Staff Reporter
Scammers established an elaborate corporate website, assumed famous businessmen identities, offered millions in investment, and used a clever QR code trick to empty crypto wallet set up as “proof of funds” by startup’s CEO.
By Daniel Veidlinger, PhD
Professor, California State University, California
Angel Investor, San Francisco, California
Profile: https://apps.csuchico.edu/directory/Employee/dveidlinger
Feb 5, 2025
I am writing this article as a public service to explain the workings of a complex internet scam targeting tech startups, disguised as potential investment from prominent ultra-wealthy individuals.
My findings suggest that similar schemes have impacted many startups globally in recent years. Unfortunately, information regarding these scams has largely remained outside the public domain, hindering entrepreneurs from implementing effective preventive strategies.
After meticulous analysis, I have gained a thorough understanding of how this scam operates. My aim is to increase public awareness of this intricate fraudulent activity and to help others steer clear of becoming victims.
I want to emphasize key aspects in this article to ensure that readers are well-equipped to handle a similar scam if they encounter one.
Recently, a North American AI startup, in which I hold an investment, fell prey to such a scam. Thankfully, the CEO of the company had discreetly recorded conversations with the fraudsters, including a Zoom meeting during which cryptocurrency was stolen from a wallet established as “proof of funds”.
Through a thorough examination of the video recordings, we managed to decipher the technique used in the theft. The company is now working alongside law enforcement and has also made available to the public key recorded videos and communications with the scammers; see below.
INVESTMENT OUTREACH :
The story begins on June 14, 2024, when “Jacob Laurent”, International Relations Manager at Tesalia Asset Management (“TAM”), contacted via email an AI startup in which I am an investor. He explained that TAM was a European single family investment office representing ultra-high net worth individuals who were interested in investing in the firm.
This is TAM’s website (which has since been taken down): https://www.ts-capital.com/
Luxembourg’s financial regulator, CSSF, has also flagged Tesalia Asset Management for fraudulent activities; please refer to their public warning for more information:
After additional discussions and signing of a Non-Disclosure Agreement (NDA), “Jacob Laurent” arranged an introductory call between the CEO of the startup and TAM’s portfolio manager, “Robert Maximillian Getty.” Robert (misleadingly) asserted that he was part of the billionaire Getty Oil family through his father and the billionaire Miller Duty Free Shops family through his mother. For further details about his background, please refer to his TAM website profile below [1].
During subsequent conversations, “Robert Getty” made a point to highlight his prominent business relationships. He claimed to have a strong connection with James Gorman, the Chairman of Morgan Stanley. His meetings were held over Zoom, seemingly while he was in a chauffeured Mercedes. He showed interest in investing USD 5 million at a significantly higher valuation compared to the company’s previous financing round. As an inducement, he invited the startup’s CEO to Monte Carlo after the investment was finalized and enjoy time together on his yacht.
Following two Zoom meetings, “Robert Maximillian Getty” suddenly withdrew from further investment discussions citing an undisclosed “personal emergency.”
BILLIONAIRE INVESTOR :
“Jacob Laurent” then presented the company’s CEO to “Rudolf Bouvier,” who (inaccurately) asserted that he was the “nephew” of billionaire Swiss art dealer, Yves Bouvier [2]. Rudolf explained that he had EUR 5 million in cash that he wanted to invest via a convertible debt instrument before August 8, 2024, to avoid certain Swiss tax liabilities.
After multiple discussions on Zoom, the two parties reached a consensus on an investment of USD 8 million. The startup’s CEO instructed his corporate law firm to prepare an investment agreement and send it via email to Rudolf Bouvier, with a copy forwarded to the executives at TAM. Upon examining the document, Rudolf conveyed his approval of the terms outlined within it.
It is essential to recognize the critical involvement of “Jacob Laurent” at TAM in enabling the investment scam. He consistently communicated updates to startup’s CEO about his interactions with “Rudolf Bouvier” on the potential investment.
