How Crypto Scammers Impersonated Billionaire Investors to Defraud a Tech Startup of (Almost) USD 1.2 Million

Criminals created a fraudulent investment firm website, assumed celebrity billionaire identities, promised millions in investment, and used a nifty QR code trick to empty crypto wallet set up as “proof of funds” by startup’s CEO

This article is intended to provide a comprehensive analysis of a sophisticated internet crypto scam perpetrated against tech startups. The scam involves presentation of potential investment opportunities by ultra wealthy individuals, which are in fact illusory. A search on Google reveals that such fraudulent activities have been perpetrated against numerous startups worldwide in recent years. However, details concerning these scams have largely remained hidden from public view. Through meticulous research and analysis, I have successfully unraveled the operational dynamics of this fake-investor-crypto-theft scam. It is my strong desire to disseminate my findings to raise public awareness and safeguard others from falling victim to similar fraudulent schemes. 

I would like to highlight the salient facts of the case here so that people reading this article are adequately prepared to deal with a similar scam should they be confronted with it.

For background context, a North American AI startup in which I am an investor was the victim of such a fake-investor-crypto-theft scam recently. Unbeknownst to the scammers, however, the firm’s CEO discreetly recorded his conversations with the perpetrators, which included the Zoom call during which crypto assets were stolen from a wallet intended as “proof of funds”. A careful review of the video has enabled us to discern the method by which the theft transpired. The startup has since initiated legal proceedings with assistance of relevant law enforcement authorities. It has also publicly disseminated key recorded videos and communications with the perpetrators; see below.

Investment Outreach:

On June 14, 2024, an individual identifying himself as “Jacob Laurent”, initiated email communication with a North American AI startup in which I am an investor. In his correspondence, he explained to the startup’s CEO that he was the International Relations Manager at Tesalia Asset Management (“TAM”), a European single family investment office representing ultra-high net worth individuals. He said that TAM had over a billion dollars under management and was looking for investment opportunities in the tech sector. 

“Jacob Laurent”, Tesalia’s scout for contacting tech firms globally to offer investment from wealthy individuals

This is TAM’s website (which has since been taken down): https://www.ts-capital.com/

 Tesalia Asset Management has also been flagged by CSSF, Luxembourg’s financial regulator, for fraudulent activities; see their public warning:

https://www.cssf.lu/en/2024/09/warning-concerning-the-fraudulent-activities-carried-out-by-tesalia-asset-management/

Following further communication and execution of a Non-Disclosure Agreement (NDA), “Jacob Laurent” arranged a call between the startup’s CEO and TAM’s portfolio manager, “Robert Maximillian Getty.” Robert (falsely) introduced himself as a member of the billionaire Getty Oil family on his father’s side and the billionaire Miller Duty Free Shops family on his mother’s side. For further details on his background, please refer to his public profile below on TAM’s website [1]. 

During the course of their conversation, “Robert Maximillian Getty” made references to famous individuals and entities. For instance, he stated that he had a personal connection with James Gorman, the Chairman of Morgan Stanley. He conducted business calls via Zoom link, while ostensibly in a chauffeured Mercedes, and expressed interest in investing USD 5 million at a valuation substantially higher than company’s previous financing round. Additionally, he extended an invitation to the startup’s CEO to visit him in Monte Carlo following investment’s closure and have a good time.

After two Zoom video calls, Robert Getty abruptly excused himself from further investment discussions due to an undisclosed “personal emergency”.

Billionaire Investor:

Thereafter, Jacob Laurent presented the company’s CEO to “Rudolf Bouvier,” who (falsely) professed to be the “nephew” of the billionaire Swiss art dealer, Yves Bouvier [2]. Rudolf elaborated that he possessed a sum of EUR 5 million in liquid assets, which he was seeking to invest in the form of a convertible debt instrument prior to August 8, 2024, to circumvent certain Swiss tax liabilities. 

