Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
#42 - Uncovering a crypto scam targeting startups with Prof. Daniel Veidlinger image

#42 - Uncovering a crypto scam targeting startups with Prof. Daniel Veidlinger

E42 · Proof of Talk: The Cryptocurrency Podcast
Avatar
23 Plays8 days ago

Daniel Veidlinger is a professor of Digital Humanities and an angel investor with a focus on AI startups. He specializes in using computational methods to analyze historical texts, blending his academic expertise with an interest in blockchain technology.

The Anatomy of a Sophisticated Crypto Scam 

Daniel recently fell victim to a meticulously orchestrated crypto scam involving Tesalia Asset Management, a fraudulent entity posing as a Luxembourg-based investment firm. The scheme unfolded over months, combining social engineering, wallet vulnerabilities, and a fabricated corporate identity.  

The Initial Contact and False Credibility  

Tesalia approached Daniel’s AI startup with an $8 million convertible bond offer, name-dropping retired industry contacts to build trust. Their professional website, registered in 2016, appeared legitimate at first glance. However, investigations later revealed it was a repurposed domain purchased months prior—a tactic to mimic long-standing credibility.  

Proof of Funds and Wallet Manipulation 

Tesalia demanded a $400,000 “proof of funds” in crypto to verify liquidity. Skeptical, Daniel deposited $50,000 USDT into Atomic Wallet after initial attempts using Coinbase failed (Coinbase’s custodial model hid the funds from public ledgers). The scammers then insisted on a “test transaction” to confirm wallet addresses—a common practice to avoid transfer errors.  

The QR Code Exploit 

During a Zoom call, Tesalia instructed Daniel to send $0.05 via a QR code. Unbeknownst to him, the QR code embedded a manipulated amount.

1. Atomic Wallet’s Flaw: The app allowed recipients to override user-entered amounts via QR codes without clear warnings.  

2. Decimal Displacement: The code replaced $0.05 with 49,977 USDT by omitting the decimal point. Atomic Wallet’s interface displayed the altered amount as $0.049977 due to the leading zeros the scammers added in front of the amount reading as $0049977, while the USD equivalent falsely showed $0.05.  

3. No Safeguards: The app failed to highlight the drastic change or update the USD value, enabling the full $50,000 transfer.  

The Aftermath and Critical Vulnerabilities 

The funds vanished instantly. Post-scam analysis uncovered Tesalia’s fake Luxembourg office and forged regulatory filings. Daniel’s team traced the stolen USDT to Binance, but recovery efforts stalled due to jurisdictional challenges and the scammers’ use of pseudonymous wallets.  

Atomic Wallet Blunders and Bad UI:

1. Permitting QR codes to override user-input amounts.  

2. Failing to sync crypto and fiat values during transactions.  

3. Ignoring security warnings post-scam, citing liability disclaimers.  

Key Takeaways for Crypto Users  

1. Verify Everything: Cross-check company addresses, domains (using tools like Wayback Machine), and regulatory filings.  

2. QR Code Risks: Manually enter wallet addresses for high-value transfers. Avoid wallets allowing recipient-controlled amounts.  

3. Custodial vs. Self-Managed Wallets: Understand differences—exchanges like Coinbase custody funds (invisible on public ledgers), while self-custody wallets (e.g., Atomic) expose addresses but require heightened vigilance.  

4. Law Enforcement Limits: Crypto’s pseudonymity complicates recovery. Exchanges like Binance require legal orders to freeze funds, often prioritizing larger thefts.  