Clearly, his responsibilities went well beyond simply scouting for technology firms to present investment options to his company’s clients. He was a crucial figure within the criminal operation, carefully evaluating the CEOs he engaged with, nurturing beneficial relationships with them, collecting their feedback on the deceptive investor calls he coordinated, and supplying them with false information to sustain the ongoing investment discussions.
WALLET REQUEST :
A week or so after the investment agreement was received, Rudolf Bouvier abruptly notified the startup’s CEO that the Chief Financial Officer (CFO) of TAM had advised him to reserve USD 1.2 million in cryptocurrency for a period of three months to comply with certain Swiss regulatory requirements. This amount represented the total interest on the proposed USD 8 million convertible debt investment. He reassured the startup’s CEO that the USD 1.2 million would be sourced from his investment, emphasizing that the AI firm would not be liable for any potential loss of assets from the crypto wallet.
Rudolf Bouvier then elaborated to the startup’s CEO that he needed to be sure about the company’s ability to meet his Swiss regulatory requirements and requested that it set up a crypto wallet for this purpose.
Additionally, he mentioned that the CFO of TAM advised that the startup should deposit a minimum of USD 400,000 into the crypto account as evidence of available funds. The startup’s CEO informed Rudolf that he could not use company’s cash for this purpose and offered to contribute USD 50,000 (fifty thousand) from his personal funds to the wallet.
At this juncture, I was contacted by the startup’s CEO as a trusted shareholder with a background in cryptocurrency. He asked me to create a wallet for Rudolf Bouvier for demonstration purposes. The startup’s CEO later transferred USD 50,000 from his personal funds to purchase required crypto assets for “proof of funds”.
ATOMIC WALLET :
I started by setting up a cryptocurrency wallet on Coinbase, where I transferred roughly USD 51,000 in USDT assets. For those unfamiliar, USDT or Tether, is linked to the US dollar, which ensures that its value stays close to that of the dollar, unlike other cryptocurrencies.
The wallet address was later shared with Rudolf Bouvier, who quickly informed that the assets within the wallet could not be validated on Etherscan, a public platform associated with the blockchain ledger. We later found out that this issue was due to Coinbase’s policy of acting as the custodian for all initial asset purchases, which meant that purchased assets were not immediately listed as belonging to the individual’s wallet.
To enable third-party asset verification, I then created a crypto wallet on Trust Wallet and moved the USDT assets from Coinbase into it.
Once Rudolf Bouvier confirmed the USDT assets through Etherscan, he made yet another request: the crypto assets had to be held in an Atomic Wallet to serve as “proof of funds.”
Although I was confused by this sudden change in crypto wallets, I followed the CEO’s directive as he was worried about losing the deal. I downloaded version 1.29.5.
WALLET INSPECTION :
With Atomic Wallet set up correctly and its crypto assets publicly confirmed, Rudolf Bouvier expressed his satisfaction with fulfillment of his investor requirements. He communicated to the startup’s CEO that he was ready to complete his investment and would shortly direct TAM’s CFO to commence a wire transfer of USD 8 million
However, a small issue required attention. He wanted to introduce the CEO to his nephew, “Nathan Lambert”, who played a big role in the family enterprise. He assured that Nathan would serve as a significant contact moving forward.
During a Zoom video conference, Rudolf Bouvier presented “Nathan” and asked him to examine the crypto wallet to confirm that all was correct. This request prompted considerable unease with the CEO, especially since wallet’s assets had already been validated using 3rd party Etherscan app.
The startup’s CEO was hesitant to approve wallet examination during the Zoom video call and requested more time to consider Rudolf’s request. Ultimately, given that the wallet contained his personal funds and not his firm’s, he opted to agree to the request.
CRYPTO THEFT :
Following the startup CEO’s decision to verify Atomic Wallet account through a live token transaction conducted by Rudolf Bouvier’s nephew, Nathan, a Zoom video call was arranged.
I participated in that fateful Zoom call, which took place on August 23, 2024.
