Scam & Crypto — A Never-Ending Story
This is a short story relating to a sophisticated scam attempt of the Mochimo foundation.
Volume I - The spotlight
It all started two weeks ago. Our community was ecstatic because the Mochimo crypto currency had been listed on Coinmarketcap (CMC).
After spending so much time and effort to build our project from scratch, it felt like a dream come true to reach that milestone. Little did we know, that dream would nearly become a nightmare.
A new listing on CMC meant being flooded with messages on every social media platform from people interested in becoming part of this project. We were always confident that delivering innovative solutions and building great tech would eventually catch people’s attention; and that more and more enthusiasts would join our community. We believed this time had finally arrived. Unfortunately, not all newcomers had good intentions.
People contacted us claiming to represent large exchanges like Poloniex, Binance, and Kraken. Others claimed to be famous YouTubers and Twitter crypto personalities. We were able to easily dismiss the obvious bogus proposal, however, some managed to pass through our screening and one, in particular, brought us close to an epic fail. Thinking back, we did overlook some of the red flags but can you really blame us though? We had launched the first post-quantum secure cryptocurrency; quantum computers are on the rise, with progress breaking every few months. It wouldn’t be so odd for a big player to be interested in a project like ours. But these were indeed scammers and quite sophisticated ones at that.
Don’t get me wrong: this is crypto; we are not naive. But the level of professionalism of some of these scammers was well above the ordinary “Nigerian prince”.
Instead of the usual clearly bogus emails, we were seeing spoofed e-mail domains, well-crafted websites, and even some legitimately compromised social media accounts used to contact us. E-mails that once came from obviousscammer@fakedomain.com now featured spoofed addresses. Discord direct message links connected us to fully developed websites with seemingly legitimate social media presence, scraping content from the web presence of successful projects nested in transparent frames. Filtering the legitimate from the bogus became a project of its own, so we followed the basic rule: if it sounds too good to be true, it’s is probably a scam.
You can only imagine how skeptical we were when Justin Sun of the Tron Foundation reached out.
Volume II - The hook
The scam started with a message on LinkedIn. Mochimo Founder’ Matt Zweil received a message and invite to connect with “Shelley Wu — Chief Marketing Officer Tron Foundation”:
Nice setup you got going at Mochimo.
An applaudable concept i must say.
Drop you email to confirm your call Schedule. Our CEO Justin Sun wants to have a chat with you as he is considering making an investment plan for your project.
Shelley Wu
CMO, Tron Foundation
His initial reaction was “great, another scammer”, but her profile had over +500 LinkedIn connections and was listed under the official Tron Foundation company. “We can’t afford to ignore this.” Matt reasoned, so he engaged.
The first e-mail came from an address @tron.network, the official domain of the Tron Foundation. Take a look at the screenshot below. Do you see anything wrong? We didn’t.
Even though we were suspicious, we also felt honored, flattered, and even excited at the idea of what this could mean for our project.
During the following team meeting, Matt advised the team “I’m going to get him on video chat, so I know we’re not being scammed”. Matt reached out later that evening on Skype to the address provided. Pleasantries were exchanged and “Justin Sun” explained their new partnership program called TronDev. He suggested a video meeting; Matt didn’t even have to ask.
The Mochimo team remained convinced it was still likely a scam. Team member DefinitelyNotGeorge demanded capture of the video interaction, but Matt hesitated to violate anyone’s privacy
During the following 45-minute video call, Matt Zweil was convinced he was speaking with Justin Sun.
“There’s no question it was him. I’ve seen his live streams and YouTube videos. It’s really Justin, and he really wants to partner with us!”
It was every small crypto project’s dream come true. A big player was willing to provide a platform for marketing, assistance, exchange listing, and the publicity that came with partnering with one of the biggest names in crypto. At the end of the conversation, Matt sent a chat message to summarize the deal:
After the video, someone from the TronDev project reached out to Matt Zweil via e-mail to secure an application form for partnership, just as a formality. The website was almost perfect:
The formatting, hosting, social media links, login buttons, and application form worked perfectly. Mochimo’s security engineer reviewed it, though, and pointed out some problems. For one, the website had only been in existence for two days. Aside from that, the hosting provider for this site was different from Tron’s main website hosting. Matt mentioned the newness of the website via Skype message to Justin, and was told: “yes, it’s a brand new partnership program, but all the application forms should work, so please fill them out and e-mail the application to let them know when you are done”.
