Mastermind Behind French Crypto Kidnappings Caught in Morocco

A wave of crypto-related criminal enforcement swept across multiple countries over the past few days. French officials praised Morocco's cooperation, and pointed out that Bajjou was subject to an Interpol red notice for his involvement in previous attacks. Meanwhile, Ukrainian authorities apprehended a man accused of a massive cryptojacking operation that compromised over 5,000 accounts at a global hosting firm. The scheme was active since at least 2018, and reportedly caused more than $4.4 million in damages through unauthorized crypto mining. In the United States, the SEC scored a legal win against Keith Crews, who was found liable for a $1.1 million crypto fraud involving the bogus “Stemy Coin.”

Crypto Kidnapping Suspect Arrested

A 24-year-old French-Moroccan man, Badiss Mohamed Amide Bajjou, was arrested in Morocco for allegedly orchestrating a series of high-profile kidnappings in France to steal cryptocurrency. Acting on a request from French authorities, Morocco's national police and intelligence agency apprehended Bajjou, who was reportedly found in possession of several mobile phones and bladed weapons. His arrest was confirmed by France’s Minister of Justice, Gérald Darmanin, who praised Morocco for its cooperation and the strength of the two nations’ judicial collaboration in combating organized crime.

Interpol red notice for Badiss Mohamed Amide Bajjou

Interpol issued a red notice for Bajjou in 2023 because of his links to multiple criminal activities, including kidnappings targeting individuals connected to the cryptocurrency sector. The most recent incident occurred on May 13, when attackers tried to abduct the daughter and grandson of Pierre Noizat, the CEO of French crypto platform Paymium. The dramatic attack was captured on video by bystanders, and shows Noizat’s daughter bravely fending off the masked assailants. They ultimately fled the scene in a waiting van.

Earlier in May, Paris police also rescued the father of a crypto entrepreneur who was held for several days in connection with a €7 million ($7.8 million) ransom plot. And in January, David Balland, co-founder of Ledger, was kidnapped from his home and held captive for a day before being rescued by police.

In response to this growing threat, French law enforcement is stepping up security measures for crypto executives and their families. These include giving them priority access to emergency police lines, conducting home security assessments, and providing safety briefings to ensure they follow best practices during the alarming rise in crypto-targeted kidnappings.

Ukrainian Hacker Busted for Cryptojacking Scheme

In Ukraine, police arrested a 35-year-old man from the Poltava region for allegedly conducting a years-long cryptojacking operation targeting an international hosting company. According to a statement that was released on June 4 by Ukraine’s National Police cyber division, the suspect is accused of breaching the company’s security systems to access over 5,000 customer accounts. 

National Police of Ukraine investigation

Once inside, he reportedly deployed unauthorized virtual machines and cryptocurrency mining software, siphoning off computing power and electricity without detection or payment. This unauthorized use of resources is often referred to as cryptojacking. In this case, it is estimated that the man caused damages exceeding 185 million Ukrainian hryvnias, or approximately $4.4 million.

Authorities believe the suspect was active since at least 2018 by exploiting vulnerabilities in corporate cybersecurity systems and hopping between regions—including Poltava, Odesa, Zaporizhia, and Dnipropetrovsk—to avoid detection. During a search of his residence, police seized computer hardware, mobile phones, and bank cards, along with a range of digital evidence. Investigators say they found tools and data suggesting the suspect was active on hacker forums and that he had access to a variety of compromised email accounts, crypto wallets, and software used for managing large-scale mining operations remotely.

Some of the items found in the hackers home (Source: National Police of Ukraine)

The man is now facing charges related to unauthorized interference in the operation of electronic communication networks. If convicted, he could face up to 15 years in prison. Additional penalties could include a ban on working in IT, communications, or any profession that would provide him access to electronic communication networks for up to three years. Authorities indicated that the investigation is still in its preliminary stages, and more charges may be filed as the case unfolds.

This arrest follows a similar incident in the United States last year, where a man was charged with wire fraud and money laundering after allegedly defrauding cloud computing firms to mine almost $1 million in cryptocurrency. This case now adds to the growing list of criminals exploiting corporate infrastructure for illicit mining activities.

Stemy Coin Promoter Ordered to Pay Over $1M

In a separate case, the US Securities and Exchange Commission (SEC) secured a $1.1 million court victory in a crypto fraud case after the defendant failed to respond to the charges. A Georgia federal judge issued a default judgment on June 3 against Keith Crews, who was accused by the SEC of running a fraudulent crypto scheme and never responded to the agency’s lawsuit that was filed in August of 2023. 

Default ruling in favor of the SEC

Judge Tiffany Johnson ruled in favor of the SEC and ordered Crews to pay over $1.1 million, including $530,000 in disgorged profits, nearly $51,000 in prejudgment interest, and a civil penalty of another $530,000. In addition to the financial penalties, Crews was permanently barred from committing future violations of federal securities laws.

According to the SEC’s original complaint, Crews allegedly operated a crypto scam under the guise of two companies, Four Square Biz and Stem Biotech, between October of 2019 and May of 2021. The agency claimed that he raised approximately $800,000 from around 200 investors through the sale of a token called “Stemy Coin,” which he marketed as a crypto asset backed by cutting-edge stem cell technology and physical assets like gold. Many of the investors were reportedly targeted through community and church-based relationships, particularly in African-American communities.

The SEC alleged that Crews misled investors by claiming his company had functioning labs, a line of products, and partnerships with research teams and doctors—none of which actually existed. Investigators found that neither Four Square Biz nor Stem Biotech had any real operations, products, or connections to the stem cell industry. The complaint mentioned violations of several federal securities laws, including anti-fraud and registration provisions under both the Securities Act and the Exchange Act.

This ruling is a rare enforcement win for the SEC in the crypto sector, particularly after the agency scaled back some of its digital asset crackdowns under the Trump administration in 2025. Nonetheless, it still means that fraudulent behavior in the crypto space is on the agency’s radar, and those who ignore regulatory proceedings may still face penalties.