On a dreary British day in January 2018, two men, one in a wheelchair, the other pushing him, sped through Manchester Airport on their way to catch an Emirates jumbo jet to Dubai.
James Parker, an unemployed man living in the English seaside town of Blackpool, and Stephen Boys, a financial adviser making a modest living, were on their way to the United Arab Emirates to invest their haul from a crypto heist as simple as it was effective. A fitting crime for an age of doggy tokens and virtual apes.
As the two 54-year-olds were waiting to board, Parker’s mobile buzzed from an Australian phone number. After listening to the mystery caller, Parker only needed to say a few words before hanging up: “F**k off, I’m not a thief.”
On the other end of the phone was the founder of an Australia cryptocurrency exchange, CoinSpot, who used a private investigator to trace Parker all the way to Northwest England. His name was Russell Wilson and he told Parker what he should have been expecting—that he had stolen millions, and he wanted it back.
One year later, Parker and Boys were facing arrest warrants. What became clear after a two-year police investigation and a six-week jury trial at Preston Crown Court in 2022 was that Parker and his unlikely mob had cheated the firm out of A$37 million ($24.5 million).
Beyond the billions of Sam Bankman-Fried and the FTX scandal, crypto fraud on a smaller scale has become a problem for British law enforcement. The value of UK cryptocurrency fraud leaped 32 percentto £226 million last year, according to data from Action Fraud, the UK’s reporting center for fraud. Trade body UK Finance called the problem an “epidemic.”
Back at Manchester airport, the call from CoinSpot’s angry owner accusing Parker of being a criminal didn’t faze them. Parker was about to take the scheme global. During this trip, and multiple others, Parker and his associates cashed out cryptocurrency into UAE accounts and laundered the returns. Police uncovered properties, jewels, pictures of cash and gold piled high, and a Dubai villa allegedly bought from mysterious Russians with a suitcase of cash.
The scheme took place not in an offshore enclave in the Bahamas, but in a town that few would associate with the democratization of investment fraud. Blackpool, famous for sticks of rock and an old-school theme park, struggles with some of the highest levels of deprivation in the country.
Parker’s swift rise and fall was compiled from court proceedings in the city of Preston, court documents and interviews with police, lawyers and some of the participants in the fraud.
Bed-bound from smoking-related illnesses—chronic obstructive pulmonary disease—Parker began dabbling in cryptocurrency in 2017. He had once done technical drawings, but he was no tech expert. Parker spent most of his time reading about conspiracy theories and discovering the world of crypto, which was just coming to mainstream attention. Using his disability benefits to trade tiny fractions of Bitcoin, he stumbled upon a flaw on CoinSpot’s exchange.
It was simple: If he offered a Bitcoin for sale and then went through the motions to buy it back, the computer system would record him as still having that Bitcoin and wrongly credit his account with the sale. If he sold one coin on the exchange worth £1,000 ($1,247), then bought it back, he would double his money.
From his one-bedroom apartment teeming with mold, Parker exploited the glitch on an industrial scale. While prosecutors said he was unlikely to have understood how it worked, all that mattered was he was making money. Fast.
Parker went on to exploit the flaw in the system hundreds of times between September 2017 and January 2018. Police records show that on Christmas Day 2017, Parker stole credits of A$159,000 in less than one minute. He also used his CoinSpot account to generate as much as A$3.3 million on the night before one of his trips to Dubai with Boys.
But he couldn’t just open an Australian bank account from England and cash it out. Instead, he used his credits to buy more Bitcoin, then moved it to a different platform where he could transfer it. In a matter of months, Parker went from having nothing to being a millionaire. By November 2017, he had moved into a room at the North Euston Hotel in nearby Fleetwood.
Crypto crime has soared in the years since these events took place, as the industry has burst into the mainstream. Last year was the biggest year ever for crypto hacking, with $3.8 billion stolen from cryptocurrency businesses globally, according to data from Chainalysis, a US blockchain analysis firm. Meanwhile, Chainalysis data showed that almost $23.8 billion worth of cryptocurrency was laundered in 2022, a 68 percentincrease from the previous year’s $14.2 billion.
Parker viewed himself as a crypto Robin Hood, giving thousands of pounds worth of Amazon vouchers to the homeless. He insisted on buying drinks for everyone at the hotel bar and bought a fleet of cars including Mercedes and Ford Focuses for those close to him.
