Top executives at crypto payment firm MoonPay fell victim to a sophisticated email scam that cost the company $250,000 in Ethereum. According to U.S. Department of Justice filings, the perpetrators spoofed the identity of real estate developer Steve Witkoff to trick the executives into participating in a fake fundraising event.
The scam targeted MoonPay CEO Ivan Soto-Wright and executive Mouna Ammari Siala, who believed the email to be legitimate. Trusting the forged communication, they transferred a quarter-million dollars’ worth of ETH to addresses controlled by scammers.
The funds were quickly distributed across multiple wallets, a typical laundering tactic in crypto-related fraud. Blockchain data confirms the movements, though the incident had no direct impact on Ethereum’s market price or on DeFi platforms.
Authorities have linked the scam to individuals in Nigeria, a region that has surfaced repeatedly in similar social engineering schemes. This case once again demonstrates how even high-level executives at well-funded fintech firms can fall prey to cyber deception.
“This was an unfortunate event. We’re reviewing internal controls and working closely with authorities,” said MoonPay CEO Ivan Soto-Wright following the incident.
While phishing and email-based scams are not new, this case stands out due to the status of the individuals involved and the amount stolen. It also highlights the growing trend of Ethereum being the asset of choice for scammers due to its traceability and liquidity.
Experts emphasize that this is a wake-up call for the crypto industry. Security protocols, executive training, and stronger verification processes must evolve to combat increasingly advanced social engineering attacks. The use of high-profile personas and timely events to gain trust is a hallmark of such frauds.
The incident has prompted industry-wide discussion on the need for enhanced digital communication security — especially for those handling large crypto transactions. As the crypto space continues to grow, so too does the importance of vigilance, verification, and user education to avoid falling into these increasingly sophisticated traps.
