TL;DR
- Between November 2024 and June 2025, an OTC scam unfolded on Telegram, defrauding investors of over $50 million through fake discounted private token sales.
- The scheme promised token deliveries after a 4 to 5-month vesting period; it fulfilled early rounds to build trust and later recycled funds from new investors in a classic Ponzi structure.
- When defaults began in June, it was revealed that all operations were funneled to a central operator tied to a Binance-listed project, now under investigation.
Between November 2024 and June 2025, a scam was executed that deceived investors of various profiles, resulting in losses exceeding $50 million.
How Was the Scam Carried Out?
The scam was orchestrated through OTC offers on Telegram, promising tokens at discounts of up to 50%, with vesting periods of 4 to 5 months. Those who joined early rounds received their tokens on time, which built credibility and attracted new capital. As the scam progressed, the absence of rigorous controls and the trust it generated enabled the growth of a Ponzi operation that ultimately collapsed under the weight of its own deception.
At the start, a central operator known only as “Source 1” coordinated the informal sale of tokens allegedly allocated to early investors of projects such as SEI, Aptos, SUI, and Graph, among others.
The offers were shared in private, invitation-only Telegram groups. These groups were made up of regular OTC investors who trusted the reputations of those promoting the business opportunities. To reinforce the appearance of legitimacy, actual token deliveries were made in the early phase, using assets either sourced from the open market or from vesting allocations that hadn’t yet officially expired but were accessible for OTC deals.
How the Fraud Expanded and the Warnings That Were Ignored
The strategy behind the scam relied on using funds from new investors to cover earlier commitments while maintaining the appearance of a viable project. Seeing fast returns, venture funds, large portfolio investors, and traders began committing increasingly larger amounts. To mask the reliance on constant new inflows, additional intermediaries known as “Source 2” and “Source 3” were introduced, though they funneled all operations back to the same primary operator. The lack of formal contracts and proper on-chain verification allowed the cycle to continue.
Starting in February 2025, the offering expanded: new tokens like NEAR, Axelar, Fluid, Celestia, and over 30 other assets were added, covering infrastructure layers, decentralized finance, and metaverse-related projects.
Although several of these project teams publicly issued warnings stating that no such agreements existed and making it clear this was a scam, the trust built through early deliveries led many investors to dismiss the alerts and give in to the temptation of quick profits. The rapid expansion and growing variety of offered tokens made it increasingly difficult to verify the project’s actual backing. When delays or inconsistencies emerged, excuses like KYC processing issues or travel delays were used to explain the lack of evidence.
Breaking the Cycle: Those Involved and the Fallout
In June 2025, the deliveries began to fail: the final offering centered on the Fluid token, and the distribution process started breaking down. Without any verifiable explanations, excuses once again pointed to technical issues or delays, but this time with no supporting evidence. On June 19, Aza Ventures admitted the scam after confirming that the primary operator had been using new funds to cover old obligations, officially exposing the Ponzi dynamic. With all fund inflows traced back to a single source, the capital necessary to sustain the scheme dried up.
Attention turned to an individual of Indian nationality tied to a Binance-listed project as the suspected orchestrator. Although his identity is currently being withheld by Aza Ventures to privately pressure for fund recovery, on-chain tracking allegedly identified transfers totaling nearly $24 million to interlinked addresses.
The accused denied any involvement. The associated company publicly distanced itself from its founder, claiming he had deviated from the project’s original vision. Authorities in India are expected to begin formal investigations. Meanwhile, the brokers caught in the fallout are working on various reimbursement strategies and remain in active talks with the suspected mastermind.
Consequences for Investors and the Market Impact
Exposing this web of criminal activity severely damaged trust in informal OTC offerings, triggering sharp price drops in tokens associated with the scam. It also revealed vulnerabilities in vesting-based models lacking solid guarantees.
Several large investors suffered significant capital losses; some are now facing financial difficulties and emotional distress. This incident highlights once again the importance of thoroughly vetting the origin of any asset and exercising caution when operating in unregulated, informal ecosystems.
For future OTC operations, it will be essential to verify counterparties’ credentials and audit on-chain transaction histories before committing any funds, regardless of the amount. Paying attention to official warnings from project teams will also help identify and avoid suspicious offers.
While OTC markets offer early access opportunities, it’s critical to formalize agreements that clearly specify vesting conditions, timelines, and remedies for breaches.