Connect with Daniel on Twitter

More details of scam

Recommended
Transcript
00:00:08
Speaker
I was very upset about the scam, but glad to have figured it out. And hopefully I can help other people by explaining how it was done. yeah So did you like, I'm guessing you just reached out to a bunch of people that were like, I guess, in crypto that you wanted to get the word out to? Yes, that's right.
00:00:25
Speaker
I just... ah
00:00:30
Speaker
to a podcast and reached out to people to let them know that this has happened and that I'm happy to talk about it. see, I'm a professor by trade, so teaching and helping people is part of my ah DNA, you could say.
00:00:46
Speaker
That's cool, Daniel. What do you teach? um Actually, I teach in um comparative religion and humanities. So my field is, in fact, Asian religion. So I so i have a ph d in buddhist studies and what I teach in humanities and comparative religion, but my field of expertise within all of that is digital humanities.
00:01:11
Speaker
meaning how are computers used to further the study of humanities ah For example, you might ah for example it's it's difficult for humans to pick out certain word usage patterns over you know millions of words of text, but computers are very good at looking for patterns, as you know.
00:01:30
Speaker
so right we could often use So for example, let's say we find two ancient manuscript we find one ancient manuscript and we don't know who wrote it, right? So you can have a computer analyze the language patterns on it and then match it towards language that we do know.
00:01:47
Speaker
And you'll say, well, this language usage matches the language usage we've seen in so-and-so's work. So it was probably written by so-and-so. So that's the kind of thing. super interesting.
00:02:00
Speaker
Yeah. That's very interesting. For example, sometimes they find like plays from ah medieval England and they don't know who wrote it and they know what Shakespeare's language is like and they'll have a computer analyze and guess you know based on the language usage if it was written by Shakespeare or not, for example. Right.
00:02:17
Speaker
So the the computer will probably just spit out probability, like it's 80% likely that this was written by Shakespeare or something like that. That's right. So that's so that's kind of my field within the humanities.
00:02:30
Speaker
and That's super fascinating though. And interested programming and that sort of thing. So so what what would you use that technology for in the context of religious manuscripts? Are you trying to attribute it to like prominent figures at the time? Or like, what is the nature? Yeah, exactly. The two main things we do is to try to attribute some text that we don't know who wrote it to somebody that we do know. And we have a body of work. So we have a computer analyze their body of work and we know the word patterns.
00:02:55
Speaker
Then we have the text that we don't know who wrote it. And as as you say, try to match it to the person that is most likely to have written it. Or another common usage is when we don't really have any idea who wrote it, so we don't even know who to match it to.
00:03:09
Speaker
But we just try to figure out the era that it came from. So does this language match medieval usage, or is it pre-medieval, or is it early modern? So you know computers are very good at placing a piece of literature within 100 years on the timeline, so it gives us a good idea of when it was made. So those are the kinds of things we might do with it.
00:03:32
Speaker
Right, that's super cool. I'm guessing regarding the placing it in a certain moment in time, it it looks for the kind of words used, but also maybe the kind of concepts. Like if it uses concepts that are specific or more popular in a certain period, then you'll probably be able to put it in that.
00:03:46
Speaker
Absolutely. Like as listeners might know, Google has a system where you can see the trends of word usage, right? So it'll tell you that this yeah word was more popular in the nineteen seventy s and So it's a similar kind of thing that we do.
00:04:00
Speaker
But with quite older stuff. interesting. that that does That's all very interesting. So do do you use um for your compute, do you use any do use AWS or do you use anything central or do you use like decentralized computing?
00:04:15
Speaker
like Or maybe just like servers? Yeah, we just have servers. I mean, it depends on how big the project is, right? These are usually not very heavy load projects. So you can just do it on your desktop.
00:04:28
Speaker
And I do most of my research in the language R. you know, that's the letter R, and right? It's a statistical language that's very good for statistics. It's similar to Python in some ways.
00:04:40
Speaker
But so R is the main language that I use in my studies. Oh, interesting. Interesting. I've heard of R. I've never used R before. I have used a fair bit of Python and and some other lower lower level languages, but never used R. Yeah, no, R very good for statistics. I mean, the the speed with which it goes at is incredible. Python can do most of the stuff R can do, but since it's not specifically designed for statistics, it goes a little bit slower.
00:05:06
Speaker
So is incredibly fast. Oh, that's cool. I would like to see, I've recently seen like a scale of like speed um comparison of different programming languages and you have, you know, you have C and C++ plus plus and C sharp that are fairly quick.
00:05:24
Speaker
And then you have JavaScript that's bundled with BUN instead of Node.js. And that actually makes it considerably faster than than running on Node.js. um And then obviously you have like at the very end, you have Python, which is one of the slowest ones, but mainly because Python is ah is an interpreted language, not a compiled language. So it goes to that layer of abstraction. It's basically a wrapper for C is what it is. Yes, that's right. It's a wrapper for C. Exactly.
00:05:50
Speaker
Yeah. So how did you get then into crypto and how did you come across this this crypto scam? So um i got I got into crypto because um I also do some programming on the side where, um well, i me and some other people do development work for for commercial purposes and will be hired by people on the various gig, you know, the various gig websites like opwork and whatnot
00:06:23
Speaker
to do various projects small projects and some of the people that I work with are overseas. So it's often easiest just to pay them in crypto. So I use crypto to do that. That's originally how I got into crypto is just for paying the people that work for me that are overseas.
00:06:40
Speaker
And um I found it very useful. I don't use crypto a lot, but I certainly use it to pay them. if As you know, it works very quickly and one doesn't have to worry about, um,
00:06:53
Speaker
various issues they have to deal with with some of the other payment systems I mean, I had used to use PayPal, but sometimes PayPal doesn't work. And in some countries, PayPal isn't offered.
00:07:04
Speaker
So PayPal isn't available in every country, for example. So crypto is just much easier to transfer money overseas like that. So that's how I got into it. Oh yeah, there's great value in that alone. um i've I've had to do something similar. So I would always go and use crypto and I would just send stable coins. would send like USDC or USDT.
00:07:26
Speaker
And it's just so much easier not to have to worry about IBAN numbers and two to three days processing time by the banks and everything. So it's interesting to see that people also have like hardcore use cases for it.
00:07:41
Speaker
Because a lot of the times it's just, I'm sure you're aware, but a lot of times just the hype that's in crypto and people are hyped for crypto itself rather than for the use cases of crypto. Right. Yes, that's exactly right. It's very convenient for sending money to people, especially overseas.
00:07:57
Speaker
so it's a very good use case and as you say i also use stable coinins mostly usdt for the payment to the programmers. It's very clear and convenient. Yeah, it makes perfect I obviously there's fees that one has to pay to buy the crypto initially, right? So from translating US dollars into crypto, there's fees. But there's fees for PayPal, there's fees for everything. mean, nothing's going to be for free.
00:08:26
Speaker
Oh, exactly. Yeah, for sure. Right, but the sending fees are very reasonable for crypto, that's for sure. Once you've got Lightning and Crypto.
00:08:38