Nathan expressed his desire for us to transfer to his wallet an amount equal to 5 U.S. cents in USDT, a form of cryptocurrency. He explained that this transaction would serve as a means to assess our firm’s capability in handling cryptocurrency transfers in future.
To initate the token transfer, he first requested that we manually enter USD 5 cents into the Atomic Wallet. He then asked us to scan his wallet’s QR code using the Zoom call camera to get the address to which the token amount needed to be sent.
I agreed with Nathan’s request as I knew how handy QR codes are in simplifying the process of entering recipient crypto wallet addresses. I could also somewhat understand the reasoning behind doing a token transaction to verify wallet addresses for future transactions. In my experience using the Coinbase wallet, I found it more convenient to scan a QR code to retrieve the recipient’s wallet address rather than manually entering a lengthy hexadecimal address of nearly 40 characters.
I was unaware, however, that a predetermined crypto amount could also be embedded in a recipient’s QR code address. Essentially, when the sender scans the QR code to retrieve the recipient’s address, the QR code automatically fills in the intended transfer amount. This functionality has sparked controversy due to its potential for abuse, particularly regarding the risk of misleading individuals into sending more money than they initially planned. A more pressing issue is that the programmed amount in the QR code overrides the amounted manuallyl entered by the sender in Atomic Wallet without providing any user notification. Furthermore, Atomic Wallet fails to update the U.S Dollar equivalent of the new cryptocurrency amount that has been introduced through the recipient’s QR code. Consequently, users may find themselves confronted with a screen indicating they are sending $0.05 USD even though the QR code has specified a different amount, such as $49,977 USDT. These bugs in Atomic Wallet are further compounded by a noticeable visual error that eliminates the decimal point in front of the scanned USDT amounts while still retaining the leading zeros before that figure. This resulted in the final screen displaying USD 0.05 and USDT 0049977.
I thus manually entered 5 cents in USD, but because of the wallet’s technical flaws, inadvertently sent nearly 50,000 USDT instead.
I should point out that during the crypto wallet inspection and transaction, Nathan took great care to ensure that we positioned the phone screen towards the camera. This approach minimized the chances of identifying any issues with Atomic Wallet prior to hitting the send button. However, the scam was so cleverly executed that a cursory inspection of the screen would likely not have revealed the underlying problem.
THEFT ADMISSION :
Following cryptocurrency theft incident, the startup’s CEO confronted the scammers about their crime on WhatsApp.
Rudolf Bouvier, the gang leader, initially tried to pressure the startup’s CEO to keep the theft under wraps to avoid personal public humiliation. When his efforts failed, he nonetheless confessed to the crime in writing.
Nathan Lambert, the QR code generator, claimed that the wallet owner had transferred only USD 0.05, despite blockchain data indicating a transfer of 49,977 USDT.
CASH CONVERSION :
The startup engaged a blockchain expert to trace the stolen cryptocurrency. Her findings revealed that the perpetrators had subtly moved the stolen tokens in small amounts across multiple wallets to obscure their activities, ultimately converting them into cash on two platforms, Bitget and Binance.
This is the present situation. I hope this incident acts as a cautionary tale for people who find themselves in a comparable scam from strangers offering significant investment.
Video Recordings :
The following secretly recorded videos of Zoom calls with scammers illustrate their crypto theft methodology involving wallet inspection and token transaction.
I kindly request that you share this article widely via email and social media as a public service [5].
Thank You
[1]] We have reason to believe that the “Robert Getty” with whom we spoke is not a member of the billionaire Getty Oil family.
[2]The actual Yves Bouvier, a billionaire Swiss art dealer, has no relation to or association with “Rudolf Bouvier,” the individual pictured above who claimed to be his
[3]] IMPORTANT: Please note that the QR code is still active. We advise against scanning it, as doing so may redirect funds to unscrupulous parties.
[4] While the perpetrators employed Jewish greetings, we have reason to believe that they are not Jewish and are merely pretending to be part of this community.
[5] This article was originally published as a blog post: https://id8tr.com/crypto-scam/
