The nascent and barely regulated crypto industry is rife with exploits, hacks and digital pump-and-dump schemes – some of them netting upwards of hundreds of millions of dollars in a matter of seconds, from a computer somewhere, the identity of the perpetrator typically obscured behind a fake online identity.
So it would seem almost quaint or pulled straight from a Hollywood script that a crew of smooth-acting fraudsters would spend weeks or months courting blockchain-project executives, unspooling a fanciful and elaborate investment narrative, then follow through with in-person, face-to-face meetings at a restaurant – only to ultimately abscond with cryptocurrencies in the single-digit-millions of dollars and never be seen or heard from again.
And yet, based on interviews with victims and authorities, this exact scenario has played out multiple times in recent months in cities across Europe, including Rome, Barcelona, Amsterdam and Brussels.
It’s the crypto long con.
Cases have been referred to authorities in Austria and Italy, according to victims and a German police officer who has interacted with some of the victims.
According to the officer, who asked not to be named given the ongoing nature of the investigation, police are categorizing this wave of crypto scams as “rip deals” – tempting-sounding offers where victims are promised large amounts of money but ultimately end up with their own pockets emptied.
Victims’ accounts of their interactions with what appear to be rip-deal gangs are uncannily similar: Scammers posing as investment agents meet their victims face-to-face at a restaurant or hotel lobby, and ask for proof of funds. The victims set up a crypto wallet that seems legitimate – but chosen by the scammers – and then fund the wallet. Once the funds are sent over, the scammers are somehow able to drain the wallets. The top working theories are that they get the victim’s private keys or exploit security flaws in the wallet.
The most prominent, and public, victim to date is Webaverse co-founder Ahad Shams. Earlier this month he shared a statement over Twitter that he had been a victim of a $4 million crypto hack after meeting in a hotel lobby in Rome with scammers posing as investors.
Recently, another victim, Chris Hunter, the CEO of Coin Publishers, a firm that focuses on publications and data for crypto saving and borrowing products, shared his account of a similar scam setup he experienced in Barcelona, Spain.
According to several people who said they fell victim to the scams, authorities are actively investigating whether the incidents are connected.
The German police officer told CoinDesk they’re unaware of any ongoing investigations in Germany on this scam, but confirmed that Shams’ case had been relayed to a special investigator in Austria who specializes in rip-deal gangs.
In November, Austrian authorities convicted an Austrian national with Serbian roots who was arrested in Rome and extradited back to Vienna after the scammer allegedly performed a rip-deal con on four victims and stole their crypto. The details alleged in the case were similar to those in Shams and Hunter’s stories.
The difficulty with catching these gang members is they operate across different jurisdictions, making it hard to trace their movements.
“What we are missing on the national or European level is a kind of database” that has pan-European information on these gangs, the German police officer told CoinDesk.
Although the German officer was unaware of any ongoing investigations related to Shams’ case in Germany, another person told CoinDesk the German authorities reached out to another crypto rip-deal victim in 2021 about their active investigation after the victim was scammed in Amsterdam.
Other rip-deal victims told CoinDesk that Italian authorities are investigating similar scams that have taken place in Rome.
The scams that have taken place are like a scene out of untold Hollywood noir or neo-noir features – “The Sting,” “The Spanish Prisoner,” “The Grifters,” “Snatch.”
None of the victims are sure how the scammers were able to steal their funds from their wallets without having any kind of interactions on their devices; some suspect there might be hidden cameras in the restaurant, or maybe hypnosis was involved.
Since the release of The Register’s article, multiple people told CoinDesk they suspect that some scammers posing as victims have tried to infiltrate the victims’ Telegram group to collect information on what they know and which authorities they’ve spoken to, causing more distrust among members who already have lost a lot of trust – in each other, business, law enforcement, the crypto industry and maybe humanity more broadly writ.
Other victims or almost-victims that CoinDesk spoke with, who asked not to be attributed to avoid embarrassment or further victimization, described having experiences similar to those Shams and Hunter detailed in their public statements. The victims showed up to a specific restaurant the scammers picked in Rome, and the scammers would insist on being seated at a specific table if they were put elsewhere.
One detail that pervades most of the victims’ accounts is that the bogus investors said they worked for or with a “Joseph Safra.”
The German police officer told CoinDesk that he was willing to speak to a reporter partly to warn other crypto companies to be on the lookout for similar scams.
As if the ranks of online degen exploiters trolling digital-asset markets for victims weren’t already terrifying enough.