Crypto Con artists leave trail of ‘Rip Deal’ victims from Amsterdam to Rome

by Arthur · February 27, 2023

The nascent and barely regulated crypto industry is full of exploits, hacks and digital pump-and-dump schemes – some of which rake in hundreds of millions of dollars in a matter of seconds, from a computer somewhere, the identity of the perpetrator usually hidden behind a fake online identity.

So it would seem almost quaint or straight out of a Hollywood script that a crew of smooth-talking con artists would spend weeks or months courting blockchain project leaders, spin off a fanciful and elaborate investment narrative, and then follow up with in-person face-to-face meetings at a restaurant – only to eventually abscond with single-digit millions of dollars in cryptocurrencies and never be seen or heard from again.

And yet, based on interviews with victims and authorities, this exact scenario has played out multiple times in recent months in cities across Europe, including Rome, Barcelona, Amsterdam and Brussels.

It’s crypto long con.

Cases have been referred to authorities in Austria and Italy, according to victims and a German police officer who has interacted with some of the victims.

According to the officer, who asked not to be named due to the ongoing nature of the investigation, police are categorizing this wave of crypto scams as “rip-deals” – tempting offers where victims are promised large sums of money but end up emptying their own pockets .

Victims’ accounts of their interactions with what appear to be rip-deal gangs are eerily similar: Scammers posing as investment agents meet their victims face-to-face in a restaurant or hotel lobby, asking for proof of funds. Victims set up a crypto wallet that appears legitimate – but co-opted by the fraudsters – and then fund the wallet. Once the funds are transferred, the fraudsters can somehow empty their wallets. The main working theories are that they obtain the victim’s private keys or exploit security flaws in the wallet.

The most prominent and public victim to date is Webaverse co-founder Ahad Shams. Earlier this month, he shared a statement over Twitter that he had been the victim of a $4 million crypto hack after encountering scammers posing as investors in a hotel lobby in Rome.

Recently, another victim, Chris Hunter, CEO of Coin Publishers, a firm that focuses on publications and data for crypto savings and loan products, shared his account of a similar scam setup he experienced in Barcelona, Spain.

According to several people who said they were victims of the fraud, the authorities are actively investigating whether the incidents are connected.

German police told CoinDesk that they are not aware of any ongoing investigations in Germany into this scam, but confirmed that Shams’ case had been forwarded to a special investigator in Austria who specializes in rip-deal gangs.

In November, Austrian authorities sentenced an Austrian citizen with Serbian roots who was arrested in Rome and extradited back to Vienna, after allegedly carrying out a rip-deal with four victims and stealing their crypto. The details alleged in the case were similar to those in the Shams and Hunter stories.

The difficulty in catching these gang members is that they operate across different jurisdictions, making it difficult to track their movements.

“What we lack at the national or European level is some kind of database” that has pan-European information about these gangs, the German police officer told CoinDesk.

Although the German officer said they are not aware of any ongoing investigations related to Shams’ case in Germany, another source told CoinDesk that the German authorities contacted another crypto-rip-deal victim in 2021 about their active investigation after the victim was defrauded in Amsterdam.

Other rip-deal victims told CoinDesk that Italian authorities are investigating similar scams that have taken place in Rome.

The scams that have taken place are like a scene from countless Hollywood noir or neo-noir features – The Sting, The Spanish Prisoner, the Grifters, Snatch.

None of the victims are sure how the fraudsters managed to steal their money from their wallet without having any kind of interaction on their devices; some suspect that there may be hidden cameras in the restaurant, or perhaps hypnosis was involved.

Since the publication of the Register’s article, multiple sources have told CoinDesk that they suspect some scammers posing as victims have attempted to infiltrate victims’ Telegram groups to gather information about what they know and which authorities they’ve spoken to, which has caused more distrust among members who have already lost a lot of trust – in each other, business, law enforcement, the crypto industry, and perhaps humanity more broadly.

Other victims or near-victims CoinDesk spoke to, who asked not to be attributed to avoid embarrassment or further victimization, described having experiences similar to those Shams and Hunter described in their public statements. Victims would show up to a specific restaurant the scammers picked in Rome, and the scammers would insist on being seated at a specific table if they were seated elsewhere.

One detail that permeates most of the victims’ accounts is that the fake investors said they worked for or with a “Joseph Safra.”

The German police officer told CoinDesk that he was willing to speak to a reporter in part to warn other crypto companies to be on the lookout for similar scams.