Whistleblower Outs ‘Wolf of Kyiv’ for $70 Million Bitcoin Scam

A whistleblower has revealed the existence of a 200-employee Ukrainian Bitcoin (BTC) trading scam that netted $70 million in 2019. 

The whistleblower outed the scam by providing footage and internal company documents to Swedish newspaper Dagens Nyheter, which reported the news on March 1. 

The scam predominantly targets investors based in Australia, New Zealand and the United Kingdom by using fake news articles advertised on Facebook and some mobile game platforms. 

The stories feature interviews with celebrities who purportedly made a killing by investing in crypto — including Gordon Ramsey, Hugh Jackman and Martin Lewis.

Ukrainian company Milton Group accused of operating scam

The whistleblower claims that the scam is being perpetrated by Ukrainian company Milton Group from two floors of an office building in Kyiv. The offices are kitted with professional telephone and client management systems.

After responding to the ads, victims would be contacted by call-center workers promising extraordinary returns from cryptocurrencies, foreign currencies and commodities. Fake account statements detailing profits are used to entice further investment from the scam’s victims.

Jacob Keselman, the CEO of Milton Group stated that the allegations against it are “incorrect” in a phone interview with Dagens Nyheter. Keselman describes himself as “the wolf of Kyiv'' on his Instagram profile.

Scammers encourage victims to borrow to invest

The whistleblower claims to have been a part of the scams “retention” team, where he was expected to make 300 calls each day. 

He was tasked with “squeez[ing] the money” from clients until their “last cent,” and was remunerated on a commission basis. 

The operation reportedly poses under many different business titles, including contacting victims under the guise of offering scam recovery services after they have already been duped. If receptive, victims are encouraged to install software on their computer that allegedly steals their online banking information.

The scam also impersonates national tax authorities, posting letters demanding that prospective victims settle fabricated tax debts.

Some victims have lost everything

The organization reportedly netted $70 million in 2019, and Dagens Nyheter noted that many victims have been duped out of their life savings.

Internal documents reportedly show employees gleefully recounting having “f***ed” investors, including a note on a customers’ account that states, “Getting f***ed every month for at least 1,000 EUR. Gets pension on the 20th/works every Tuesday.”

The Guardian contacted 16 British victims of the scam, who recounted receiving an onslaught of phone calls after responding to ads. A victim identified as Teresa stated:

“You get bombarded by all of these different companies. I don’t know if any of them are the same. They were calling all day, every day, all through the weekends […] Sometimes you’re on the phone to one company and the phone is buzzing with a call from another.”

Dagens Nyheter spoke to one 67-year-old Swedish victim who claimed that she can no longer pay her rent or buy food. Internal documents revealed her file, which contained a note stating, “Sold her home to pay, no money, crying.”

Crypto threat landscape evolves

February saw cybersecurity firm ThreatFabric identify several sophisticated Remote Access Trojans (RATs) targeting cryptocurrency wallets and exchanges.

The RATs include ‘Cerberus’, which targets Coinbase users by stealing 2-Factor Authentication (2FA) codes for the Google Authenticator app.