The Wiseling Recap: Anatomy of a $45 Million Crypto Scam

TRM InsightsInsights

July 26, 2021

The ironically named "Wiseling," a purported Finnish investment company, rode high in 2020 and early 2021, promising as much as 3% daily returns on small investments. Wiseling collected tens of millions of dollars from credulous investors across the world. The details on how it could deliver these returns were sparse but seemed to satisfy investors, who then heralded their successes on social media to recruit new investment partners. But as the saying goes, "when something appears too good to be true"...

Indeed, Wiseling turned out to be a scam — a scam which netted its architects at least $45 million.

The scammers appear to have hired an English-speaking Russian actor to pose as the firm's Finnish CEO, "Matias Lappo."

A crypto-focused multi-level marketing (MLM) scheme, Wiseling operated from July 2020 through February 2021. Though presented as a Finnish company, Wiseling appears to have actually been run by Russian criminals. The scam's premise was roughly analogous to countless other MLM operations, but what made Wiseling different was the sheer scale of the scam.

To set their bait, the scammers appear to have hired an English-speaking Russian actor to pose as the firm's Finnish CEO, "Matias Lappo." Selling himself as an experienced executive, the CEO gave interviews and posted videos across the internet from his executive suite (actually a cheaply furnished temp space in St. Petersburg). As the scam grew, the company hosted lavish international events — even at the height of a global pandemic.

Wiseling accepted various methods to fund user accounts, including Perfect Money, Payeer, Bitcoin, Ethereum, Litecoin, and USDT. The minimum investment to enter the Wiseling Fund was the equivalent of $50 with a maximum deposit of $500,000. By February 2021, a river of money was flowing in — almost $37 million that month — but users also began posting about difficulties withdrawing funds. From there, the end came quickly. The CEO responded to angry investors by offering 20% bonuses on new deposits, while promising that all funds deposited were insured. The company's website went down, then came back, then finally went offline for good.

Wiseling's Bitcoin deposits and withdrawals; July 2020-February 2021

All the while, the money was escaping out the back door. In its eight months in operation, Wiseling had managed to collect at least $102 million from its investors. The organizers began withdrawing large amounts of money relatively early, but the final rush came in February. Over a period of a few days, $25 million was quickly cashed out at large cryptocurrency exchanges around the world. In total, Wiseling's organizers appear to have stolen nearly $45.4 million and by February 21st all of the money was gone. Gone too were Wiseling and its Russian CEO. In February, the Financial Supervisory Authority and Bank of Finland issued a warning and the Helsinki Police announced an investigation into Wiseling.

TRM traced the flow of stolen funds and identified various cash out points at Asian and European exchanges

Like their higher profile brethren operating ransomware schemes, the architects behind Wiseling hope to disappear into the Russian criminal underworld. In some ways, Wiseling's theft may prove a more durable revenue template for Russian cybercriminals than ransomware — extremely lucrative, but unlikely to rise to the level of international diplomacy or presidential summits. Why extort influential multinational businesses, and risk an international manhunt, when you can steal almost as much from ordinary, less influential people?

Despite Wiseling's attempt to utilize false identities and obfuscate millions of dollars in stolen Bitcoin, TRM traced the flow of stolen funds and identified various cash out points at Asian and European exchanges. A combination of on- and off-chain intelligence was identified during the the investigation process to support relevant partners with interests in Wiseling.

All cryptocurrency addresses associated with the Wiseling scam are included in TRM's database, which will auto-update any exposure to the scam for TRM users. For further information on how these updates may affect your platform as a TRM customer, or for more information about how TRM enables this type of cross-chain investigation, please contact us directly via contact@trmlabs.com.

Learn how the TRM platform can uncover nested exchanges

Fill out the form to schedule a demo with our team.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our latest insights
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
You can unsuscribe at any time. Read our Privacy Policy.