Following negotiations over several Zoom video calls, the parties reached a consensus on an investment of USD 8 million. The startup’s CEO enlisted the services of his corporate law firm to draft an investment agreement. This document was subsequently transmitted to Rudolf Bouvier via email, with a copy directed to TAM executives. Rudolf Bouvier reviewed the investment document with his legal counsel and TAM portfolio advisor, and agreed to the stipulated terms therein.

It is important to note the pivotal role of “Jacob Laurent” at Tesalia Asset Management in facilitating the (sham) negotiations between the startup’s CEO and “Rudolf Bouvier”. Laurent’s engagement in the form of regular calls and updates played a crucial part in maintaining startup CEO’s enthusiasm and commitment to the deal. It is evident now that his role extended beyond that of a mere scout seeking to identify potential investment opportunities for the firm’s clientele. Instead, he was an integral member of the criminal gang, whose responsibilities included assessing the CEOs he contacted, building a rapport with them, obtaining their perspective on the fake investor calls he arranged, and providing them with false information to maintain ongoing investment discussions.

Wallet Request:

A week after the initial investment agreement had been reached, Rudolf Bouvier abruptly notified the startup’s CEO of advice he had received from the Chief Financial Officer (CFO) of TAM. The CFO had recommended that a sum equivalent to the total interest on the USD 8 million convertible debt instrument, amounting to USD 1.2 million, needed to be allocated to a crypto wallet for a period of three months to fulfil certain Swiss regulatory requirements. To assuage startup CEO’s concerns, Rudolf further stated that the USD 1.2 million would be drawn from his upcoming investment and that he would not hold the company responsible for any loss of assets from the crypto wallet for any reason.

That said, Rudolf emphaized his need to ascertain the company’s capacity to align with his regulatory requirements and asked for establishment of a company controlled crypto wallet with sufficient assets to serve as “proof of funds”. He further elaborated that TAM’s CFO had recommended that he require the company to deposit a minimum of USD 400,000 into the crypto account as a demonstration of its financial capacity. The startup’s CEO informed Rudolf that the company’s cash could not be used for this purpose and offered to contribute USD 50,000 from his personal funds to the crypto wallet.

At this juncture, the startup’s CEO contacted me to establish a crypto wallet for demonstration purposes. I was a trusted shareholder of the company and had some familiarity with crypto currenices. Concurrently, the CEO proceeded with the transfer of USD 50,000 from his personal funds to the wallet to acquire crypto assets.

Atomic Wallet:

Initially, I set up a crypto wallet on Coinbase and deposited approximately USD 51,000 worth of USDT assets into it. For the uninitiated, USDT, also known as Tether, is pegged to the US dollar. In contrast to other cryptocurrencies, its value remains within a narrow range, typically fluctuating within a few cents of the US dollar.

The wallet address was subsequently shared with Rudolf Bouvier who promptly reported that its assets could not be verified on Etherscan, a public website linked to the blockchain ledger. The underlying cause for this was later discovered to be Coinbase’s policy of the platform itself holding initial asset purchases as the sole custodian. This policy in turn prevented the purchased crypto assets from being registered on a public ledger as being in the individual’s wallet at the time of initial purchase.

In order to facilitate third-party asset verification of crypto assets, I then set up a new wallet on Trust Wallet and transferred Coinbase USDT funds to it. The crypto assets could now be verified by Rudolf Bouvier using the Etherscan app.

With crypto assets thus verified, Rudolf Bouvier made a new request: crypto assets be stored on Atomic Wallet.

This sudden change in crypto wallets made no sense to me and I told the startup’s CEO as such. The CEO was eager to keep the deal alive and did not want to give Rudolf an excuse to walk away. I thus downloaded Atomic Wallet and transferred USDT assets to it. The version I worked with was 1.29.5.

Following configuration of Atomic Wallet and verification of its crypto assets, Rudolf Bouvier expressed satisfaction with meeting his investor requirements. He informed the startup’s CEO of his intention to finalize the investment and gave instructions to TAM’s Chief Financial Officer (CFO) to initiate a wire transfer of promised funds.