Parker began to share the glitch with a group of friends and acquaintances that would help him make the most of it. He first recruited his live-in helper, James Austin-Beddoes, 28, to create accounts and exploit the bug. Later at the hotel, he met Jordan Robinson, 24, who was pulling pints behind the bar. Then came Kelly Caton, 45, the mother of Robinson’s girlfriend. CoinSpot accounts were set up for all and the money kept rolling in.
Explaining the glitch to his friend Phoebe Davies, he told her he was making a lot of money “f**king with a website.” Davies didn’t understand how it worked and told Parker she thought he would end up in serious trouble. Parker, unhappy with her response, stopped talking to her within days.
The expansion, however, was one of the mistakes that began to unravel the crime. CoinSpot only spotted the fraud as the volume increased. Russell Wilson was desperate and launched an internal probe, which led to discovery of Parker’s accounts.
Wilson said he even made a call to the Lancashire police, but an operator didn’t believe an Australian company was the victim of a multimillion crypto fraud run from Blackpool.
Worried about whether others could learn about the glitch, Wilson decided to make a deal with Parker and Boys. Around 436 Bitcoin would be returned as part of an agreement brokered by Boys and a promise Wilson wouldn’t pursue the matter.
A spokesperson for CoinSpot said Wilson was unavailable to comment. They said that CoinSpot customer funds and personal information were never compromised, and its funds are audited yearly.
But in the end, the group’s demise didn’t come from CoinSpot.
Suspicion and greed had set in among Parker and his cronies. Parker and Boys were fighting over which houses were in whose names. Caton, who had removed herself from the group, started exploiting the platform herself. Her Google history was littered with worried searches like is it “illegal to make money from a glitch.”
The plot ended in a similarly hapless fashion. Caton’s daughter allegedly stole a Bitcoin and an incensed Caton reported it to the police. When police interviewed her daughter, the only thing she would say was that they should investigate where her mother really got the crypto.
Robin Hood story?
David Wainwright, the genial sergeant who led the police investigation, said that in 2019 the Lancashire force’s understanding of cryptocurrencies was minimal and against that backdrop, it turned out to be one of the most fascinating cases he ever investigated. The probe was nicknamed “Project Eucalyptus” in a nod to its Aussie roots.
“It felt like a Hollywood movie,” Wainwright said in an interview. “Far from being a Robin Hood type story, this was other people’s money that they were spending on luxury goods.”
Parker passed away in January 2021, before charges could be filed against him. The cause of death was the impact of his smoking-related illness mixed with other factors.
The last time Wainwright interviewed Parker, he told him: “I’ll be dead within the year.”
More than a year after Parker’s death, Caton, Robinson, Austin-Beddoes, and Boys pleaded not guilty to multiple criminal charges relating to the fraud. Austin-Beddoes pleaded guilty to a count of converting criminal property.
Boys contended he thought Parker’s money had come through legitimate means and he never knew about the glitch, but a forensic accountant found evidence of £1.9 million funneled into his bank account, with only a small fraction being legitimate. He was tried for money laundering.
In an e-mail from Berwyn Prison in north Wales, Boys strongly maintained his innocence and said that he is appealing the verdict. He said he was a victim of “false testimony” and that a juror communicated with one of the co-defendants during the trial. He said that he had a “40-year unblemished career” in the financial industry and that “all he ever did’” was try to help reach a settlement with CoinSpot after he was made aware of the glitch.
Caton’s defense was that nobody lost out because of the glitch, and it was the platform’s problem – not hers. But the jury didn’t see it that way given they didn’t disclose their sudden source of wealth to anybody else.
Lawyers for the other defendants could either not reach their clients or did not respond to a request for comment.
Parker’s culpability was vital to the trial. The jury had to decide whether he had committed wrongdoing to be able to convict the others. The jury did and all four were found guilty. One man was cleared.
In the Preston court in January of this year, the ragtag group stood together waiting for their sentence. The judge, remarking on the lack of remorse from most of them, sentenced them collectively to 26 1/2 years in prison. Austin-Beddoes was the only one to get a suspended sentence and spared jail. Boys, before being taken away, gave a salute to his family in the public gallery.
“In 2019 our understanding of crypto and how to search for it was minimal,” Wainwright said. “The sentencing of the suspects is not the end of the line however, there are millions of pounds of missing money still out there.”