Africrypt, Wonderland and Bitcoin’s Bonnie & Clyde: 5 scams and scandals that rocked the DeFi world

As is often the case with fledgling industries, decentralized finance has produced no shortage of fraud and sketchy characters. The absence of robust government regulations, the rapid evolution of DeFi technology, and amateur traders vying for quick returns all combine to create a grifter’s paradise. 

With cryptocurrencies become increasingly embedded into the mainstream financial system, concerns about the potential for fraud are also coming to the fore. While it’s easy to poke fun at  the absurdity of scandals involving stolen pictures of bored apes and Magic Internet Money, the real financial damage caused by crypto fraud is no laughing matter. Losses from cryptocurrency crime in 2021 amounted to $14 billion globally, according to blockchain analytics firm Chainanalysis. 

Here are five recent crypto scams and scandals that show just how wrong things can go when it comes to blockchain-based finance.

1. The Bonnie and Clyde of Bitcoin  

On Feb. 8, the U.S. Department of Justice announced the biggest financial seizure in the department’s history, a whopping $3.5 billion in cryptocurrency. It came alongside the arrest of New-York based, 30-something husband and wife Ilya Lichtenstein and Heather Morgan in connection with the $4.5 billion hack on the Hong-Kong cryptocurrency exchange Bitfinex in 2016. 

For an alleged pair of criminal masterminds involved in a multi-billion-dollar scheme, the couple kept an unusually public profile. Liechtenstein was the founder of the startup Endpass, ironically on a mission “to stop fraud and terrorism”. Morgan served as Endpass’ CEO, in addition to being a versatile content creator. Her oeuvre ranges from TikToks of eating fluffy pancakes with her husband, to boastful rap videos on Youtube where she calls herself the “crocodile of Wall Street .” Morgan was also a frequent contributor to Forbes and Inc. Magazine with columns on start-ups, the New York art scene, various lifestyle topics and, of course, protecting your business from cybercrime. 

While the arrest may have done wonders for Morgan’s TikTok views, the couple faces gloomy prospects in the justice system. They have been charged with conspiracy to commit money laundering and, if convicted, may spend up to 20 years in federal prison. 

As the case proceeds, the jury is still out on what’s the bigger crime: the billions of dollars in stolen cryptocurrency or Morgan’s cringe rap career

2. The Africrypt saga

African nations are home to some of the fastest-growing cryptocurrency markets, so they present a uniquely fertile ground for DeFi fraud. Perhaps teenage brothers Ameer and Raees understood this when they started the Africrypt investment platform in 2019 in South Africa, a country that had virtually no crypto regulations at the time. 

The Cajee brothers promised investors a 10% daily return, attracting investments from a number of high net worth individuals. They said they planned to achieve these returns by using AI (a word often synonymous with magic in the crypto scam glossary). It sure looked like some form of magic was indeed involved when in April 2021 $3.6 billion in Bitcoin mysteriously vanished from the platform. 

As a pure coincidence, just a week before the supposed hack Africrypt’s employees lost access to its backend systems. Investors were warned not to report the issue to the authorities so as not to compromise Africrypt’s own investigation. The disappearance of the Bitcoin was soon followed by the similarly mysterious disappearance of the Cajee brothers, who claimed that safety concerns had forced them into hiding. 

A group of Africrypt investors has since organized a so-far mostly unsuccessful effort to recover the stolen funds and push South African authorities to prosecute Africrypt’s founders. Curiously, the country’s financial regulator, the Financial Sector Conduct Authority announced in June 2021 that financial sector laws do not cover crypto assets and that they are “not in a position to take any action.” Though a police investigation is still ongoing, it is unclear whether it will lead to any charges.

The Cajee brothers have vehemently denied any wrongdoing and insisted that the platform was really hacked. A lawyer who represented them claims that the $3.6 billion figure cited by investors is inaccurate. Wherever the money went, the victims got some relief when Dubai-based Africrypt affiliate Pennython (also a mysterious entity) compensated them 70% from their investments

Africrypt investors may never get the remainder of their money back but they certainly got a valuable lesson: when a teenager-founded platform offers you a 10% daily return, take your money elsewhere. 

3. Squid Game is dangerous 

If hyping a coin isn’t enough for a successful scam, an additional sprinkle of a hit Netflix series ought to do the job. The launch of the Squid Game Project came just a couple weeks after the immensely popular Korean Netflix series of the same name premiered in mid-September last year (without any actual affiliation with the show or its creators). 

