Winklevoss twins, and put it up for sale on criminal forums.
When Noah turned 18, he moved out of his father's house and into a long-term Airbnb in a quiet neighborhood in Palm Coast, Florida. He furnished his place with a bed, a table, a sofa, a TV, and a cat named Diana, whose fur resembled an Oreo cookie. "All I wanted was financial freedom, to hang out with my friends, and listen to music all day," he said.
Once a week, he drives his Dodge Challenger to a strip mall, chooses between Olive Garden and a teppanyaki restaurant, and leaves a $100 to $200 cash tip. He also enjoys racing the highway at night, listening to Lil Uzi Vert, Playboi Carti, and Ken Carson.
Noah, who was active on a forum called Leakth.is, where people post “rare” (unreleased tracks) from their favorite artists, decided to target employees at Universal Music Group NV and Warner Music Group Corp. to gain access to the Dropbox or iCloud accounts of sound engineers and producers he suspected had unreleased music in their files.
In 2022, Noah used a Twitter account named King Bob to post a rare clip he claimed was from Playboi Carti's unreleased song, "Money N Drugs." The name was a nod to the Minions from "Despicable Me." His account's followers skyrocketed to 11,000 overnight. Theories about King Bob's identity spread online, with fans speculating that he might be a music studio promoter or a renegade production assistant. (The record company declined to comment, and Playboi Carti's manager did not respond to requests for comment.)
Noah claims he's not the only one using the King Bob alias to steal music, and that releasing rare items is promotion, not theft. However, those he's attacked see it differently. Nasir Pemberton, a producer who's worked with Kanye West, A$AP Rocky, and Playboi Carti, accused Noah of stealing hundreds of his songs and shared a screenshot of his Dropbox on Discord. "He nearly ruined my life," Pemberton said.
"It's all about status in their community. It's just bragging rights."
0ktapus wasn’t the only group within “Com” to attract attention. Another faction—nicknamed “Scattered Spider” after joining forces with Noah’s group—also wanted to move beyond SIM swapping. This faction included some former members of Lapsus$, a group that had previously attacked Nvidia Corp. and Uber Technologies Inc. One member, a hacker named Jack, boasted about having connections with ransomware providers and software to bypass advanced security tools. (Another member, Thalha Jubair, codenamed EarthtoStar according to prosecutors, was arrested in the UK this month. U.S. prosecutors unsealed an indictment on September 18th alleging that Jubair, now 19, helped extort 47 American companies for a total of $115 million. His British lawyer declined to comment.)
Noah thought it would be cool to work with them. He began to connect with Jack, who was impressed by the Twilio hack but disparaged Noah and his friends' strategy of breaking into companies and stealing their data. Jack believed that extorting the hacked companies would be much quicker to make money.
Noah said they worked together to gain access to the account of an employee of the cryptocurrency exchange Crypto.com through a conversation. They also exploited the systems of United Parcel Service (UPS) to collect personal information on potential victims. (A spokesperson for Crypto.com said the attack on its platform, which has not been previously reported, affected only "a very small number of individuals" and no customer funds were accessed. UPS said in 2023 that it had fixed the issue but declined to provide further details for this article.)
The group was eager to obtain more data. Noah said that during breaks from virtual classes, he used ChatGPT to research which organizations had access to the personal details needed to steal cryptocurrency, and what types of employees might possess that information. In January 2023, they hacked into Riot Games Inc., a video game company, and stole the source code for its popular game League of Legends, along with some anti-cheat tools. They demanded $10 million for the return of the data, the group's first ransom demand. Riot Games refused to pay.
Noah said he wasn’t involved in the extortion attempt but that he had previously gained access to the company through his phone scam skills. He made updates to his personal Riot Games account during the theft, which investigators considered a key lead—along with a message prosecutors say he sent days later appearing to acknowledge the attack.
On the morning of March 1, 2023, everything began to unravel. As Noah was returning home from the vet with his cat, more than two dozen FBI agents and police officers surrounded his car and demanded he open the door. He hesitated, worried Diana might escape, which initially made them suspect he was hiding something. When he explained, the officers allowed him to bring the cat inside.
Noah sat on the couch, reading the search warrant, while agents searched his apartment, confiscating his computer and iPhone. He refused to provide the passcodes. When he asked to call his father, an FBI agent agreed and held Noah's phone to his face, attempting to unlock it. "Nice try," Noah thought, ducking.
In total, prosecutors said, federal agents seized about $4 million in cryptocurrency, $100,000 in cash, and $100,000 worth of jewelry, including a Rolex and five other watches. They also took a money counting machine and Noah's Sony PlayStation 5. Noah said they left him with only $16 and a passport.
"Like every other father, I am heartbroken, but I will always love him and will never give up on him until I die."
Noah wasn't arrested that day, but FBI agents charged him with hacking into Riot Games and several cryptocurrency thefts. "They sat me down and said, 'We know you're a social engineer,'" Noah recalled. "'We know you're part of Scattered Spider.'"