When Matt got to the step requiring his identity verification documents, he emailed TronDev explaining that he expected the same from them. They assured him they would provide the necessary documentation. Matt completed the process, with a redacted copy of his ID for the time being.
Meanwhile, Matt asked Justin to follow the Mochimo project on Twitter. However, Justin demurred saying he wanted to wait until the deal had been signed.
A few hours later, the TronDev email provided a copy of Justin Sun’s ID and the incorporation documents for the Tron Foundation.
The truth is, up until this moment, the hope of being able to establish such an important partnership had allowed the team to overlook some things that in hindsight were obvious red flags. Why would Justin want to do a coin swap, but require an extra $30,000 in BTC? Why were there no public social media mentions about this new partnership program? Why would the domain for the website have been registered just two days prior, even if it were a new program? Why wouldn’t the Tron Foundation use their existing website as they did for everything else? Why wouldn’t Justin follow us on Twitter?
Sometimes you so badly want something to be true that you’re willing to overlook almost anything.
Volume III - The snag
The Mochimo foundation was on the road to being scammed out of 30% of its coins. When the TronDev team finally replied with Justin’s passport, this is what they sent. Can you tell what’s wrong?
We don’t blame you if you thought it looked legitimate at first glance. Let’s take a deeper look:
The numerous copy-pastes, font changes and bad blurring screamed fraudulent ID.
Volume IV - The Elements of a Sophisticated Scam
Scammers will go to incredible lengths to defraud people, but this effort was on a whole new level. Let’s review the steps they took to make this happen:
- A compromised LinkedIn Account connected to the actual Tron Foundation Company.
- A spoofed e-mail from the @tron.network domain with excellent formatting, presentation, and clean MIME data.
- A flawlessly executed fake website with operable application forms, excellent communication, and believable formatting and content using the same CSS, style, and collateral as the main Tron website.
- A well-educated scammer. The “Justin Sun” (henceforth referred to as “Justin Scam”) we spoke to knew all about the Tron network, its recent developments, and the backstory of the JST/USDJ project, all while presenting a confident, knowledgeable front.
- Excellent social engineering. Every step was calculated to make the scam appear legitimate, from using a third-person to make the connection via the trusted social media platform LinkedIn (simulating a real executive), to deflecting the contract details to be handled by a “legal team”, to providing AML/KYC credentials without argument, and then connecting us to “Justin Scam” via Skype.
These features brought us close to being scammed, but the one thing that pushed it across the line was this:
6. “Justin Scam” hosting a live video chat and negotiating the terms of the deal one-on-one with Matt Zweil.
How had Matt mistaken some imposter for Justin Sun? He swore up and down it was the same Justin Sun he’d seen on YouTube and other media. Was it a live deep fake? How did it happen?
We had to know.
Once we realized the whole thing was a scam, the Mochimo team hatched a plot to get Justin Scam back on video so that we could record it. Matt reached back out to “Justin Scam” on Skype:
“Okay — I talked to the Mochimo Foundation leadership. I’m not allowed to commit coins from the Mochimo Foundation by myself because I’m only one of the three board members. If you can do a video call with me and one other board member, so they can verify that you’re Justin, we can move forward… Will that work for you?”
For this second video chat, it appears that the scammer used an existing video interview of Justin Sun, playing it and redirecting the output to the camera feed, slowing the speed to simulate lag and pausing while we spoke. Here is the unedited recording of that interaction, as privacy courtesy doesn’t apply to scammers:
Our brains had grown accustomed to the high level of artifacts and quality degradation common to international video chat, so the inconsistencies, now obvious upon review of the footage, were attributed to the platform (lag, bad connection, bandwidth saturation). Here’s the original video interview used to perpetuate this scam:
While the developer team of the Mochimo project did get close to being fooled by those scammers, all the legal aspects of our project are reviewed by a team of lawyers. Had we missed the flaws in the passport copy, the partnership would still have been audited by Mochimo’s legal team who would have rejected the documentation upon verification. This a good example of why we decided a long time ago to do things by the book.
Let this serve as a cautionary tale to all the crypto projects trying to make their way in this world. The only thing that saved us from taking any steps closer to the edge of being scammed was one sloppily edited passport photo. If the scammers had put slightly more effort into that passport, this story may very well have had a much different ending.
The Mochimo Team