A playfully worded whitepaper outlined the concept as a “crypto play to earn platform” that revolved around a game similar to the one at the center of the series. Unlike the 497 contestants in the series that competed to the death for a $32 million cash prize, the Squid Game Project did not require participants to put their life on the line. Entry to the lowest tier of the game was granted for just 497 SQUID tokens. Counter to the premise of the series, there was no upper limit to the reward. “The more people join, the larger the reward pool will be,” the white paper proclaimed. Those that were not into gaming or binging Netflix shows were encouraged to buy the tokens as an investment. If that sounds like a scam, that’s because it was. 

The SQUID token was launched on Oct. 26, and for a brief time investors were not disappointed. They watched the price of $SQUID soar from less than $0.02 to a peak of over $2,860  at 5:35am on Nov. 1. The same day, $SQUID was trading at less than a cent after its founders abruptly sold off their holdings and abandoned the project. 

The founders of the project were estimated to have made over $3 million from the sale of their tokens. At least 40,000 investors that still held the token at the time of the crash were left in the dust in a textbook example of a “pull the rug” scheme. 

4. Once Upon a $Time In Wonderland 

The recent scandal around the DeFi project Wonderland, serves as a cautionary tale about doing business anonymously. Wonderland DAO is the issuer of the TIME token, an algorithmic reserve currency that is designed to withstand market volatility. In the short term, the project’s creators promised users who staked their TIME tokens 80,000% annual returns. Their stated long-term goal was different. Wonderland’s creators are trying to turn TIME into a truly stable asset, unlike the inflation-prone U.S dollar or stablecoins pegged to fiat currency. 

For an organization with such lofty goals, Wonderland has made some controversial staffing decisions. Last month, anonymous Twitter user @Zackxbt shocked Wonderland’s users when he exposed its treasurer, who was known to investors by the pseudonym Sifu, to be ex-felon Michael Paltryn. Paltryn is infamous in the crypto community as a co-founder of the Canadian Quadriga CX exchange, which collapsed in 2019 leading regulators to deem it a Ponzi scheme after his co-founder allegedly liquidated users’ assets and ran off with $190 million in cash shortly before dying (though Paltryn himself was not accused of wrongdoing in connection with Quadriga). 

The scandalous revelation inspired a backlash against Wonderland’s leadership and the lack of transparency around its governance. Wonderland founder Daniele Sestagalli announced that Paltryn was stepping down but defended his decision to appoint him in the first place. 

Many called for the disbanding of the project and for funds to be disbursed to participants. Some voiced suspicions about a potential scam involving transfers of tokens from the Wonderland treasury into Paltryn’s personal wallet. Sestagalli, however, decided to keep the project alive after putting the issue to a vote among token holders.

Though Wonderland’s existence was affirmed by 55% of voters, it now stands on shaky ground. The project has suffered an immense reputational blow by having a notorious person manage its assets. The scandal also produced knock-on effects for the entire DeFi community, with many crypto enthusiasts questioning whether organizations that are run by a few individual decision makers can truly call themselves decentralized.

5. A Bug in Wormhole: The 4th Largest Crypto Hack in History

The fourth largest crypto heist in history took place this month when hackers exploited a minor code flaw to steal $320 million from the Wormhole network. Wormhole is a DeFi project that allows users to transfer tokens between Solana and other blockchains. The attacker may have been tipped on the vulnerability by a code update on Wormhole’s Github repository, uploaded on the day of the attack. 

Shortly after realizing that a breach had taken place, Wormhole made an attempt to minimize losses by offering the attackers a $10 million bug bounty. In return they would have to give back the stolen funds and provide Wormhole with details pertaining to the hack. The attackers must have preferred to hold on to the $320 million in stolen funds as they did not respond to the message. 

Though investor confidence in Wormhole’s ability to function securely was shaken, the company’s damage control was swift and largely effective. Wormhole promptly released a detailed report outlining the measures it took to deal with the incident and curb the possibility of future hacks. These included a pause on the transfer of tokens and a swift patching up of system vulnerabilities, which allowed transactions on the network to resume less than 18 hours after the initial trading pause. 

Investors did not suffer any direct losses as Wormhole’s parent company, Jump Trading footed the bill for the $320 million stolen in the attack.

Ad placeholder

!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window,document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘905395106309677’);
fbq(‘track’, ‘PageView’);