By Daniel Veidlinger, Ph.D.
California State University, Chico
October 9, 2024
I am writing this article as a public service to illustrate the mechanism of a sophisticated internet scam being perpetrated against tech startups under the guise of potential investment by wealthy individuals. Based on my research, it appears that similar scams have been perpetrated against a number of companies around the world over the past few years. Details of the scam have mostly been absent from public knowledge. However, I have figured out how the scam took place and would like to warn others about it.
I would like to highlight the key facts here so that anyone reading this article will be suitably prepared to deal with a similar scam should they be confronted with it.
By way of background, a tech startup in which I am an investor was the victim of such a scam recently. Unbeknownst to the scammers, however, the firm's CEO secretly recorded his calls with the scammers, including the Zoom call in which crypto assets were stolen from a wallet set up as proof of funds. Painstaking review of the videos has allowed us to decipher the method by which the theft took place. The firm has since filed police reports about the scam and will also publicize the recorded videos and communication with the scammers in due course.
INVESTMENT OUTREACH :
On June 14, 2024, "Jacob Laurent", International Relations Manager at Tesalia Asset Management ("TAM"), contacted an AI startup (in which I am an investor) via email. He explained that TAM was a European single family investment office and represented ultra-high net worth individuals who were interested in investing in the company.
This is TAM's website: https://www.ts-capital.com/
It has since been flagged by CSSF, Luxembourg's financial regulator, for fraudulent activities; see their public warning about Tesalia Asset Management:
Luxembourg Financial Regulator's (CSSF's) Warning About Tesalia Asset Management
"Jacob Laurent", Tesalia's scout for contacting tech firms globally to offer investment from wealthy individuals
After further communication and execution of an NDA, Jacob Laurent set up a call for the startup's CEO with TAM's portfolio manager, "Robert Maximillian Getty". He described himself as a member of the billionaire "Getty Oil" family on his father's side and the billionaire Miller "Duty Free Shops" family on his mother's side. See his profile below[1].
He dropped names during the calls. For example, he said that he personally knew James Gorman, the Chairman of Morgan Stanley. He spoke via Zoom video link (while apparently pretending to be driven around in a chauffeur driven car) and expressed interest in investing USD 5 million at a substantially higher valuation than the company's last financing round. He also invited the startup’s CEO to visit with him in Monte Carlo after investment closing and have a good time.
After two Zoom video calls, Robert Getty abruptly excused himself from further investment discussions due to an undisclosed "personal emergency".
Profile of Robert Maximillian Getty on TAM's website
"Rudolf Bouvier", smooth talking fake investor posing as nephew of Swiss billionaire art dealer, Yves Bouvier
BILLIONAIRE INVESTOR :
Jacob Laurent then introduced the company's CEO to "Rudolf Bouvier", self-declared "nephew" of billionaire Swiss art dealer, Yves Bouvier[2]. Rudolf explained that he had EUR 5 million in cash that he wanted to invest via a convertible debt instrument before August 8, 2024 to avoid certain Swiss tax liabilities.
After negotiations over several Zoom video calls, a USD 8 million investment was agreed to between the parties. The CEO of the startup had his corporate law firm draft an investment agreement and email it to Rudolf Bouvier with a copy to TAM executives. Rudolf reviewed the legal document and said he agreed to the terms.
It should be noted that throughout the startup CEO's discussions with Rudolf Bouvier, Jacob Laurent at TAM kept him warm on the deal through regular calls and updates. He was clearly much more than a scout on the lookout for tech firms to offer investment from the firm's clients. He was an integral member of the criminal gang who felt out the CEOs he contacted, built a rapport with them, got their perspective on the fake investor calls he arranged, and fed them false information to keep investment discussions alive.
WALLET REQUEST :
Out of the blue, a week or so after receiving the investment agreement, Rudolf Bouvier informed the startup's CEO that he had been advised by CFO of TAM that he needed to set aside USD 1.2 million, the total interest on the USD 8 million convertible debt investment, in a crypto wallet for 3 months for regulatory reasons. He further stated that USD 1.2 million funds for this purpose would come from his initial investment and that he would not hold the company responsible for any loss of assets from the crypto wallet.
Rudolf Bouvier explained that he wanted to be sure about the company's ability to meet his requirements and wanted it to set up a crypto wallet. He further said that TAM's CFO was recommending that he require the firm to deposit at least USD 400,000 in the crypto account as proof of funds. The startup's CEO told Rudolf that he could not use company's cash for this purpose and offered to put USD 50,000 from his own funds into the wallet.
It is at this point that I was contacted by the startup's CEO as a trusted shareholder who had some familiarity with crypto currency, to set up a wallet for demonstration. The CEO also transferred USD 50,000 from his personal funds to purchase crypto assets.
ATOMIC WALLET :
Initially, I set up a crypto wallet on Coinbase and put around USD 51,000 of USDT assets into it. For those who are unaware, USDT otherwise known as Tether, is tied to the US dollar; unlike other crypto currencies, its value only fluctuates within a few cents of the US dollar.
The wallet address was then sent to Rudolf Bouvier who promptly reported that the wallet assets could not be verified on Etherscan, which is a public website that is tied to the blockchain ledger. I found the reason for this was Coinbase's policy of holding all initial purchase of assets as the custodian so it does not register publicly as being in the individual's wallet at first.
To enable 3rd party asset verification, I then set up a crypto wallet on Trust Wallet and transferred the Coinbase USDT assets to it.
