As the digital currency world expands, so does its dark side, with billions of dollars falling into the hands of hackers, scammers, and even trusted founders.
The crypto industry, known for its lack of clear regulation and wild price swings, once seemed rife with potential scammers looking to steal from the unwary. While steps are being taken to provide regulatory clarity for crypto worldwide, price volatility and theft are still concerning issues.
In 2022 alone, data from Chainalysis shows that bad actors made off with more than $3.8 billion in crypto, most of it stolen from decentralized finance (DeFi) protocols by North Korea-linked attackers such as the Lazarus Group.
The amount was a 15% increase over 2021 when records show hackers and scammers stole about $3.3 billion worth of digital assets.
In the first quarter of 2023, 57 cases of crypto theft were reported, with extrapolations of those figures suggesting there could be as many as 228 incidents by the end of the year.
Hacks account for a large portion of the money lost in the digital asset industry, but cases of crypto founders and developers absconding with users’ funds have become quite prevalent.
Such thefts usually take the form of rug pulls, where developers abandon projects midway and flee with investor funds. Ponzi schemes are also popular for malicious crypto founders to steal money from unsuspecting crypto investors.
In this article, we’ll explore several incidents where those entrusted with keeping user funds safe betrayed that trust and stole millions of dollars worth of crypto from their customers.
Faruk Fatih Özer (Thodex)
Faruk Fatih Özer, the founder and former CEO of Thodex, one of Turkey’s largest cryptocurrency exchanges, has become notorious in the global crypto industry.
Özer formed Thodex in 2017 as Koineks Teknoloji, making it the fourth crypto exchange in Turkey. The company went global in 2020, changing its name to Thodex in March.
It also allegedly received a “license” to operate as a Money Service Business (MSB) from the U.S. Financial Crimes Enforcement Network (FinCEN) the same year.
Özer was the driving force behind Thodex until he abruptly disappeared, and the exchange ceased operations on April 22, 2021, leaving thousands of investors in the lurch.
Before going offline, Thodex had nearly 400,000 active users trading almost $600 million in crypto, according to a lawyer who filed a complaint against the exchange.
After thousands of users started complaining about being unable to access their funds, the Thodex CEO took to Twitter (now X) and gave a vague explanation about a “temporary shutdown” due to cyberattacks.
However, subsequent communication about the status of investors’ funds was nonexistent, leading to speculation that Özer had jumped ship to Albania with $2 billion of the said funds.
Demirorn News Agency, a leading media organization in Turkey, added fuel to the fire when it published a photograph of Özer departing from Istanbul’s international airport. It escalated fears among investors and users with funds tied up in the exchange.
Subsequently, Turkish authorities issued an international arrest warrant for Özer, resulting in the detention of 62 people across eight cities, including some of Özer’s siblings.
The 27-year-old was apprehended in Albania and extradited to Turkey in early 2023. He was charged with forming a criminal organization, committing fraud, and laundering earnings from unlawful activities.
The indictment estimated losses at 356 million lire ($24 million), but a Chainalysis report published on Dec. 16, 2021, suggested a significantly higher figure of $2.6 billion.
In July 2023, Özer was initially sentenced to 7 months and 15 days in prison by the Anatolian 17th Criminal Court of First Instance for failing to provide tax documents, much to the chagrin of former Thodex investors.
However, on Sept. 8, 2023, the Anatolian 9th Heavy Penal Court found Özer guilty of aggravated fraud, money laundering, and leading a criminal organization. The court sentenced him, along with two of his siblings, to 11,196 years in jail.
Stefan He Qin (Virgil Sigma)
Stefan He Qin was the founder of Virgil Sigma and VQR Multistrategy Fund LP, two crypto hedge funds that dipped with $123 million belonging to investors.
Qin, a 19-year-old Australian college dropout, started his cryptocurrency journey with a promise. His fund, Virgil Sigma, claimed to earn profits as high as 500% from arbitrage opportunities in the digital currency market. It allegedly involved a proprietary algorithm called Tenjin that monitored crypto exchanges around the world and exploited the price differences of digital currencies sold on them.
