A Singapore court has sentenced Zhang Xinghua, a 38-year-old Chinese national, to two years in prison for his role in a $6.9 million cryptocurrency theft from crypto exchange SafeX, in a case that highlights the growing threat of insider attacks in the digital asset industry.
Zhang, a former employee of King Coder, conspired with colleagues to drain SafeX’s crypto vaults after a business relationship between King Coder and SafeX’s parent company DTL broke down. The scheme resulted in the theft of $6.9 million (S$8.8 million) in cryptocurrency, making it one of the more significant insider-driven crypto crimes prosecuted in Singapore.
Zhang pleaded guilty to conspiracy to misuse a computer system and dealing with benefits of criminal conduct. The case underscores a pattern of growing enforcement activity across crypto markets as regulators worldwide tighten oversight of digital asset platforms.
How Former Employees Exploited Privileged Access
The theft was not a sophisticated external hack. It was a calculated inside job carried out by individuals who had legitimate access to SafeX’s infrastructure through their employment at King Coder.
Co-conspirator Chen Chong Xin, who remains at large, accessed SafeX’s cryptocurrency vaults without authorization on three separate occasions between June and August 2025. The unauthorized access exploited credentials and system knowledge retained from the King Coder-DTL business relationship.
Once the funds were extracted, Zhang moved to obscure the trail. He laundered over $1.6 million of the stolen cryptocurrency through Tornado Cash across two transactions in July and August 2025, using the mixing protocol to break the on-chain link between the stolen funds and their destination wallets.
The scheme unraveled in August 2025 when SafeX’s internal systems triggered a low-balance alarm on its wallets. The automated alert prompted an internal review, which led to a police report filed with Singapore’s Cybercrime Command. The discovery highlights how even basic treasury monitoring tools can serve as a critical line of defense against insider threats, a concern that extends to institutional players entering the crypto space through products like spot Bitcoin ETFs.
$4.8 Million Remains Beyond Singapore’s Reach
Singapore authorities have seized or frozen approximately $2.1 million linked to the case. However, roughly $4.8 million remains outside Singapore’s legal jurisdiction, sitting in private wallets and on external platforms that Singapore authorities cannot compel to return funds.
Zhang made approximately $95,000 in restitution in Bitcoin, transferred through his wife’s Binance account. According to unconfirmed court statements, Zhang would have received more than $886,000 as his personal share of the stolen proceeds had police not intervened.
A third unnamed accomplice’s case reportedly remains pending in Singapore courts, according to a single source, though this has not been confirmed by official court records. Chen Chong Xin, the co-conspirator who carried out the actual vault access, is still at large.
Singapore’s Crypto Enforcement Apparatus in Action
The SafeX case was prosecuted under Singapore’s Computer Misuse Act, which carries penalties of up to two years’ imprisonment and a fine for first-time offenders convicted of unauthorized computer access. Zhang faced additional charges for money laundering under provisions covering dealings with benefits of criminal conduct.
Singapore’s Cybercrime Command led the investigation, reflecting the city-state’s investment in specialized crypto enforcement units. Singapore’s Crypto Tracing Team, operational since March 2025, has recovered over $22 million in cryptocurrency proceeds across various cases.
The broader enforcement landscape in Singapore shows progress. In 2025, the country recorded $913.1 million in total scam and cybercrime losses, a decline of roughly 18% from $1.1 billion in 2024. Cryptocurrency losses accounted for approximately one-fifth of all scam losses that year, and total scam and cybercrime cases fell 24.8% to 41,974, down from approximately 55,900 in 2024.
The SafeX case stands as a cautionary example for crypto firms operating in Singapore and across Asia-Pacific. The insider threat vector, where former employees or contractors exploit retained access after business relationships sour, remains one of the most difficult attack surfaces to defend against. Unlike external hacks that can be mitigated with better perimeter security, insider threats require robust access revocation protocols, continuous monitoring, and compartmentalized key management.
As Singapore continues positioning itself as a regulated crypto hub, cases like this signal that authorities are willing to pursue and prosecute crypto crimes aggressively. But with $4.8 million from this single case still beyond recovery, and tools like Tornado Cash available to launder stolen funds across jurisdictions, the challenges facing digital asset recovery remain significant.
Disclaimer: This article is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency and digital asset markets carry significant risk. Always do your own research before making decisions.