After USDT assets had been verified by Rudolf Bouvier using Etherscan, he made yet another request: the crypto assets for "proof of funds" needed to be stored on an Atomic Wallet.
I was puzzled by this sudden change in wallets but obliged the startup's CEO. The version I downloaded was 1.29.5
Wallet Contents
Etherscan Verification
WALLET INSPECTION :
"Nathan Lambert", nephew of fake investor Rudolf Bouvier. Generated QR code to steal wallet assets
With Atomic Wallet thus set up and its assets verified, Rudolf Bouvier expressed his pleasure at meeting his investor requirements. He told the startup's CEO that he was ready to close his investment and would instruct TAM's CFO to prepare a wire transfer.
There was just one small matter. He would like to introduce the CEO to his nephew, "Nathan Lambert", who was involved in the family business. He assured him that Nathan would be a good contact for the future.
In a Zoom video call, Rudolf Bouvier introduced his nephew but also said that he would like Nathan to see the crypto wallet to make sure everything was all right. This did not make any sense as wallet assets had already been verified via Etherscan.
The startup's CEO was nervous about opening the wallet on a video call and told Rudolf that he needed time to think about it. Ultimately, given that wallet contained his personal funds and not the firm's monies, he decided to go along with the request.
CRYPTO THEFT :
With the decision made by the startup's CEO to have the Atomic Wallet account verified by the investor Rudolf Bouvier's nephew, Nathan via a live token transaction, a Zoom call was set up.
I took part in that Zoom call which occurred on August 23, 2024.
Nathan explained that he wanted us to send USD 5 cents equivalent in the USDT Tether currency. He specified that we send this to his wallet address as a test to make sure that we knew how to send and receive cryptocurrencies. So he asked us to manually enter USD 5 cents in Atomic Wallet. He then told us to scan his QR code which he held up to the camera and send the money to that address.
Recipient's wallet barcode, with money coded in it [3]
USDT 50,000 scanned, despite manually entering USD 5 cents
I did not object to Nathan's request as I knew that the QR code was a commonly used shortcut for entering a recipient's wallet address and it is also good practice to test a small amount in order to make sure that everyone involved in a large transaction has each other's correct address. In my limited experience with Coinbase wallet, I had used a QR code scan to get the recipient's wallet address for greater convenience as opposed to manually typing a nearly 40 character hexadecimal address.
What I did NOT know, however, was that an AMOUNT to send could also be programmed into a recipient's QR code address. In other words, when the sender scans the QR code to get recipient's address, the code also automatically populates the amount the sender is going to send them. This is a controversial feature as it can obviously be used to trick people into sending more money than they had realized. However, even more problematic than this is that the Send amount coded in the QR code overrides any amount keyed in by the sender on Atomic Wallet without specifically warning the sender that their manually entered amount has been changed. And, as if this were not bad enough, the Atomic Wallet does not even update the US Dollar equivalent of the new Crypto amount added through the QR code. So, one can be left with a screen saying that they are sending $0.05 USD and above that it says they are sending 49977 USDT. These Atomic Wallet bugs were further exacerbated by a glaring visual flaw that removes the decimal point in front of the USDT crypto amount scanned from the QR code but does NOT remove the zeros in front of that figure. So the final screen showed USD 0.05 and USDT 0049977.
I thus manually entered USD 5 cents but was tricked into sending almost USDT 50,000 instead.
During the wallet transaction, Nathan went out of his way to make sure that we had turned the phone screen away from us (towards the camera) so as to minimize the odds of catching the error on Atomic Wallet before hitting Send button. It should be noted, however, that the scam was so subtle that even a careful examination of the screen would not have disclosed what was going on.
THEFT ADMISSION :
Shortly after crypto theft, startup’s CEO confronted the scammers on WhatsApp.
Rudolf Bouvier, the gang leader [4], first tried to pressure startup CEO to not publicly disclose the theft. When that failed, he admitted to the theft in writing no less.
Nathan Lambert, the QR code generator, kept insisting that wallet owner had sent him only USD 5 cents despite blockchain proof for transfer of 49,977 in USDT assets.
CASH CONVERSION :
The start-up company subsequently hired a blockchain expert to trace the stolen crypto funds. She reported that it appears the thieves had moved it in small chunks to more than a dozen different locations and cashed it out on two exchanges, Bitget and Binance.
Blockchain trace of crypto currency stolen by “Nathan Lambert”
And that is where the situation stands today. I hope that this can serve as a warning to anyone who might be subject to a similar scam.
Tesalia Asset Management ("TAM"), a front for crypto scammers posing as investors
Video Recordings :
The following secretly recorded videos of Zoom calls with scammers illustrate their crypto theft methodology involving wallet inspection and token transaction.
Please widely share this article via email and social media as a public service.
Thank You
[1]We do not believe the "Robert Getty" we spoke to is a member of the billionaire Getty Oil family.
[2]The real Yves Bouvier, a billionaire Swiss art dealer, is in no way related to or associated with "Rudolf Bouvier", the man pictured above who claimed to be his nephew.
[3]WARNING: The QR code is still active! Do not scan it or it will setup a Send to the scammers.
[4]While the gang members used Jewish greetings, I have reason to believe that they were not Jewish and only pretended to be part of this community.
DISCLAIMER: id8tr hosts this page as a public service to alert individuals about potential scams. The company is not associated with any events or transactions mentioned herein.