Qin’s objective was to create a platform connecting two trading stations in China and the U.S. to help arbitrage Bitcoin (BTC). He assured prospective users that funds invested on his platform would be immune to price volatility since Virgil Sigma was “market-neutral.”
The strategy attracted dozens of investors, including many in the United States. However, things were far from rosy beneath the surface of this seemingly lucrative operation.
According to the Securities and Exchange Commission (SEC), Qin and his entities have defrauded investors since at least 2018. He provided false balance statements to investors and made material misrepresentations about the fund’s strategy, performance, and financial condition.
The unraveling of Qin’s scheme came when he failed to meet redemption requests from investors. To cover up the fraudulent activities, he attempted to steal funds from another fund he controlled, the VQR Multistrategy Fund LP. This desperate move only served to expose his shady dealings further.
But what led to such a dramatic downfall? Reports suggest that Qin’s lifestyle played a significant role. The Virgil Capital founder was known to have siphoned off millions to fund a lavish lifestyle. According to reports, Qin grew so wealthy that he signed a contract for a $23,000-a-month condominium at 50 West, a 64-story luxury condo skyscraper in Manhattan with a pool, sauna, steam room, and hot tub.
Qin blamed bullies, “sugar babies,” and his own greed for the $123 million fraud. He surrendered to U.S. authorities on Feb. 4, 2021, pleading guilty to one count of securities fraud.
For his crimes, the self-proclaimed math prodigy was sentenced to seven and a half years, including three years of supervised release.
Paul Vernon (Cryptsy)
Paul Vernon was the founder and CEO of Cryptsy, a once-prominent crypto exchange, and the central figure in one of the most notorious scandals in the crypto industry.
Cryptsy was an internet startup operated by Project Investors Inc., and it focused on the trading of digital currencies, with more than 90 types available.
However, in January 2016, the platform’s reputation took a turn for the worse when users began reporting issues with withdrawing funds from their accounts. It subsequently went bust, leaving users in a lurch.
According to reports, Vernon was an early Bitcoin adopter and serial entrepreneur. Before launching Cryptsy, he founded several other companies, including a web-hosting platform specializing in x-rated sites.
By late 2013, Vernon claimed Cryptsy was handling more than 30,000 trades every day, but the following year, trouble reared its ugly head, with users complaining of being unable to access their funds.
The 48-year-old Delray Beach native later told Cryptsy employees that the exchange had been hacked and millions of dollars worth of crypto had been stolen. He shared the same information with users more than a year later after he fled to China.
Vernon claimed he went to China to try and rejuvenate the company to get back user funds. In 2022, six years after the collapse of Cryptsy, Vernon was charged with several crimes, including orchestrating a two-year scheme to steal more than $1 million worth of crypto from users of the exchange.
Ruja Ignatova (OneCoin)
Ruja Ignatova, famously known as the Cryptoqueen, left a mark in the crypto industry that’s hard to forget. With a doctorate in law from the University of Konstanz and experience at McKinsey & Company, her credentials were impressive. But behind this facade, she was the mastermind of one of the largest scams in the history of cryptocurrency, OneCoin.
Founded in 2014, OneCoin was marketed as an investment opportunity that would yield high returns. It lured investors into buying educational materials bundled with tokens, which they could then mine to earn OneCoin.
The company claimed users could trade these coins on an independent exchange. However, according to FBI, all this was a lie. OneCoin was not a real cryptocurrency.
Unlike legitimate digital currencies such as Bitcoin or Ethereum (ETH), which are decentralized and can be traded freely on various exchanges, OneCoin was neither actively traded nor could the coins be used to purchase anything. The so-called “independent exchange,” which OneCoin itself controlled, was a fraud that gave the appearance of a thriving market.
The scheme was a multi-level marketing network where members earned commissions for recruiting others to buy these cryptocurrency packages. In essence, it was a classic pyramid scheme. According to the US Department of Justice, OneCoin operated as a fraudulent scheme, defrauding people out of more than $4 billion.