It turns out the FBI had been tracking Noah since 2021, when he was flagged as a low-level actor in a SIM swapping scheme in Portland, Oregon. Despite his lack of technical skills, Noah was "one of the top SIM swappers we knew of at the time," said Douglas Olson, the special agent in charge of the Portland office who worked on the case. "He was very, very skilled at tricking employees into swapping victims' phone numbers and obtaining personal information to commit his crimes."
Noah moved back in with his father, who said he was shocked to learn of the extent of his son's alleged crimes. That same month, they flew with their lawyer to Oregon, where FBI agents were tracking one of Noah's partners, Janke. There, according to court documents, Noah admitted to prosecutors that he had stolen as much as $15 million between late 2020 and early 2023. He stated that he would never again touch cryptocurrency or engage in hacking.
Despite Noah's comments in the interview, the FBI's Olson believes he has "shown absolutely no remorse." Olson said Noah's entire social life revolved around committing cybercrime, which had desensitized him to his victims. In fact, Noah told agents that he spent most of his winnings almost immediately on cryptocurrency gambling and gaming websites. "It's all about status in their community," Olson said. "It's just bragging rights."
Even after his home was raided, Noah continued his social engineering and music theft activities, according to an FBI agent involved in the investigation who requested anonymity. Cybercrime researchers say Scattered Spider appeared to go quiet for a while after the raid. In September of that year, the group allegedly breached Caesars Entertainment Inc. and extorted the casino company for $15 million. Caesars did not respond to a request for comment, according to a source familiar with the matter.
Days later, MGM Resorts discovered that hackers had gained access to its systems and stolen employees' Okta passwords. MGM shut down its computer systems. On the Las Vegas casino floor, slot machines stopped paying. Guests, including then-Federal Trade Commission Chairwoman Lina Khan, were locked out of their rooms. The company didn't pay the ransom, but estimated the attack cost $100 million.
The incident is alarming. Ransomware, typically the domain of Russian-speaking groups, now has evidence that it is being used by hackers closer to home.
Cybersecurity firms CrowdStrike Holdings Inc. and Mandiant said Scattered Spider had been actively targeting their customers for months. The companies shared recordings of conversations between Scattered Spider and their customer service employees with the cybersecurity firm, and researchers were surprised to hear familiar accents. Jeff Lunglhofer, chief information security officer of cryptocurrency exchange Coinbase Global Inc., described them in 2023 as "young, articulate males" who were "quick and even witty."
A month after the MGM attack, Microsoft Corp. described in a blog post how Scattered Spider's ransom notes were becoming increasingly aggressive. Members used home addresses and family names, along with physical threats, to pressure people into sharing passwords or codes, Microsoft said. That same November, the U.S. Department of Homeland Security warned that Scattered Spider was collaborating with the ransomware group AlphV, whose members spoke Russian and provided ready-made malware for a share of the ransom.
Noah denied involvement in the casino attack or deploying the ransomware, and he wasn’t charged with those crimes. But the government suspected he hadn’t fully reformed. Prosecutors later claimed that in August 2023, Noah withdrew $10,000 worth of Bitcoin from a wallet the FBI was tracking, despite promising to stay out of cryptocurrency. They discovered Discord messages Noah had sent to friends. One read, “I spoke with a federal attorney today. They said if I don’t get indicted soon, I’ll likely win this case. You can’t imagine how bad things would have been if I hadn’t gone nuclear.”
An FBI analysis of Noah's accounts showed that he helped move about $76 million through cryptocurrency exchanges and online gambling services in mid-2022. Noah said the figure wasn't completely accurate, but "it's close."
As law enforcement closed in on Noah, some of his associates ran into trouble of a different kind. In March 2023, Janke pleaded guilty to conspiracy to commit wire fraud. He continued his hacking activities while out on bail. In November of that year, while returning to his Portland apartment, three men dragged him into a van. They tied his hands behind his back and put a hood over his head. The kidnappers repeatedly removed the hood to ask Janke where his cryptocurrency stash was, and when he didn't answer, they tightened it back around his neck. They were unaware that federal agents had already seized $4 million in cryptocurrency from him.
“Damn it,” Janke recalled, recounting the kidnapping from a child-sized chair in the visiting room at the federal prison in Lompoc, California. “I could have died.”
The next morning, a jogger found Janke at an intersection, tied to a pole and covered in bruises. A month after leaving the ICU, Janke was rearrested and sentenced to six years in prison. He said being in prison now was a relief; the scar from a cable tie, tattooed with the character Bender from Futurama, is still visible on his wrist. He said his family can rebuild their lives without harassment, and he himself is no longer tempted by hacking. "What we did, I think, was really bad," he said.
