Pinillo targeted more than 1,500 victims, including his own congregation. Scams using social engineering and malicious bots are evolving to compromise crypto wallets and sensitive data through platforms like Telegram and fake meeting apps. Meanwhile, the sentencing of former Celsius executive Roni Cohen-Pavon has been postponed to 2025 to potentially help in the prosecution of ex-CEO Alex Mashinsky. Pastor Faces CFTC Lawsuit Over Crypto Fraud The United States Commodity Futures Trading Commission (CFTC) filed a lawsuit against Francier Obando Pinillo, a pastor that is accused of orchestrating a $6 million cryptocurrency Ponzi scheme targeting more than 1,500 people. Some of his victims include members of his congregation in Washington state. The CFTC announced the legal action on Dec. 10, and the regulator alleges that Pinillo engaged in fraud and misappropriation through a multilevel marketing scheme under the guise of cryptocurrency trading and staking services. According to the complaint that was filed in a Spokane federal court, Pinillo presented himself as the CEO of Solanofi, Solano Partners Ltd., and Solano Capital Investments. He claimed that he developed a ”Solano ecosystem” that utilized advanced crypto trading platforms. Between November of 2021 and December of 2023, Pinillo allegedly convinced customers that his operations traded popular cryptocurrencies like Bitcoin (BTC), Ethereum (ETH), Tether (USDT), Solana (SOL), and Dogecoin (DOGE). He also promised monthly profits of up to 34.9% through a proprietary trading bot and software. The workings of a Ponzi scheme (Source: Dimond Kaplan & Rothstein ) The scheme also included a staking service branded as Solanofi 2.0, which guaranteed profits. To encourage participation even more, users were provided with an online dashboard showing fabricated account statements and were offered a 15% referral fee for recruiting others. The CFTC's investigation revealed that these claims were entirely fraudulent. There was no automated trading program, no actual customer accounts, and no trading activities or profits. Instead, Pinillo misappropriated all of the funds that were transferred by customers. The CFTC revealed that Pinillo targeted unsophisticated people with very minimal knowledge of crypto transactions. He also took advantage of his position as a pastor and communicated predominantly in Spanish to gain their trust. The regulator is seeking restitution for the affected victims, the forfeiture of the funds that were generated through the scheme, a permanent trading ban, and an injunction to prevent any future violations. Another New Scam Targets Crypto Wallets Unfortunately, the latest crypto scam stories do not stop with Ponzi schemes. Scammers are also increasingly using a combination of social engineering and fake Telegram verification bots to deploy crypto-stealing malware, according to blockchain security firm Scam Sniffer . In a recent post on X, Scam Sniffer shared some details about a new scam tactic involving fake X accounts impersonating popular crypto influencers . These accounts lure victims into Telegram groups with promises of exclusive investment insights. Once users join these groups, they are asked to verify themselves through a fraudulent bot called “OfficiaISafeguardBot.” This bot uses urgency tactics, like short verification windows, to pressure users into compliance. During the verification process, the bot injects malicious PowerShell code that downloads and executes malware that is designed to compromise computer systems and crypto wallets. According to Scam Sniffer, this malware has been responsible for large amounts of private key thefts that allowed scammers to raid wallets. The firm acknowledged that while malware targeting crypto users has been around for years now, the sophistication of these scams advanced rapidly. Successful heists encouraged the evolution of scams into a “scam-as-a-service” model, where tools like wallet-draining software are rented out to phishing operators. This particular combination of fake X accounts, Telegram channels, and malicious bots, however, is a newer development. The firm also reported a rise in impersonation scams on X. Its monitoring systems identified an average of 300 fake accounts daily in December, compared to 160 in November. At least two victims reportedly lost more than $3 million after interacting with malicious links and signing transactions prompted by these fake accounts. The threat extends beyond just Telegram and X. Scammers Target Web3 Workers Web3 workers are also facing targeted attacks from scammers using fake meeting apps to inject malware and steal sensitive information, according to a report by Cado Security Labs. The campaign involves scammers posing as legitimate companies by creating realistic websites and social media accounts by using artificial intelligence. They contact potential victims, often through platforms like Telegram, and prompt them to download a meeting app named ”Meeten,” which frequently changes its name to evade detection. Some of its previous aliases include ”Meetio,” ”Clusee.com,” ”Cuesee,” ”Meeten.gg,” ”Meeten.us,” and ”Meetone.gg.” The app contains the Realst info stealer that is designed to extract critical data like Telegram logins, banking card details, and crypto wallet information. After this information is gathered, it is sent back to the attackers. It can also harvest browser cookies, autofill credentials from applications like Google Chrome and Microsoft Edge, as well as data from Ledger, Trezor, and Binance wallets. Example of one of the fake meeting apps (Source: Cado Security ) Scammers employ very sophisticated social engineering techniques, including impersonating known contacts to discuss fake business opportunities. In one case, an attacker sent a victim an investment presentation from their own company. Others reported being on Web3-related calls, downloading the malicious software, and subsequently losing their cryptocurrency holdings. The attackers increase their credibility even more by setting up AI-generated company websites with blogs, product descriptions, and active social media profiles on platforms like X and Medium. These websites often contain Javascript that is capable of stealing crypto stored in web browsers, even before the malware is installed. Variants of the malware exist for both macOS and Windows. It is estimated that the scheme has been active for around four months. Former Celsius Executive's Sentencing Delayed In other crypto crime related news, Roni Cohen-Pavon, the former chief revenue officer of the collapsed crypto lending platform Celsius, will not face sentencing on Dec. 11 after an agreement between United States prosecutors and former Celsius CEO Alex Mashinsky. In a Dec. 9 court filing, Judge John Koeltl approved a request to delay Cohen-Pavon’s sentencing until after Mashinsky’s, which is scheduled for April of 2025. Prosecutors suggested that Cohen-Pavon’s cooperation might provide valuable information relevant to Mashinsky’s case. Cohen-Pavon pleaded guilty to four felony charges, including conspiracy to commit price manipulation, securities fraud, and wire fraud, and has been awaiting sentencing since his arrest in September of 2023. He initially pleaded not guilty but changed his plea after being indicted in July 2023 for misleading Celsius users and profiting from price manipulation alongside Mashinsky. Both parties are expected to report back to the court on April 18, 2025, when Judge Koeltl could decide Cohen-Pavon’s fate. Roni Cohen-Pavon Mashinsky, the former CEO, agreed to plead guilty to two charges earlier this month as part of a deal with prosecutors. He admitted to misleading users about regulatory approvals and concealing sales of his CEL token holdings. He also agreed to forfeit $48 million in proceeds from the fraudulent scheme. If convicted, Mashinsky could face up to 30 years in prison. The Celsius platform filed for bankruptcy in 2022 due to a massive market downturn that left millions of users unable to access billions of dollars in their accounts. The company’s collapse was one of the largest in the crypto space. In November, a bankruptcy court approved a reorganization plan that allows Celsius to distribute approximately $2 billion to creditors starting in 2025. Cohen-Pavon was allowed to travel between New York and Israel under a $500,000 bond and was permitted to travel to Singapore in September. The potential impact of his guilty plea and cooperation on Mashinsky’s sentencing is still unclear, but it could influence the court’s decision.