Ignatova served as OneCoin’s top leader until October 2017. On Oct. 25, 2017, she traveled from Sofia, Bulgaria, to Athens, Greece, and since then, she has vanished. Despite her disappearance, the scam continued, and people were still being defrauded.
In 2018, Bulgarian authorities raided OneCoin’s Sofia headquarters, arresting the company’s co-founder, Karl Sebastian Greenwood, and Ruja Ignatova’s brother, Konstantin Ignatov. They then deported Greenwood to the United States, where he pleaded guilty to his role in the scam and now faces up to 60 years in jail.
Meanwhile, Ignatova remains at large and is on the FBI’s most wanted list. However, unconfirmed reports claim she was murdered in 2018 on a yacht in the Ionian Sea on the orders of infamous Bulgarian drug lord Christoforos Amanatidis.
Beerus and Ersan (AnubisDAO)
AnubisDAO was a dog-themed defi project that appeared on the scene in October 2021 with much fanfare. The sale of its native ANKH token was an instant hit, raising about $60 million in just a day.
However, the jubilation was short-lived as the project soon lost control of its liquidity pool, leading to a loss of $60 million in what many analysts believed was a rug pull incident. In the case of AnubisDAO, the founders allegedly made off with 13,556 ETH from crypto investors.
The project marketed itself as a fork of OlympusDAO, a decentralized autonomous organization building and managing the OHM reserve currency. It began with a Discord server and an X account but had no official website or whitepaper. Furthermore, the developers used pseudonyms, making it difficult to hold anyone accountable.
In July 2023, blockchain security firm Peckshield revealed that funds from the AnubisDAO heist had been moved to Tornado Cash in batches of 100 ETH in an apparent attempt to launder them.
On-chain analyst ZachXBT provided more information regarding the incident, including the possible identities of the masterminds behind the rug pull.
He was able to track down a 95 ETH transaction to an address belonging to an individual going by the pseudonym Beerus. This individual was reportedly responsible for dealing with the liquidity bootstrapping pool (LBP) on the OlympusDAO fork.
Further research by ZachXBT revealed the other address in the transaction belonged to a friend of Beerus called Ersan. Another blockchain analyst, Warren, linked Ersan to several scam websites, high-level online gambling schemes, and dodgy payment processors.
StableMagnet was a purported automated market maker (AMM) whose creators stole upwards of $27 million from users in June 2021.
The developers took advantage of a blindspot in blockchain explorers like Etherscan and BSCScan. While these explorers perform code verification to ensure that the codes published on them correspond to what is stored on the blockchain, they do not verify linked libraries during the process. It can allow bad actors to deploy a smart contract to claim it utilizes functions from one contract while, in reality, employing another.
That is exactly what the StableMagnet team did. They exploited this vulnerability and hid a backdoor in their smart contract, which they secretly used to drain users’ funds.
However, one of the victims of the rug pull managed to track the fraudsters and recover a significant portion of the stolen funds.
Upon discovering the theft, this user, who had initially checked the StableMagnet code and deemed it legitimate, reportedly pinpointed a GitHub account that allowed him to connect the dots to the culprits’ family members via social media.
He traced the scam to a group residing in Hong Kong, and as he uncovered more information, he learned that they planned to travel to Manchester.
His pursuit led him to the English city, where he reluctantly involved the police, who managed to apprehend two of the scammers, a 23-year-old man and a 25-year-old woman.
The police also recovered portions of the stolen money, including a USB device containing around $9.5 million in ETH.
The remaining StableMagnet team members had no option but to cooperate with the vigilante investor and police, eventually returning the majority of the stolen funds to their rightful owners.
Fans of streaming platforms probably remember the hugely successful Korean show “Squid Game.” What might leave a sour taste in the mouth is the sham crypto project of the same name that rode on the show’s popularity to steal more than $3.6 million from unwitting users.
The scammers launched the project at the height of the show’s global success. They conducted an aggressive campaign that marketed its SQUID token as a play-to-earn (P2E) cryptocurrency with headroom for double-digit growth.
