Ricky Handschumacher’s first step on a path that would earn him millions of dollars in stolen cryptocurrency and a run-in with the law happened during a game of Halo 3.

His Xbox screen went black for a few minutes while he was playing the futuristic first-person shooter game that pits humans against aliens. When it returned to normal, he had been killed. He was the victim of a form of videogame cheating called “standbying."

A gamer friend on his high-school baseball team told Handschumacher about an online forum where he could learn how to use this technique, which he began doing within a few days. Just 16 at the time, he had unwittingly stumbled into a compelling and chaotic community, eventually known as the Com, that was pushing the limits of online behavior.

Over the next 15 years this group of gamers and hackers would grow up with Handschumacher, emerging as a major cybersecurity threat. They developed techniques that would wreak havoc on American technology and telecommunications companies, while earning some members millions of dollars in theft and extortion payments.

“We’ve seen an uptick in the severity of and the sheer number of folks who are at a very young age committing serious cybercrimes," said Will McKeen, a supervisory special agent with the Federal Bureau of Investigation. Learning about gaming cheats is often the first step, he said. “It starts you down that pathway toward a comfortability with doing things that are kind of against the rules, and no one’s checking you and saying, ‘Hey, you know if you do that that actually crosses a line.’"

Today, more seasoned hackers are recruiting kids from the gaming world, said Allison Nixon, chief research officer at online investigations firm Unit 221B. “There’s a talent pool in those videogames that can be drawn from and fraud groups have realized this."

To “standby" a fellow gamer, Handschumacher launched a cyberattack known as a distributed denial of service, or DDoS, against his gaming rival. He could go to websites that would charge him about $10 a month to launch the attacks—crushing his opponents with a flood of unwanted internet traffic. In the gaming world, the DDoS attacks would paralyze his rivals as he moved about the Halo world, killing them one-by-one. “It was like getting free wins," Handschumacher said. “You felt like you were in control and there was nothing they could do to stop you."

That was just the beginning. The son of a nurse at the county’s sheriff department, Handschumacher was a popular student who liked to Rollerblade and batted nearly .400 on his high school baseball team. Online, his social skills made him very good at talking technology companies into giving him access to accounts.

The forum where Handschumacher learned about DDoSing became an online school for the budding hacker. He could see that people were buying and selling Xbox accounts just because they had a username—or gamer tag—that was cool. His Xbox username was r1cky6, but he wanted something better. He wanted Wolverine.

To get the Wolverine account, he called up account support for Zune, a Microsoft music app that was linked to Xbox accounts, and said he had questions about his account. Then he asked for a reference number so he could call back. He cut the call off before proving his identity.

A few minutes later, he called again and gave the reference number. The person on the phone gave him the name of the email account without requiring him to answer security questions.

Next, he called Wolverine’s email provider and said he was hacked and needed back in. Handschumacher doesn’t remember exactly how he bluffed his way into the Wolverine email account. He said the questions were often easier to answer at that time, and he was often able to guess successfully.

Tricking employees or finding loopholes in customer support systems is known as social engineering, one of the calling cards of the Com. It was a key component of the 2023 hack of MGM Resorts and many other break-ins. And Handschumacher discovered that he was very good at it.

Soon he was making tens of thousands of dollars stealing and selling account names. He was part of a community that called itself OG Users, named after a website where people could buy and sell online names. The OG Users crew made it their mission to seize control of the most coveted names—so-called original gangster names—in gaming networks or social-media platforms like Instagram and Twitter.

At the top of the food chain were single letter account names. But numbers, names of celebrities and popular first names would also do.

“These things became currency," said Timothy Wyse, a Justice Department attorney who prosecuted Handschumacher and his crew. “I don’t think anybody understood how valuable these things were going to be."

By 2017, though, the budding hackers had realized that the most valuable accounts of all were the ones associated with cryptocurrency.

By now, Handschumacher was working a regular job cleaning up city parks and streets in Port Richey, Fla. But he had a second life as a cryptocurrency thief. Some days, while cleaning up at the park, he would get a text message from his friends in the Com. They were ready to do a job and could he help out? Using just his iPhone, he would sit in his truck and help them steal millions of dollars in cryptocurrency.

Accounts on cryptocurrency exchanges were protected by more than a simple password. In a push to lock down security, technology companies had made the text message the center of the consumer cybersecurity universe. But to the Com kids, gaining control of text messages was simply a matter of taking over another account: the victim’s phone number.

They developed a technique, called SIM swapping, to steal control of people’s phone numbers. It worked because the hackers could convince phone companies that they were legitimate customers who had purchased new phones—and that the victim’s phone number should be linked to a brand new SIM card—the little white chips that ship out with mobile phones.

A SIM swap is essentially a race. In one lane is the victim, abruptly cut off from cellular service, trying desperately to recover control of the phone number. In lane two a group like Handschumacher’s crew is trying to break into accounts and steal cryptocurrency before this can happen. By 2018, they had paid off insiders at mobile-phone companies and could break into cryptocurrency accounts in just under two hours, according to court records.

During one theft in May of 2018, Handschumacher and three others stole 57 bitcoins—worth just over half a million dollars at the time—by SIM swapping a phone, according to a transcript of their Telegram chat viewed by The Wall Street Journal.

One team member chatted with an employee at the phone company, transferring the mobile service to a phone held by another member of the crew. That person coordinated with another hacker to, one by one, reset email and cryptocurrency accounts and steal funds. Handschumacher would coordinate the account takeovers and he would do the advance work—compiling a dossier of the victim’s personal information that the hackers and phone company employee would need to effect the SIM swap and digital theft.

“Gonna buy some Gucci tomorrow," one of the hackers said after realizing that his payout would amount to more than $125,000.

Federal prosecutors typically avoid charging minors, according to current and former law-enforcement officials. Hackers often feel that they can act with impunity when they are under 18, according to the FBI’s McKeen. It is common in the hacking community for them to hear that “law enforcement isn’t coming for you," he said.

Handschumacher met someone online who was willing to convert his bitcoin to cash and send it to him via the mail. He spent the cash on VIP service at nightclubs, $300 sneakers, new Jet Skis and an $80,000 Ford F-250 truck with a Kelderman air suspension.

His mother asked him where the money came from and he told her he had made it investing in bitcoin. At one point he helped his grandmother buy Ethereum, another cryptocurrency.

Two months after the SIM swap, police showed up at Handschumacher’s door with a search warrant and arrested him. The mother of one of the hackers in his crew—a juvenile—had called police after hearing her son impersonate an AT&T employee on the phone.

Handschumacher was convicted in 2021 at the age of 28 and sentenced to 48 months in federal prison, more than a decade after his introduction to the world of the Com. He was released this past May after serving 27 months.

He missed out on years with his two children, now aged 11 and 3, and had time in prison to “snap into reality," and reflect on the chaos and the trouble he caused his victims. “I was younger," he said. “It’s not an excuse, but you don’t understand what you are doing."