It was a high tech caper, involving a fake Uber and a $1.8 million digital currency heist, but it was old-fashioned stupidity that led Louis Meza to get caught. Meza not only bungled a kidnapping but made a major mistake that helped cops recover the loot.
News of the crime came first surfaced in December, but the New York District Attorney’s office has since shared new details with Fortune.
It all began in a Ruby Tuesday’s restaurant in Times Square, where Meza met his victim, a business associate, who had earlier disclosed he was an early investor in Ethereum. The cryptocurrency was once worth pennies but last year soared to over $1,000.
On leaving the restaurant, Meza told his associate he had hired an Uber minivan to transport him home, and insisted he get in. Unfortunately, the “Uber” didn’t get very far before a gunman popped up from the back seat and demanded the victim hand over his phone and apartment keys, according to the initial report of the event.
A prosecutor from the DA’s office, who spoke on the condition of anonymity, added the gunman also demanded the victim hand over a 24-word password to his Ledger Nano S—a device known as a hardware wallet that lets users store digital currency offline and safe from hackers (though not from kidnappers).
The victim eventually escaped his ordeal by running into a deli, but not before Meza had used his keys to enter his apartment and steal the hardware wallet, using the password to transfer the Ethereum to his own account. At the time of the kidnapping, one unit of Ethereum was worth $308—it’s currently worth around $1,120, a more than four-fold increase.
Get Data Sheet, Fortune’s technology newsletter.
Unfortunately for Meza, the would-be mastermind, he made two fateful errors. The first was being seen by the apartment building’s surveillance camera, which helped to confirm he was behind the kidnapping. He also boasted the very next day about being a cryptocurrency player.
The second mistake is more surprising: According to the prosecutor, Meza transferred the stolen funds to an account under his own name at a well-known U.S. digital currency exchange, and converted the Ethereum to bitcoin.
This decision made it possible for the DA’s office, which has a reputation for technical prowess, to recover the bitcoin from the exchange and from an online crypto-lending service where Meza had deposited it as collateral.
Meza’s mistake is a head-scratcher because he knew enough about cryptocurrency to understand hardware wallets—and should have known that, if he had transferred the funds to his own such wallet, they would have been very hard to trace. Instead, he sent them to the cryptocurrency world’s version of Chase Bank, making it possible for the DA’s office to locate and seize them.
More broadly, the New York DA’s Office says the misadventures of Meza and his victim reflect how digital currency is becoming a part of not only cyber-crimes, but run of the mill criminal activity, including robbery and kidnapping. Indeed, a troubling trend may be underway as, in December, crooks in the Ukraine kidnapped a bitcoin analyst and help him ransom until he paid them $1 million worth of bitcoins.
A final wrinkle in Meza’s misadventure is the challenge posed to law enforcement when crooks move funds around in the volatile cryptocurrency markets. In the case of Meza, his decision to convert the robbery proceeds into Bitcoin—which shot up at a much faster rate than Ethereum—meant the recovered funds were worth much more than when he stole them, raising the question of whether the victim or law enforcement should get the windfall.
An earlier version of this story said the victim invested in Ethereum in 2012, based on information from the DA’s office. Ethereum was not created until 2014. The story has been updated.