Initially trading at mere pennies, SQUID’s value skyrocketed to an astonishing $2,856 less than a week after its launch. The token raised about $3.3 million from 43,000 users, but unfortunately for them, the bubble burst soon after the project was revealed to be a scam.
On Nov. 1, 2021, Squid Game’s creators pulled out the $3.3 million that had been raised from the project, depleting its liquidity pool and consequently sending SQUID’s value crashing by nearly 100%.
Even before its developers made away with funds from the project, Squid Game had shown several signs of being a scam, including numerous website errors and the inability to exchange SQUID for fiat or other cryptocurrencies.
Additionally, most media platforms that covered SQUID’s meteoric rise failed to point out that it had no connection to the TV show, thus inadvertently helping fuel its uptake.
In early 2023, there were reports of a breakthrough in the investigations into the scam’s originators. Investigative technology journalist Janhoi McGregor and tech expert Ciaran O’Connor allegedly traced the Squid Game scam to a similar scheme conducted a few weeks before, presumably to test the waters.
The two uncovered significant leads, including email addresses, IP addresses, phone numbers, physical addresses, and even names connected to the scammers.
The investigation took them to Hong Kong, but their suspect was nowhere to be found upon arrival. Despite this, evidence, including an earlier police visit to the apartment related to the scam, affirmed they were on the right track.
However, McGregor and O’Connor have not revealed the identities of those behind the Squid Game rug pull, opting to leave the rest of the investigations in the hands of the police.
Aurelien Michel (Mutant Ape Planet)
On Jan. 5, 2023, the DoJ unsealed a criminal complaint against a 24-year-old French citizen in Dubai, accusing him of stealing $2.9 million from members of an NFT community he had created.
Aurelien Michel was the brains behind Mutant Ape Planet (MAP), a knockoff of the famous Mutant Ape Yacht Club (MAYC) NFT series created by Yuga Labs. He marketed the NFTs with the promise that holders stood to benefit from several perks, including prizes, lotteries, exclusive access to other digital assets, and the backing of a communal wallet containing marketing funds for the NFTs.
Michel also reportedly hinted at the possibility of MAP NFT holders obtaining virtual pieces of land, although none of these pledges materialized.
Following the sale of the NFTs, reports alleged that Michel moved the profits into other wallets under his control and then took to the community Discord under the alias James to confess that he had executed a rug pull. However, he blamed the community for his actions, stating, “We never intended to rug, but the community went way too toxic.”
As if the MAP job wasn’t enough, blockchain sleuth ZachXBT connected Michel to several other scams, including Fashion Ape NFT and Crazy Camels, where the developers stole $1.1 million and $1.6 million of user funds, respectively.
Ameer and Raees Cajee (Africypt)
Two brothers, Ameer and Raees Cajee, were the masterminds of the Africrypt scam. The crypto platform targeted high-net-worth South Africans, enticing them with the potential for high returns from Bitcoin investments.
The brothers described their company as “an investment firm exclusively focused on cryptocurrency and blockchain technology.” Between 2019 and 2021, they reportedly managed to bag enough clients to grow the value of their Bitcoin portfolio to $3.6 billion.
However, on April 13, 2021, after users started complaining of being unable to access their funds, Ameer, the company’s chief operating officer, informed them that the company had been hacked, forcing it to stop all operations.
He claimed that Africrypt’s system, client accounts, and client wallets had all been compromised. Furthermore, the then-21-year-old advised clients not to involve police or lawyers as it would “delay the recovery process.”
According to those privy to the matter, Africrypt lost 70,000 Bitcoins in the purported hack. However, lawyers representing the brothers claimed the figure had been overstated.
Soon after Ameer’s last communication with investors, the brothers disappeared, causing South African authorities to investigate the matter formally.
The investigations were, however, hampered by the fact that South African law does not consider digital assets to be financial products.
Two years later, on April 23, 2023, fresh reports emerged that the Cajee brothers had resurfaced in Zurich, Switzerland, where they allegedly leased a locker and deposited a hardware wallet. Their sighting sparked an investigation by Swiss authorities for suspected money laundering, which is ongoing.