Speaker
100% and even on blockchains that are not necessarily designed to to be cheap and fast. Like even if you think on Bitcoin, I keep seeing every other month that this article coming out that said which says um some like sleeper whale from 2013 moved a thousand Bitcoin for $3. And I'm like, try to beat that on any sort of financial system. That's insane.
00:09:02
Speaker
Yes, that's exactly right. And of course, the other thing I'll point out is when I've told people about what happens, they they don't know anything about crypto. They'll say, oh, yeah, well, crypto, you know, it's all hyped up and it's not safe.
00:09:15
Speaker
But let's be clear, right? The crypto itself is fine. It's the wallet problem that allowed the the scam to happen. Right. So, you know, sometimes people think that it's the crypto itself. that runs into some sort of problem you know when you hear about people losing crypto or being having the crypto stolen.
00:09:33
Speaker
People think that there's some sort of ah there's some sort of security issue with the crypto itself, but that's fine, right? The problem, yeah virtually every case when somebody has a problem with crypto or they've lost it or it got stolen, it's because of the wallet got hacked.
00:09:53
Speaker
Nothing wrong with the crypto itself. Oh, yeah. The integrity of the chain is most likely is intact and remains intact yeah across most of these scenarios. right um One weakness would would be that I can think of would probably be if you're trying to bridge ah tokens from one blockchain to another blockchain. The way this bridging protocol works is...
00:10:17
Speaker
you know you have a let's say you have a smart contract on ethereum you're trying to bridge to a layer two solution on ethereum um um and then you've got this bridging between them which basically says okay you give me those coins that you have and i'm going to burn them and then i'm going to tell this other contract on this other chain that i've burned your tokens and that's this contract will release an equal amount of those tokens on another chain But apparently it's relatively it used to be relatively easy to fool the contract on the other chain into thinking that you've sent money to the base contract when in fact you haven't.
00:10:56
Speaker
Right, exactly. That's one protocol issue that can that can happen. But otherwise, I completely agree. I think in in a large number of cases, it's either social engineering issues and it is most likely social engineering issues. Right.
00:11:10
Speaker
and ah based on on what you've described regarding the scam that that you're going to be talking about, that that seems to be like a weird, like I guess just even a weird UI UX choice rather than an actual, you know, ah security flaw or issue. But maybe you want to just run through the whole thing from the top, for like run through the exploit. Yeah, that's right. Yeah, let's get into it a little bit.
00:11:33
Speaker
So um I'll focus mostly on the crypto details of what happened, but I'll give a little bit of a background of how I got involved in this. So besides my teaching and my development work, I also do some investing as well.
00:11:47
Speaker
And there was a company that I had invested in some years ago that's developing some AI technology. And they where they got ah they were looking for some funding to move their technology forward.
00:12:00
Speaker
And an opportunity arose with an asset management company called toallia acidset management. They got a call from Tessaya. So for listeners, number one thing to be concerned about is if you get a call from an investor that you haven't reached out to, because there are many people that are reaching out to investors. They are already up to their eyeballs in various proposals.
00:12:26
Speaker
It's unlikely that they're going to reach out to you without you having reached out to them unless you're obviously a very big name but if you're us at the startup stage it's unlikely now So the trick is that these investors name-dropped people that we did know and said, oh, we met you through so-and-so, but they knew that so-and-so so had recently retired and moved to Tahiti and you know isn't really online anymore. So they knew we couldn't verify it, but they knew that we knew them.
00:12:56
Speaker
So that's kind of one of the initial tricks that they used to get in touch with it, to make themselves sound believable. um So, you know, we tried to contact the Tahiti person. mean, it wasn't really Tahiti specifically, but, you know, if you get the idea that they were off off the grid, right?
00:13:15
Speaker
Didn't hear back, and then they got they got in touch with us again, and we just got excited about the opportunity. So we figured, well, if they know these people, they know these people, and I'm sure they're okay. And then, of course, we looked up the website and the website seemed totally legitimate. And it had been around for about eight years.
00:13:32
Speaker
So because obviously, ah whenever somebody contacts you and you don't contact them, you want to make sure that it's perfectly legitimate. So we checked the website and the website was very professionally done, had a lot of detail.
00:13:47
Speaker
it It was very deep with many pages. And it also had been around, um you know, it was registered in 2000 and I believe 16. So it had been around for plenty of time. So if it was some sort of scam network, obviously maybe a month, couple of months, you can scam few people.
00:14:04
Speaker
We can't keep doing it for eight years and have the website up. So we felt very confident that everything was ah legitimate. And there were many months of discussions back and forth about the terms of this deal.
00:14:18
Speaker
So the initial terms were going to be an $8 million dollars investment and um in a convertible ah bond, right? So not a direct investment, but convertible bond, ah so which we would have to pay interest until it converts.
00:14:35
Speaker
And then they had said to keep the $1.2 million dollars of interest in ah separate fund for various tax purposes. So they were based in Europe. Let's be clear about that. They were based in Europe.
00:14:51
Speaker
And they said that for various tax reasons, they needed to keep some ah ah keep the interest separate so that we should put the interest into a crypto fund and kind of keep it there while the rest comes through.
00:15:04
Speaker
and Do you know where about in Europe? They were registered in luck in Luxembourg. Luxembourg, okay, that's it. Yes, they were registered in Luxembourg, the asset management company. That's an offshore here.
00:15:17
Speaker
Yes, okay. yeah Yes, right, right. Luxembourg kind of functions like an offshore. does. Right. So that's where they were based. And um after the sort of 1.2 million setting aside thing didn't quite work out. So then they said, okay, well, what we're going to do is the transfer is all going to happen in crypto, right? So that's when I really got quite involved. So the transfer is going to happen in crypto.
00:15:44
Speaker
And what we would like is to have a $400,000 proof of funds put into a crypto account that we can check that you guys have the funds there. Now, the next step that I should sort of make sure the listeners understand is that this was not completely unreasonable because they wanted to make sure that we were liquid, right? That we had funds to operate with because, you know,
00:16:08
Speaker
While we might have been worried about them being scammers, they can also worry that the company they're investing in is not completely above board and that they don't i have any money they don't have any money left to operate.
00:16:23
Speaker
but So this is something that does happen, where companies pretend that they are kind of busy and operating, but actually they're completely out of funds. right So right it always takes some time for funds to get ready and funds to transfer and stuff like that. So an investor wants to make sure that you can operate perfectly well while the investor gets the $8 million or whatever it is that they need to get for you and get it into your accounts.
00:16:50
Speaker
So they said we want a $400,000 proof of funds also to make sure that you guys know how to use crypto because, you know, they said we're going to have a relationship together and we're going to be sending you funds and crypto. So I want to make sure that you guys even know how to use crypto.
00:17:04
Speaker
