A sprawling $50 million over-the-counter (OTC) crypto scam has been exposed, implicating prominent tokens like SUI, NEAR, Axelar, and over 30 others in what insiders are calling one of the largest retail-focused frauds in recent memory. The scheme, which ran quietly on invite-only Telegram channels from late 2024 through mid-2025, deceived a network of traders, crypto whales, and venture capital firms under the guise of discounted early token deals.
According to a detailed report by Altcoin Alpha, the fraud hinged on building trust through early, seemingly legitimate deals and later devolved into a Ponzi-like operation using fresh investor capital to fulfil older obligations. Despite numerous red flags and public warnings from insiders, belief in the scheme grew until everything unravelled in June.
From Promise to Ponzi: How the Scam Gained Momentum
The scam began in November 2024 with private Telegram groups offering early OTC deals on high-profile tokens like Aptos, SEI, Swell, and GRT. Buyers were told these tokens were still under vesting and would be delivered after a 4-5 month lock-up period.
Early participants received their tokens as promised, fueling belief that the deals were authentic. The successful initial distributions created a reputation for reliability, luring more participants by the start of 2025. As stories of lucrative, low-risk returns spread, more players ranging from well-known key opinion leaders (KOLs) to VC funds joined the channel, deploying millions in capital.
By February, the volume and variety of tokens ballooned. Offerings now included SUI, NEAR, GRASS, Fluid, and Axelar. Discounts remained attractive, and the deals appeared professionally structured. That confidence, however, became the scam’s greatest weapon.
Warnings Ignored as Hype Overshadowed Caution
Despite the surging enthusiasm, public warnings began to surface. In May, Eman Abio from the SUI team posted on X, “There is NO deal!” Lucian Mincu, co-founder of MultiversX, issued similar cautions, warning of fraudulent OTC activity involving project tokens.
But the warnings were drowned out by the hype. Continued on-time distributions and the trust built by early deals led many to dismiss the red flags. Even as inconsistencies appeared, Telegram channels remained active and optimistic.
June Collapse: Delays, Excuses, and a Broken Chain
Trouble became evident in June 2025. The last known deal involved Fluid tokens on June 1. Shortly after, previously promised token distributions stopped altogether. Organisers gave vague explanations for travel delays and KYC problems but never delivered.
By June 19, the facade cracked completely. Aza Ventures, one of the primary firms involved in the deals, issued a public admission: they too had been scammed. “We believed the deals were legitimate. Early deliveries happened. But eventually, it turned into a fund recycling scheme,” the firm said in a Telegram statement.
According to Aza, multiple sellers dubbed Source 1, Source 2, and Source 3—had unknowingly routed deals through the same individual. While only Source 1 was responsible for orchestrating the fraud, the deception was deep enough to trap even seasoned intermediaries.
Tracking the Mastermind: Recovery in Motion, Identity Under Wraps
Altcoin Alpha reports that Source 1, the scheme’s alleged ringleader, is an Indian national and the founder of a Binance-listed project. Although Aza Ventures claims to know the individual’s identity, they have withheld it from the public to facilitate recovery efforts.
Investigators have begun reviewing on-chain activity. Wallets linked to the fraudster have been published, and community-led efforts to trace transactions are underway. The scam’s reach is massive, spanning more than 30 tokens, including Celestia, LayerZero, Ronin, Sandbox, Berachain, and Conflux.
As of now, no arrests have been made, but victims and investigators are working together to locate and recover funds. Whether affected parties will see reimbursement remains uncertain.
A Broader Pattern in Crypto’s Risk Landscape
This latest fraud follows another high-profile breach involving Iran’s Nobitex Exchange, where over $100 million in digital assets were stolen. In that case, hackers leaked the platform’s source code and internal systems data, placing user funds at even greater risk.
Taken together, the two incidents serve as a stark reminder: even in a tech-driven future, trust remains a vulnerability. And in the fast-moving world of decentralised finance, due diligence is no longer optional; it’s survival.