In October 2024, four men were arrested in connection with the Janke kidnapping. All have pleaded not guilty and are awaiting trial. Prosecutors allege that two other men were responsible for kidnapping Justin, the boy who pleaded with Noah for help in the video. The two men were convicted of burglary and cryptocurrency theft. Justin managed to escape and was found by a state trooper on a Florida highway 120 miles from his home. He could not be reached for comment.
Noah was arrested in January 2024, nine months after police raided his Palm Coast home. He was held without bail. Subsequently, California prosecutors indicted him and four others for hacking 13 companies, including AT&T, T-Mobile, Verizon Communications Inc., Twilio, and Riot Games. Among those indicted was his Scottish gaming friend, Tyler Buchanan, who was arrested in Spain in June 2024 and extradited to the United States. He has pleaded not guilty to the charges. Neither Buchanan nor his attorney responded to requests for comment. AT&T, T-Mobile, Verizon, Twilio, and Riot Games also declined to comment.
Noah wasn't charged with the music theft, but King Bob was named in the indictment, and photos of him being detained quickly became memes online. Online, fans of Playboi Carti called on the FBI to release Noah's stolen music collection. A Reddit user blamed Noah's parents for his crimes, prompting Noah's father to respond on the site. "Sometimes people make choices that go against what they were taught," Urban wrote. "Like every father, I'm heartbroken, but I will always love him and will not give up on him until I die."
Gregory Kehoe, the U.S. Attorney for the Middle District of Florida, predicts that people like Noah will have a hard time leaving crime behind. "This isn't just an addiction; this is their lifestyle," he says. "If your entire social network revolves around online communication on multiple platforms, even if you have a setback, what are the chances that you'll slip back into that lifestyle?"
Noah showed signs he wasn't ready to give up his online life. He was twice placed in solitary confinement for using a smuggled phone. In August 2024, he posted on his Twitter account, X: "Boring." The judge overseeing his case was hacked, and prosecutors accused one of Noah's associates of the attack.
"Fortune 500 companies like AT&T and T-Mobile were easily deceived by a bunch of teenagers."
A few weeks after his arrest, Noah called a BusinessWeek reporter from jail, responding to an interview request. For the next year, he would call almost weekly from the prison in Starke, Florida, to recount his experiences. He was polite, calm, and possessed a disarming sense of humor. He said that at first, most inmates were skeptical of this white kid being held on "computer charges"—a common term for sex crimes. But when his detention photo appeared in a 60 Minutes segment about the MGM hack, their opinions began to change.
In April 2024, Noah pleaded guilty to wire fraud and aggravated identity theft. In a July video call, he huddled in the bottom of his bunk in the 30-person dorm where he had lived for 19 months, weeks before his sentencing. In previous calls, he had sounded confident, talking about earning the respect of the inmates and gambling with instant noodles instead of millions of dollars. This time, however, his hair was combed back over his forehead, making him look young and awkward. He talked about a girl he once liked, with whom he played volleyball at school.
When he heard the news that four "Scattered Spider" suspects had been arrested in the UK, his eyes barely shifted. As long as young people continue to recruit each other, Noah said, this crime will continue. "Hopefully, it will end, but I don't see that happening."
On August 20, 2024, Noah appeared in federal court in Jacksonville for sentencing, wearing a navy blue prison uniform with the word "PRISONER" emblazoned on the back. In a phone call the night before, he said he was "nervous and excited," expected no more than eight years in prison, and was optimistic about his attorney's request for five years.
His attorney, Kathryn Sheldon, told the court that Noah was solicited by older co-conspirators and drawn into what he believed to be a game. “This isn’t about placing the blame on Coinbase or any other organization,” she said, “but Fortune 500 companies like AT&T and T-Mobile were so easily deceived by a group of teenagers.”
Noah apologized to the victims and their families, promising to spread awareness of the exploitation he was responsible for. "Whenever I can get out, I want to focus on bettering myself," he said.
But he didn't receive the forgiveness he had hoped for. U.S. District Judge Harvey Schlesinger, an 85-year-old former prosecutor who has served on the bench since 1991, read statements from several of Noah's victims, including a former firefighter who had counted on his cryptocurrency reserves to pay for IVF treatment and a retiree who was forced to take a job as a courier after losing his money. A business owner from Minneapolis, whose cryptocurrency reserves, hundreds of thousands of dollars intended for his children, were stolen by Noah, sat in the gallery at the sentencing.
The judge sentenced Noah to 10 years in prison—longer than prosecutors had requested. The judge said that although most of Noah's crimes occurred as a juvenile, he was clearly "smarter than most." The longer sentence was hoped to serve as a deterrent. He barely moved as the judge read out a long list of victims to whom he owed debts and ordered him to pay $13.4 million in restitution.
The next night, Noah called from jail. He said he regretted hurting his family and the victims, but he seemed hopeful about the friendships he'd formed. "I'm not saying what I did was good—it's a horrible community, and what I did was bad," Noah said. "But I love my life. I love who I am. I'm glad I got to live it the way I did."