right so show me that you can put 400 000 into this crypto account then i will verify it to know that one you know how to use crypto two you have the 400 000 that you can operate in the meantime while we get the money ready so this is not completely unusual right but then we said we don't have well we didn't say we don't have we said that we're not going to put 400 000 because this is the company's money and You know, we just don't feel comfortable with it. So we were always a little bit, you know, something felt a little bit strange, but when we kind of thought about it, it sort of checked out.
00:17:42
Speaker
So what we did is we put $50,000 into the the the ah proof of funds fund. So we took $50,000 and put it in. So first, I put it into a Coinbase account, okay? Okay.
00:17:57
Speaker
And then, now so this is another interesting thing, again, for the purpose of your podcast, which is about crypto, not necessarily about scams. So i but I put the 50,000 into a Coinbase account.
00:18:11
Speaker
So then i gave them the address and they check it on the Etherscan, right? So Etherscan is what you can use to see the publicly available ledger.
00:18:23
Speaker
And then they wrote back an angry email, you guys are trying to scam us. There's nothing in the crypto, in the the ether scam. And I was like, what? But I just put it in. So I sent them a screenshot of my Coinbase account with the 50,000. And they said, no, no, that's not good enough. Why is it not showing up on the Ether scan?
00:18:43
Speaker
So I learned something that I didn't know. And that is that some of the crypto companies are custodians of your money. And others, oh yeah you are the custodian of your own money.
00:18:56
Speaker
right so in other words i bought the 50 000 on coinbase oh sorry i should say that everything was done in usdt right so the tether uh the tether crypto coin which is linked to the u.s dollar so it fluctuates only within a penny or so of the u.s dollar so when i say 50 000 there's 50 000 us dollars but in usdt tether cryptocurrency right So um they didn't see it on the Etherscan.
00:19:26
Speaker
And that's because I had only bought $50,000 worth of Coinbase's own, you know, 100 million um pot that they have of the cryptocurrency.
00:19:39
Speaker
right So Coinbase still owned it. It wasn't actually in my possession. It was just that I owned that fraction of Coinbase's money. So it doesn't show up on the Etherscan as personally in my wallet because they are the custodian of it.
00:19:56
Speaker
but So I didn't know about this. So then they said, all right, you've got to put it into a different account and They said, put it into a trust wallet.
00:20:10
Speaker
So I took out a trust wallet account and I transferred the $50,000 into the trust wallet. And then they said, no, no, sorry, we made a mistake. Put it into Atomic Wallet.
00:20:21
Speaker
Now, this is really the point when I should have said to myself, there's no way that this is legit because why do they care what wallet it's in?
00:20:31
Speaker
course. You know, and people make mistakes. Obviously, i was an early investor in the company and, you know, they were offering eight million and there was, you know, months of discussion. So every time I felt this is a scam, something would happen that ah convinced me that it wasn't. Right. And again, the main thing is just that the websites operating all of this had been around for eight years.
00:20:56
Speaker
So I figured, I mean, if it's a scam, oh, and they also had registered, they also filed, ah you know, with the European equivalent of the Security and Exchange Commission, right? So like they filed their taxes and everything.
00:21:09
Speaker
So I just figured, I mean, this can't be a scam because they're a legit company. um Little did I know that so a few days after all of this, the European Commission issued a warning that their filings were not done properly.
00:21:25
Speaker
And everything came apart. Yeah. So if you look at the the website that talks about all of this, the ah crypto scam website that I set up, it shows that there's a screenshot of the European Commission's report saying to avoid these people because they didn't file properly.
00:21:41
Speaker
So, you know, unfortunately, the timing was wrong. If I had waited another week, ah this report would have come out. But nevertheless... What's the name of the company? What's it incorporated as?
00:21:53
Speaker
Yeah, so it's Tesalia Asset Management and the Luxembourg Financial Regulator. It's a CSSF issued a warning about Tesalia, T-E-S-A-L-I-A,
00:22:07
Speaker
Tesalia Asset Management. if you look them up, you can see ah that there's a warning about illicit activities issued by the It's the Luxembourg Financial Regulator.
00:22:25
Speaker
So anyway, but again, you know we were dealing with them for several months and there was no warning issued, so we just figured it was legitimate.
00:22:37
Speaker
Anyway, so they told us to put the money into the Atomic wallet. Okay, so I put the money, 50,000, into Atomic wallet. And then they were able to check that on Etherscan, right? So the Atomic wallet is a self-custodian, so you, the owner of the wallet, actually have that money in your personal wallet.
00:22:56
Speaker
So they looked it up on the Etherscan, and they confirmed that, yes, indeed, the 50,000 is there, that's good, you guys know how to do it. And then they said, to We're going to start preparing the money and we'll do the transfer soon.
00:23:10
Speaker
Pardon me. But they said, before that, we want to do a small exchange of crypto to make sure that everybody's wallet address is working.
00:23:22
Speaker
Now, this is where the real scam took place. da So... When people are doing a large crypto transfer, it is not just not not unusual, but a good practice to do a small transfer beforehand because there are so many things that can go wrong with a crypto transfer. One being that you've typed in the wallet address incorrectly.
00:23:49
Speaker
Two being that you're using the wrong network to transfer the money. right So there's all sorts of ways that you can muddle up a crypto transfer. And of course, that's one of the negative things about it. Now, once you get used to using crypto, these kinds of things won't happen.
00:24:03
Speaker
But for somebody who is new to it, you've got to be careful about that. So the last thing you want is to like have millions of dollars of transfer go to the wrong wallet. Right.
00:24:13
Speaker
So, course right. So it's perfectly reasonable and I'm sure you would agree, right? Once they said, okay, we see the money, that's fine. And we're going to start initiating these transfers. But before we do that, you know, you give us dollar, we'll send it back to you. So we'll make sure that we each have each other's proper, wallet addresses and that everything's working perfectly reasonable.
00:24:35
Speaker
um But this is where the problem happened. So we did a Zoom call and um we were discussing with them and they said, okay, now take your phone out and everything looks good. So let's just transfer. And he goes, I don't know, let's do five cents just back and forth to make sure that we're each having each other's correct addresses and stuff like that.
00:24:57
Speaker
So he told me to um type in five cents that I'm going to send. So I typed in 0.05, five cents into my atomic wallet ah send system.
00:25:11
Speaker
And they said, okay, now here's the QR code for our wallet. And again, nothing unusual about this because these wallet addresses could be 24, 30 alphanumeric strings long.
00:25:28
Speaker
So you don't want type that in by hand. That's where you can make a mistake, right? So you want some electronic way of getting the numbers. So he held up his QR code in his phone to the screen. And I took a picture of the QR code and that automatically populated his wallet address that I was going to send it to. ah Perfectly reasonable.
00:25:48
Speaker
and then I sent the money. Now, the problem is this. There are a few issues with the atomic wallet system that are serious security flaws that I just didn't know about and didn't even imagine that they could be flaws like this because they are so egregious.
00:26:09
Speaker
You would imagine that a fairly popular wallet would not have these flaws. So let me explain very carefully what happened because it's actually, you know kudos to them, quite brilliant.
00:26:21
Speaker
Okay. So first of all, the QR code that the recipient gives you so that you can get their wallet address to send them the money, which again is a very good practice because you do not want to type in by hand some 24-string long, a character long string, right?