There was just one minor issue left unresolved. He wanted to introduce startup’s CEO to his nephew, “Nathan Lambert,” who was involved in the family business. He assured him that Nathan would be a valuable contact for the future.

During a Zoom video call, Rudolf Bouvier introduced his nephew and requested that Nathan examine the crypto wallet to ensure everything was in order. This request was perplexing to startup’s CEO given that the wallet assets had already undergone verification through Etherscan app.

The CEO was apprehensive about opening crypto wallet during a video call and informed Rudolf that he required time to think about it. Ultimately, given that the wallet contained his personal funds and not the firm’s monies, he decided to acquiesce to the request.

Crypto Theft:

Following the decision by the startup’s CEO to have Atomic Wallet account verified by the investor Rudolf Bouvier’s nephew, Nathan, via a live token transaction, a Zoom call was arranged.

 I was managing the wallet and participated in the 3-way Zoom call  on August 23, 2024.

Nathan stated that he wanted to initiate a transaction involving USD 5 cents equivalent in USDT Tether currency. He specified that this amount be sent to his wallet address as a test to ensure our proficiency in sending and receiving cryptocurrencies. He first instructed us to manually enter a sum equivalent to 5 U.S. cents in the Atomic Wallet. And then, in order to initiate funds transfer, he asked us to scan his wallet’s QR code, which he presented to the Zoom camera, while instructing us to keep our phone’s screen turned away from us.

I agreed with Nathan’s request as I understood the ubiquity and utility of QR codes in facilitating the entry of recipient wallet addresses. I could also somewhat understand the rationale for conducting a token transaction to confirm wallet addresses for subsequent crypto transactions. In my experience with the Coinbase wallet, I had employed a QR code scan to obtain recipient’s wallet address, thereby saving time for the manual entry of a nearly 40-character hexadecimal address.

However, I was unaware that an amount to send could also be programmed into a recipient’s QR code address. In essence, when the sender scans the QR code to obtain the recipient’s address, the code concurrently populates the amount the sender intends to transfer to the recipient. This feature has been the subject of considerable controversy as it has the potential to mislead individuals into sending amounts that exceed their intended sums. A more significant concern is that the programmed amount in the QR code overrides any amount previously entered by the sender in the Atomic Wallet interface. This oversight is further compounded by the absence of a notification to the sender that their manually entered amount has been altered. Furthermore, the Atomic Wallet does not automatically adjust the US Dollar equivalent of the newly added crypto amount scanned through the recipient’s QR code. This results in the potential for users to encounter a scenario where they are presented with a screen indicating a transaction of $0.05 USD, yet the actual transaction amount is 49,977 USDT. These issues with the Atomic Wallet are further compounded by a significant visual flaw in that the decimal point is deleted from the USDT crypto amount scanned from the QR code, yet the zeros preceding this figure remain intact. Consequently, the final screen displays USD 0.05 and USDT 0049977.

I thus manually entered USD 5 cents but was tricked into sending almost USDT 50,000 instead. 

During the wallet transaction, Nathan made sure that our phone screen was oriented towards the camera, thereby reducing the likelihood of detecting the financial error in Atomic Wallet before pressing the Send button. It is noteworthy, however, that the ruse was so subtle that even a cursory inspection of the phone screen would likley not have revealed the underlying disprepancy between manually entered and sent amounts. 

Theft Admission: 

In the aftermath of the cyber heist, the startup’s CEO confronted the perpetrators on WhatsApp. 

The leader of the criminal group, Rudolf Bouvier [4], initially attempted to persuade the CEO to refrain from making the theft public. When this attempt failed, he nonetheless acknowledge the theft in a writing and blamed the CEO for his stupidity. 

Nathan Lambert, the QR code generator, refued to acknowledge the theft. He kept insisting that the wallet owner had only transferred a mere USD 5 cents, despite blockchain evidence indicating a transfer of 49,977 USDT assets.