< Back to all blog posts
Mar 05, 2020
3A whistle-blower has revealed the existence of a 200-employee Ukrainian Bitcoin (BTC) trading scam that netted $70 million in 2019.
The whistle-blower outed the scam by providing footage and internal company documents to Swedish newspaper Dagens Nyheter, which reported the news on March 1.
The scam predominantly targets investors based in Australia, New Zealand and the United Kingdom by using fake news articles advertised on Facebook and some mobile game platforms.
The stories feature interviews with celebrities who purportedly made a killing by investing in crypto — including Gordon Ramsey, Hugh Jackman and Martin Lewis.
The whistle-blower claims that the scam is being perpetrated by Ukrainian company Milton Group from two floors of an office building in Kyiv. The offices are kitted with professional telephone and client management systems.
After responding to the ads, victims would be contacted by call-center workers promising extraordinary returns from cryptocurrencies, foreign currencies and commodities. Fake account statements detailing profits are used to entice further investment from the scam’s victims.
Jacob Keselman, the CEO of Milton Group stated that the allegations against it are “incorrect” in a phone interview with Dagens Nyheter. Keselman describes himself as “the wolf of Kyiv’’ on his Instagram profile.
The whistle-blower claims to have been a part of the scams “retention” team, where he was expected to make 300 calls each day.
He was tasked with “squeez[ing] the money” from clients until their “last cent,” and was remunerated on a commission basis.
The operation reportedly poses under many different business titles, including contacting victims under the guise of offering scam recovery services after they have already been duped. If receptive, victims are encouraged to install software on their computer that allegedly steals their online banking information.
The scam also impersonates national tax authorities, posting letters demanding that prospective victims settle fabricated tax debts.
The organization reportedly netted $70 million in 2019, and Dagens Nyheter noted that many victims have been duped out of their life savings.
Internal documents reportedly show employees gleefully recounting having “f***ed” investors, including a note on a customers’ account that states, “Getting f***ed every month for at least 1,000 EUR. Gets pension on the 20th/works every Tuesday.”
The Guardian contacted 16 British victims of the scam, who recounted receiving an onslaught of phone calls after responding to ads. A victim identified as Teresa stated:
“You get bombarded by all of these different companies. I don’t know if any of them are the same. They were calling all day, every day, all through the weekends […] Sometimes you’re on the phone to one company and the phone is buzzing with a call from another.”
Dagens Nyheter spoke to one 67-year-old Swedish victim who claimed that she can no longer pay her rent or buy food. Internal documents revealed her file, which contained a note stating, “Sold her home to pay, no money, crying.”
February saw the cybersecurity firm ThreatFabric identify several sophisticated Remote Access Trojans (RATs) targeting cryptocurrency wallets and exchanges.
The RATs include ‘Cerberus’, which targets Coinbase users by stealing 2-Factor Authentication (2FA) codes for the Google Authenticator app.