00:26:43
Speaker
Some companies allow the recipient to type in an amount into the QR code that also has their address, and some don't.
00:26:54
Speaker
So Coinbase does not allow it, right? So if you have a Coinbase wallet, you can't, it's not an option to enter in the amount into the send code for obvious reasons.
00:27:05
Speaker
Because if you are, If you are paying somebody else some money and that person that you're paying is the one who determines the amount, right?
00:27:16
Speaker
That can open up a lot of possibilities for abuse. You know, you might not notice that they've changed the amount, right? They can say, okay, you type it in, and which is what they did. They said, you type in your five cents. So I typed in five cents.
00:27:29
Speaker
Then they send the QR code. with a new amount encoded into it. So I didn't actually, because I use Coinbase mainly, I didn't know you could even do this. I thought the QR code is only for the address.
00:27:42
Speaker
I did not know the recipient can code in their own custom amount into that, right? So that's a dangerous feature in my opinion. Oh yeah. right It totally is. it Not only that, but it's also, it comes from the idea of easier, I guess, like and experience. It's like, oh, if you want to, you know, you want to request like a tenor from your friend, just send them this code. But 100% with you there, it could easily, and obviously, you know, as you're explaining, has been exploited.
00:28:15
Speaker
all right So it is a massive security flaw. I do agree. Yes. Right, so I'm glad you agree me on that score. And some again, some wallets don't allow it and others do. So obviously they knew that Atomic Wallet allowed it, so they wanted to use that. But that's just the beginning.
00:28:29
Speaker
So the other thing is that when they gave me the QR code, and in that QR code there was a new amount, and that amount overrode the amount that I typed in manually,
00:28:42
Speaker
There was no notice from Atomic Wallet that the amount you just typed in, mister, has just been changed by the person you think you're sending it to. Now, it did say where on the final button, you know, send this amount, like it confirmed the amount.
00:28:57
Speaker
But there should be a double warning, you know, like, are you sure you want to change the amount that you just typed in? Because think about it. If the person owning the money just types in an amount and then it gets changed automatically by the recipient, it shouldn't just say, okay, ready to send your amount of this and that.
00:29:15
Speaker
It should say, warning, the amount has just been changed. Do you agree to that? Right. But there was no warning, no indication that it had been changed.
00:29:26
Speaker
So that's one serious flaw. Right. I mean, like in a simple, you know, any web based form that you're typing in and then you want to change something, you know you press cancel and it says, are you sure you want to cancel and use your work and lose your work? Right. I mean, this is very standard.
00:29:41
Speaker
So when it comes to sending them money, there should be ah confirmation warning. You have a new amount has just been. has just overwritten the amount you typed in.
00:29:54
Speaker
Do you agree? Because if the human being is typing in an amount, the app has to assume that that is the primary amount. And if it gets changed, you'd better warn the person that it's just been changed.
00:30:06
Speaker
That's number one. Number two is hard to believe. But as you can imagine, mean, I won't show, because this is mainly a podcast, on a podcast so i'm going to describe everything instead of show you, and I don't have it geared up on my phone right now. but we can put We can put some ah ah some stuff in um in the in the post, in the editing. Like if you have any pictures you want to point me to, we can put them up just ah on there so people to see. Okay. I mean, I'll describe it because it doesn't matter the exactly. But the basic idea is very clear, right?
00:30:36
Speaker
I typed in 0.05 US dollars, right? So just imagine a screen with an entry. So I typed in 0.05 US dollars. So on my wallet screen, it says, you know, sending 0.05 USD.
00:30:52
Speaker
And then there's an equal sign, right? And it says 0.049977 USDT, right? So again, USDT is called tether because it's tethered to the American dollar. the usdt is a taste called tether because it's tethered to the american dollar But it's not 100%.
00:31:08
Speaker
99.99% the same the US dollar. So 5 cents US equal to 4.9977 cents USDT. So on my screen, it says 0.05 US equals 0.049977 USDT. so five cents u is equal to oh four point nine nine seven seven cents ah usdt okay so on my screen it says zero point zero five us s dollars equals zero point zero four nine nine seven seven usdt Well, when I did the QR code and I got their wallet address and it changed the amount, it only changed the USDT amount.
00:31:50
Speaker
And the US dollar amount on the screen still said equals five cents. So the wallet did not update the US dollar equivalent.
00:32:03
Speaker
when the new USDT Tether crypto amount was entered in through the QR code. So, I mean, it should have, because...
00:32:16
Speaker
When a human being is dealing with crypto, as you well know, generally your eye kind of focuses on the US dollar equivalent when you're doing various transactions, because, you know, it's fluctuating. You don't know what 3.119 Dogecoin is worth, right? You kind of look at the US dollar side of the screen to make sure that you're sending the amount you think you're sending, because I mean, we operate in US dollars. We don't operate in the crypto.
00:32:43
Speaker
So, I mean, your eye is going to basically check that to make sure, you know, just before you click send that everything looks okay. and i mean, of course, you may look at the crypto you may not, but, you know, 1.39 Ethereum doesn't really mean all that much to most people, right? It's the U.S. dollar that they're really thinking in terms of.
00:33:00
Speaker
So for the screen to say 5 cents US dollars equals 49,977 Tether is ridiculous.
00:33:16
Speaker
Like once the Tether got updated, it has to automatically update the US dollar equivalent. But it didn't. So the whole time, my screen was saying this is 5 cents the year sent him.
00:33:30
Speaker
Next, and this is where the criminals were really clever. So they told me to put in 0.05 cents, and i was like, okay, that's fine.
00:33:42
Speaker
And then they knew that would be, you know, they had a minute before they calculated it so they would see what the value is. So they prepared the QR code with this. So it says 0.0499. Right, because they had access to your wallet address. Right, exactly. So they knew what you had in your account, so they knew the amount to put in the in the code. Exactly.
00:34:01
Speaker
So 0.049977 Tether. they the QR code entered in 0049977 Tether. So all that happened when the new amounts overwrote the amount that I had typed in was the decimal disappeared.
00:34:23
Speaker
Right. So, again, let me say it again so everybody listening is clear on this. Right. I typed in zero point zero five U.S. dollars. Right.
00:34:35
Speaker
Five cents. Zero point zero five. The tether then kind equivalent was 0.049977, right? basically 4.9 tether cents. not quite 5 cents, but 4.9 cents. So again, 0.049977. The amount was 0049977, the app read as...
00:34:50
Speaker
not quite five cents but four point nine cents so again zero point zero four nine nine seven seven new amount was zero zero four nine nine seven seven which the app read as forty nine thousand nine hundred and seventy seven tether crypto dollars.
00:35:14
Speaker
So the other flaw is that they don't remove the two zeros before the 4999. So by removing the decimal, right, the app read it $49,000 with two zeros before, it right? So the full amount that I sent, right? So when it said, you are now sending 0049977, didn't notice anything.
00:35:36
Speaker
i didn't notice anything There's no way that a human being is going to notice this It looked exactly like the 0.049977 that it had said a minute earlier.
00:35:49
Speaker
Wow. Isn't that amazing? That's crazy. that that and And leading zeros are not a thing. like exactly Exactly. so but They practically don't exist.
00:36:02
Speaker
That's so weird. So the it looked so you know think about this. I don't want to belabor the point, but I just want to make sure that the list is, because it's so crazy, right? So, you know, it looked to me like the same number.
