MoonPay Executives Lose $250,300 in Online Fraud Scheme

Two senior executives of MoonPay, a prominent cryptocurrency payments company, were reportedly duped in an online fraud scheme, resulting in a loss of $250,300. The incident was detailed in a recent filing with the US Department of Justice (DOJ).

The filing, which seeks to recover 40,350 USDT (a stablecoin pegged to the US dollar) currently held in frozen accounts by Tether, refers to the victims as “Ivan” and “Mouna.” However, coverage from a crypto outlet suggests these individuals are Ivan Soto-Wright, the co-founder and chief executive of MoonPay, and Mouna Ammari Siala, the company’s chief financial officer.

According to the DOJ, the executives were tricked into transferring funds to an account controlled by an individual they believed to be Steve Witkoff, a well-known US real estate developer and co-chair of President Donald Trump’s 2017 inaugural committee. Blockchain data analysis indicates that the USDT was transferred to a wallet associated with Binance, which is linked to Ehiremen Aigbokhan, a Nigerian citizen residing in Lagos.

This case highlights an unusual scenario where senior industry figures, equipped with advanced crypto tools and security protocols, fell victim to a relatively simple form of social engineering. The scam was executed through deception via discreet email manipulation, employing bogus email addresses nearly identical to the correct ones. The scammers substituted a capital “I” for a lowercase “l” in domain names to deceive their targets. Emails were sent from addresses such as steve_witkoff@t47lnaugural.com and financersvp@t47lnaugural.com, spoofing the names of well-known individuals and events.

This practice, known as typosquatting, is commonly used in phishing scams and has proven effective even against security-aware professionals. IP geolocation data consistently showed that emails from these accounts originated from Nigeria, not the United States. Authorities believe Aigbokhan likely obtained the USDT through a scam involving an international money transfer in the US.

The scammers did not need to hack into or exploit the blockchain; they only required a convincing ruse and pitch to steal the funds. The filing noted that one of the wallets involved in the scam is a marked MoonPay wallet on Etherscan, suggesting that the individuals affected are likely Ivan Soto-Wright and Mouna Ammari Siala. As of the latest information, MoonPay has not publicly responded to requests for comment from multiple outlets.

The timing of this case is particularly sensitive, as MoonPay recently expanded its services to all 50 states in the US after receiving a BitLicense from the NYDFS. This license is one of the most difficult-to-obtain crypto regulatory licenses in the US and is crucial for operating in the financial capital. The incident may raise questions about MoonPay’s internal security controls, vetting processes, and executive oversight, especially if the victims used official company wallets for personal or poorly vetted transactions.

This case serves as a stark reminder that no one is immune to digital fraud, not even the executives of companies that help build the infrastructure of the crypto economy. Despite the advanced tools and security protocols available, the simplicity of the scam underscores the need for constant vigilance and robust security measures.