00:36:16
Speaker
That's number one. The app allows leading zeros and doesn't remove them when you process it. You know, it still kept the leading zeros the whole time. It didn't warn me that anything had been changed, right?
00:36:30
Speaker
And it didn't even update the US s dollar equivalent to say $49,990. Well, I guess it would have been US s dollars is equal to you know tether but it didn't update the u dollarlar equipment So I click send and the money was there.
00:36:51
Speaker
And then the guy says, okay, thanks. I got your five cents. Uh-huh. Yeah. Okay. And he goes, oh, I just have to check something. And then I'll get back to you. then they closed the Zoom. And I was waiting a minute, two minutes, five minutes.
00:37:05
Speaker
I contacted him. Hey, what's going on? No answer. 10 minutes. And was like, huh, that's weird. What's going on? So I went to check the wallet and all the money was gone. And I was like, what on earth just happened?
00:37:20
Speaker
Jesus. You know, because I said, I sent five cents. I confirmed it. I saw it said five cents. That's what I did. like What happened? And I just i felt that it was one of the worst moments in my life. i mean, this is dangerous.
00:37:38
Speaker
Now, because thank God it was 50,000. What if it had been the 400,000 that they had asked for? Right? I mean, what it had been that amount? I mean, that is, like, dangerous.
00:37:49
Speaker
You know, I mean, if somebody is having other problems in life and that happens to them, You know, it can be bad. Let's just put it that way. No, it's horrible. It's a...
00:38:02
Speaker
I do give it to them though, to be able to figure out all that kind of workflow from the from the perspective of like, you know, socially engineering, what is the person likely going to, you know, pay attention to what's likely to escape, you know, your, your, your, your eye.
00:38:18
Speaker
Like right that probably takes some, I don't know, like scammers focus group or something to just, yeah just be, yeah but yeah. have to give them credit. Yeah. I have to give them credit.
00:38:30
Speaker
Yeah. So, you know, it was one of the lowest points of my life. Like, I couldn't believe what I had been so stupid. But I said, but I wasn't stupid. I'm not an idiot. I know how to use crypto. mean, I know what I sent.
00:38:42
Speaker
And i was upset. And then the CEO of the company, he says to me, you know what, Daniel? I think that my computer was set to like record meeting of this meeting.
00:38:55
Speaker
i said, what? He said, yeah, I'm pretty sure that like I was recording something else with somebody. i think I forgot to set you know the auto record off. Let me check. He's like, yeah, I recorded it. was like, oh my god, you recorded it all. That's fantastic.
00:39:09
Speaker
So I spent the next 48 hours just going over the recording of the meeting. One time, two times, just nonstop trying to figure out what happened, what happened.
00:39:19
Speaker
And I'll tell you, the first five times I watched it over, I still couldn't figure, even watching ah recording of it carefully, I still couldn't figure out what had happened. Because I didn't notice the decimal was missing, right? Like, it took me, and then suddenly, was like, wait, wait, wait, stop that frame.
00:39:38
Speaker
I was like, oh, my God, there's no decimal there. And then I was like, oh, my God.
00:39:48
Speaker
You know, and but at that point, I didn't even know that you could code the amount into the QR code. So I noticed the decimal wasn't there. And I said, but wait, but why isn't the decimal there? I mean, I got his wallet address. I typed it in.
00:40:01
Speaker
And was like, wait a minute. It all happened when I got the QR code. So is it possible that a QR code can have an amount in it? And I looked it up, and sure enough, it was. was like, well, i you know, then I figured it out.
00:40:14
Speaker
But it is a brilliant scheme. Now, so I figured that all out. And the last thing I'll say is that I was then like, but there's one missing link here. How could they have been operating for eight years with a website, you know, scamming people?
00:40:30
Speaker
I mean, like, if you've got a fixed website, You can find who hosts the websites and find the people doing this. Like it can't just be that they're doing with a regular website registered with, you know, the hosting companies. Like this doesn't make sense.
00:40:46
Speaker
ah Just a regular Monday in Luxembourg. Right. Yeah, right. I guess. very No, but so what I suddenly said, wait, hang on, Daniel. Let's use the Wayback Machine.
00:40:58
Speaker
and see what that website looked like five, six years ago. And sure enough, it was a completely different website with the same address. And then I went back three months, and there it is. so I realized, brilliant, they bought an existing website that has no problems with it, and they made the name of their company a name that matched the existing address of the website. right so I forget what the website, TS Management, so Tesalia Management.
00:41:29
Speaker
It was like TS Capital was the name of the website. They called their company Tesalia. so It looks like it's been their website all these eight years, but it wasn't it was around legit website for eight years, but it wasn't theirs.
00:41:43
Speaker
They bought it from somebody else and a couple of months earlier had put up the Tesalia website. See, so wow it's brilliant, right? mean, they are smart. It's definitely well organized. It's well planned. It's premeditated. there's There's been obviously a lot of thinking involved, a lot of planning involved.
00:42:02
Speaker
Probably you might not even be their first victim. It sounds like it went well so smoothly. yeah These guys were really like switched on as to what they're doing and how they're going about it.
00:42:14
Speaker
right like I wouldn't be surprised if they'd be behind like dozens of of of cases of scenarios like this. Exactly. And that's precisely why i made my little website that explains how it was done and why I want to do podcasts like this, so that people can know that this stuff is going on.
00:42:30
Speaker
Because I'm a professor, I have a PhD, right? I'm not a stupid person. And I thought, you know, I've heard about these internet scams, but I won't be the one who gets scammed, right? Because I'm smarter than them.
00:42:43
Speaker
Guess what? I was not smarter than them. you know And I fully admit it. I admit that they were they outsmarted me. And everybody listening, you think you're smart as well.
00:42:55
Speaker
But some of these criminals are so sophisticated that you cannot figure it out. like I am proud to say that no human being would have figured this out while it was going on.
00:43:07
Speaker
you know between the website being legit. And I mean, that's a very clever little bait and switch, right? That they used a legit website and then a few months earlier had changed it. And sure enough, one or two weeks after all this, it did all collapse. And you know so you can get maybe a three-month window you know if you're scamming a bunch of people like this.
00:43:25
Speaker
But then it's going to not work. So, which I It's a rinse and repeat, though. It's a rinse and repeat. Yes, exactly. They can find another website. You get a new your name, new identities.
00:43:37
Speaker
Exactly right. So just be careful out there, everybody. There are all sorts of techniques that you just cannot think of. You think you know everything, but you don't.
00:43:48
Speaker
and And also, I have to say, I blame Atomic Wallet. I mean, it's strange that Atomic Wallet has those security features, right? um Have you reached out to them at all?
00:43:59
Speaker
Yeah. Oh, yes. I reached out to Atomic Wallet and I explained everything. And I got like just a regular form letter. We are sore you had a bad experience with our product. It does clearly say when you download it, you know, that the terms of service are any money that you lose is your responsibility and not ours. you know, I I'm sure they're all lawyered up.
00:44:16
Speaker
So I just got a form letter. And then I wrote back saying, this is not just another like problem with the wallet. this is ah It's not an inconvenience. like I've lost 50K. There's likely other people that have lost more than that.
00:44:29
Speaker
yeah you know like Yes, it's your it's your terms of service, but at the same time, you have a responsibility. If your users are being taken advantage of, you have a responsibility to your users and to your own organization to make sure that doesn't happen because people are just going to go and stop using Atomic Wallet.
00:44:44
Speaker
Right, exactly. i mean, the least, like, okay, you don't have to have a warning if the amount has been changed, although you really should, because, I mean, why would that happen? There's only one reason that ah yeah a person with the money would type in an amount they're sending.
00:45:00
Speaker
Then after that, the person they're sending to changes the amount. You've got to think that, i mean, if you don't type in anything, that's understandable. You know, it's like some easy UI feature. I i don't want to bother typing in the number. I just take the cook QR code and it has the wallet and the amount and presto, it's sent easy.
00:45:16
Speaker
But if you type in an amount already, doesn't that suggest that you think you're going to be sending this amount? And if it gets changed, there has to be a warning that it's been changed. That's number one.
00:45:28
Speaker
but even with right But even without that, I mean, that's like good practice, but it's not like a legal issue. But if the amount gets changed, you damn well had better also change the U.S. s dollar equivalent of what the crypto has just been changed to.
00:45:46
Speaker
It's like at one moment, like the screen should not be in state, you know, as we call it in program, right? A state in which it says u dollar five cents, tether $49,000, like equals $49,000 tether.
00:46:02
Speaker
You cannot have that. It's got to automatically update the US dollar equivalent as well. I mean, that is really just terrible. And it said 49,000, but with the leading zeros, right? Leading zeros, exactly. So you don't notice right Right. That is very sneaky.
00:46:20
Speaker
That's so sneaky. Right. So, I mean, yeah they all came together. You wonder, like, if this is an accident. I mean, I don't know. It just seems, like, so perfect. But... at any rate i i think i think they were fully aware of all of these these like proclivities of of the of the atomic wallet that's exactly why they got you to use atomic wallet right and like i'm sure they've done it before i would like to understand who these guys are and and how long they've been operating for yeah and just you know if anyone or or if you or if anyone has any information that that they're willing to divulge uh
00:46:56
Speaker
you know, to to put the word out there just so people are aware of who the people are behind the scam. I'm guessing you're aware of the, well, obviously you said the Salia Asset Management, so that's the shell company they created for it. But do you know the people behind this scam allegedly?
00:47:12
Speaker
um Well, i mean, they gave us names that are on my right website. So one of them claimed to be Rudolf Bouvier was his name. And he claims to be related to the Swiss Bouvier, there's a bill
00:47:27
Speaker
ah that made their money through art dealing and he claimed to be related to them. So that's what he claimed. Now, obviously he wasn't, but, um, and it's also unfortunate for the family that he's using their name, uh, you know, to, uh,
00:47:44
Speaker
so we did notify the Bouvier family actually about this to let them know because they probably have a lot more legal um legal assets at their behest than I do. Oh, I should also point out that of course we spoke to ah you know lawyers about this and can they help us? And the lawyer said...
00:48:01
Speaker
You know, listen, guys, I'd like to help you, but I just got off the phone with somebody who lost, you know, $15 million dollars in crypto. So ah your 50,000 is very low on the poll. I mean, people are losing a lot of money, again, through social engineering scams.
00:48:17
Speaker
So those of us who are fans of crypto, there's nothing wrong with crypto. And in fact, as you well know, Crypto is much safer than regular money. I mean, it is way easier to counterfeit some so regular dollars than it is to do my muddle around with the crypto system.
00:48:33
Speaker
Right. So anybody who's willing the crypto is not safe is going to be muddled up. I mean,
00:48:40
Speaker
I guess if somebody was able to manipulate 10 million computers at once, you could muddle around with the crypto. But you can better believe that that $20 bill you're holding is much more likely to be fake than some sort of crypto money.
00:48:55
Speaker
That's for sure. Yeah, yeah. and And you've spoken like a true maximilist there, sir, I have to say. ah having been Having been through the experience that you've gone through, which is obviously horrible and I wouldn't wish it on anyone, but still being on the side of cryptocurrency kind of speaks to speaks to your understanding of the technology and and and that's very kind Yes, no, of course, because again, it's all the fault of the wallet.
00:49:20
Speaker
And a lot of the news articles, pardon me, A lot of the news articles about crypto scams don't clarify that it's the wallet and it was social engineering. In other words, the person did something. i mean, this was social engineering. I did send the money.
00:49:36
Speaker
You know, they didn't steal anything, really. mean, they manipulated me to send them. I mean, the screen did say you are now sending $49,000.
00:49:47
Speaker
It just said it in a way that a human being wouldn't notice that it says, right? But I mean, it did say it and I did press it, right? they And many of the articles you read are not clear about this because as you know, many of the people reporting on the crypto field, they might have just gotten the crypto beats, you know, their financial and they don't actually know how it works. So they themselves get a little bit confused about what's a wallet and what's the ledger system itself, right? Right.
00:50:13
Speaker
And there can be problems with the wallet and with your access codes that have nothing to do with the integrity of the blockchain ledger, which is as ironclad as anything that humans have made is, right?
00:50:27
Speaker
Again, maybe it could be manipulated, I don't know, but it's harder to manipulate than pretty much anything that exists, right? Yeah. Oh, yeah. hundred percent 100%. Right. So, I mean, pet it's important that people differentiate the wallet issue Right. Which is an app on your phone that actually manipulates the crypto from the blockchain itself.
00:50:48
Speaker
Right. Yeah. ah regarding Regarding the funds, have you um once the funds were in their hands, have you done anything to try to track the funds and see how they kind of operate and maybe find wallets that that would be good to flag with exchanges around their organizations just to to have to keep an eye out if those wallets ever hit a centralized exchange, you know, Binance and Coinbase, they're on them so they can flag them and stop them from withdrawing these funds.
00:51:17
Speaker
Yes, that's exactly right. So we did. So the other strange thing about crypto is that it's both anonymous and public, right? And I'm sure you've talked about this in some of your work. This is one of the strange things about cryptocurrency.
00:51:29
Speaker
And it also confuses people who don't know anything about it, right? They hear, well, wait a minute. I've heard that it's totally anonymous, but I've also heard that you can trace every transaction. So like, Which is it? Either it's anonymous or you can see exactly what everybody spent on what?
00:51:44
Speaker
Well, it's both, right? Because as you know, it is anonymous in the sense that you don't know who owns the coins, but it's completely public in the sense that you know exactly what coins were given to what wallet.
00:51:57
Speaker
It's only a cipher a number. You don't know who the actual owner of it is. So we were able to see exactly where the money went you know after us. and it was split up into different you know smaller and smaller groups of crypto.
00:52:08
Speaker
And then some of it eventually ended up at a Binance exchange. So Binance does require ID from what I understand. So there must be some way of, and we spoke to Binance, they you know were not willing to disclose anything to us about who's who.
00:52:24
Speaker
But in conjunction with the um with the legal but sort with with law enforcement of the various people involved. We're hoping that we'll be able to trace some of this.
00:52:38
Speaker
Again, it's just very low on law enforcement's radar because, you know, there are luckily we brought it down to 50,000. But there's, as you say, many people being scammed in this way, and some of them do put the 400,000 or the 1.2 million or whatever it is.
00:52:56
Speaker
And obviously law enforcement is going to be much more concerned at helping those people than us. But hopefully we will get some assistance and maybe we will be able to trace some actual um people that you know had accounts at Benounce or whatever, where some of the money eventually ended up. So we'll see. But we are working on that.
00:53:16
Speaker
Yeah, I do hope. I hope that you do. um And I'm hoping that the exchanges and and everyone else involved, they they do realize that it not just it's not just 50,000. fifty thousand It's not just your 50,000. It's an exploit that it's not being priced in. It could it could be of any any value.
00:53:33
Speaker
And you ideally wouldn't want to wait until the worst happens, right? I think... ah yeah I wouldn't know how many instances of this kind would be, but I wouldn't put it behind these people to also have fake IDs and fake identities that they've used in order to create those accounts.
00:53:49
Speaker
No doubt. No doubt. Well, I do remember that at one point we saw a Patek Philippe watch on Mr. CVA, which is priced at something like a quarter of a million dollars for that model.
00:54:04
Speaker
So that suggests... You think it was the real deal? Yes, right. So either it was just a fake watch or he's done this a lot. Right? So I don't know. But... Well, in either case, he's... Either case says that he's planning to to to be doing that a lot because if he's got a fake watch, that again plays into social engineering. They want to make you believe that they have all the money and it's important and...
00:54:29
Speaker
Exactly. he might i mean He might have made sure that we saw the watch just to kind of show that he has the money. He didn't mention, you know, look at the watch, but the idea being that he really wants people to think that he has the money.
00:54:40
Speaker
So either he does because he scammed many people, or again, he's just a very, very good social engineer. so yeah And that's happened before. There's there's various cases where that that exact kind of m MO ah played out. There was this, ah and it's a fascinating documentary as well, ah regarding the Tinder swindler. on on it's It's available on Netflix, or it used to be at least.
00:55:01
Speaker
like This guy... That was just driving around in Rolls Royces, just taking private jets, just deducing these women, you know, telling them that he's a billionaire and he's got all this money. But hey, I just need 40K from you because like all my bank accounts are frozen and like the terrorists are coming after me or whatever.
00:55:18
Speaker
And then... you know, they'd get enamored with the guy. They think, oh, you know, obviously I've seen his jets. I've seen his cars. I've seen his shirts and watches. He obviously has all of that money. So yes, I'll give him my life savings because to him, you know, it doesn't mean anything.
00:55:32
Speaker
He'll just give me back. He'll just pay me back tomorrow or whatever. And then he defraud all these people out of hundreds of thousands, maybe millions of of dollars ah in a total amount. And it's it's crazy, you know, how appearances can can really make people...
00:55:46
Speaker
either either you know fall for something or be very cautious of something. Absolutely right. People really judge based on appearances. and And of course, We did background checks and it checked out. So they really had, put this was a long con as they call it, right? They had planned this for a long time.
00:56:06
Speaker
They made sure to get the website that looks like it's been around for while. Like they knew everything that we would do to check and they blocked all of this off. um The one thing, it's interesting, in retrospect, there is one thing that we didn't do.
00:56:21
Speaker
Because, I mean, we called the number and of Tessaly and they would answer, you know, yes, Tessaly Management. ah But this is, again, for the listeners, if you should get into something like this. Since, as I said, they were registered with the Exchange Commission in Luxembourg and they had an address and everything.
00:56:39
Speaker
What I should have done was looked at a Google map of the address. I mean, I did it later on. Looked at a Google map and you can see the actual streets right on the Google view street view.
00:56:52
Speaker
Go to the street number that they say and and zoom in. And I could see the names of the companies in that building, you know, because Google Maps is so good and their name was not on the building.
00:57:05
Speaker
So I could have realized that you know if I had gone to Luxembourg or another thing I could have done was called. There's a cafe in the building. And I actually thought, i mean, this is all after the fact. Right.
00:57:19
Speaker
But there was a cafe in the building. I could have called the cafe and said, hello, can you tell me if this asset management group is actually in this building? And if they say, oh, no, they're not, then I would have known, ah, okay. So they don't actually exist in the office that they say they're in.
00:57:36
Speaker
I mean, because we called the number and the answer and the website. So we didn't actually you know look at the actual building. But that's the one giveaway is that there wasn't actually an asset management company in the building that they said that they were in in Luxembourg.
00:57:51
Speaker
that's... Which is strange considering how easy it is to get virtual, well, manage office addresses. At least in the UK, there's a whole industry where you could buy your PO box in a managed office for like £100. Was that $120 a month or something?
00:58:10
Speaker
You pay that fee, you get a little office, and you also get the creds. If someone goes there and checks, they can see your like plates or whatever. So it wouldn't have been an insignificant amount of money for them yeah to pay.
00:58:21
Speaker
But what blows my mind about this is because you've said this has been going on for months and there's been discussions and obviously, you know, I've got website, you've got registered business, you have to to to register with the equivalent of the SEC in Luxembourg.
00:58:35
Speaker
um You have to carry out all these Zoom meetings. You need equipment, you maybe need work office space, like so much work put into this thing just so they don't have to work legally.
00:58:45
Speaker
Like it's... Yes, I know. du You could have started a business. Like you could have actually started a legit business. Exactly right. i mean, these are smart. I mean, to figure this scam out, these are not stupid people.
00:58:58
Speaker
And again, we did have Zoom meetings with them. because It's not like they were hiding their identity or anything like that, you know? um They spoke well. Wow. they were Exactly. These people could be engaged in legitimate business and be contributing to society instead of just stealing from people. I mean, this kind of ah they're clever, you know, and it's a real shame that they devoted their lives to this scam business. But, you know, it is what it is. Yeah.
00:59:28
Speaker
Well, thank you again for reaching out and for, for you know, telling your story. I feel it's it's of of immense value to anyone that's in crypto, anyone that's looking to start a business in crypto and anyone that's working with crypto. I think we all kind of assume that because the technology has been there, it's, you know, safe to to put those, you know, to to to put your guard down.
00:59:52
Speaker
And I think... When it comes to self-custodian wallets, I would just, you know based on your story, urge everyone to just not go for anyone that accepts key amounts in QR codes.
01:00:07
Speaker
um If anyone ever scans a QR code, ah please, please, please do double or triple check the amounts there. um If anything seems fishy, copy paste the wallet address instead of scanning the QR code.
01:00:22
Speaker
And if anyone has any information about the Thessaly asset management or or or knows of any similar stories or or people impersonating startup founders or VCs in in crypto and tech, please reach out to me. Please reach out to Daniel. We can maybe help help put the pieces together and find out who these people are and make sure that they don't take advantage of that exploit anymore.
01:00:45
Speaker
Exactly. Thank you so much for this opportunity. I really enjoyed telling my story and I hope it was helpful to the listeners. Nice meeting you. Bye, Daniel. but