It seems lightning does strike twice for Raees and Ameer Cajee – the two brothers behind Africrypt which was supposedly hacked and whose wallets were emptied of more than R50 billion in cryptos in April.
The Cajee brothers disappeared after the alleged hack, similar to the disappearing act performed by Johann Steynberg, one of the masterminds behind the Mirror Trading International (MTI) bitcoin scam that was placed in provisional liquidation in December 2020. MTI was a multi-level marketing scheme that managed to pull in an estimated 23 000 bitcoin (more than R10 billion at current prices).
Moneyweb has been contacted by ‘clients’ of the Cajee brothers with a familiar story.
Even before Africrypt was born in July 2019, the Cajee brothers had another investment scheme going – also hacked and emptied of all bitcoin, this time in May 2019.
“I was introduced to the Cajees back in 2019 when Raees was probably still in matric. They had supposedly developed a way to make around 10% a month trading bitcoin. Raees, as young as he was, talked a good game. I gave them quite a bit of money in bitcoin and asked them to trade it on my behalf. I was getting monthly statements over the next five or six months showing that my account had nearly doubled,” says Joe Smith (not his real name).
The Cajees’ playbook
Smith was asked to sign an agreement that exonerated the company from virtually any kind of loss, including hacks.
This is similar to the agreement with Hong Kong-based RaeCreateWealth Limited that clients of Africrypt were required to sign.
Another ‘client’ of the Cajees told Moneyweb they were prominent members of the Muslim community in Johannesburg and exploited the trust of friends and family.
“We were introduced to the Cajee brothers through friends; we could see, through the lifestyle that they were living, that [they] had money. We never suspected that [they] would steal a few hundred thousand rand. The crypto market was crashing at the time, but Raees was sending me statements every month showing me positive growth.”
Then, in May 2019, came the dreadful news of a hack.
Raees wrote to clients:
Good evening, as some of you may have already heard Binance Exchange has been hacked in the past 20 hours, unfortunately Binance is our biggest trading partner and our API (Application Programming Interface) keys have been suspended along with deposits and withdrawals for at least the next week. Binance has not given us any insight into the extent of the damage but they will honor all Bitcoins stolen in the hack. Our Hong Kong servers were compromised through the Binance API and our cyber forensics team is still investigating the incident, updates will follow in the coming days due to our large systems architecture.
We are desperately working to get back online and migrate completely to Huobi Exchange where we will be trade exclusively.
RCW will not be able to facilitate any withdrawals for the next week, we sincerely apologize for any inconvenience caused but please be rest assured we are doing everything we can.
Please understand events like these are out of the companies control completely and are impossible to prevent in this regard as we have to depend on Binance to protect our API keys.
The hack referred to was widely reported at the time, and about $40 million was reckoned to have been lost.
Another ‘hack’, another letter …
The letter sent to Smith and other clients in August 2019 was remarkably similar to the one sent to Africrypt clients in April this year, which read:
We regret to inform you that due to the recent breach in our system, client accounts, client wallets and nodes were all compromised. At this point it is unknown to us the extent of personal client information breached during the attack.
Unfortunately, this has forced Africrypt to halt operations. We have begun the process of attempting to retrieve stolen funds and compromised information. Our number one priority is retrieving the funds as speedily as possible, however, this process is very wary and will take a substantial amount of time to complete, if successful. Furthermore, we have begun a full system audit to determine the extent of the breach.
We urge all clients to please be patient as we attempt to resolve the situation at hand. It is understandable that clients may proceed the legal route, but we ask clients to please acknowledge that this will only delay the recovery process.
Clients will be kept updated on progress made in the recovery process and with any information regarding the parties involved in orchestrating the attack on our systems.
“I think what happened was they waited for a hack to happen [in 2019] and then used that as an excuse to tell us that our crypto had disappeared,” says a former ‘client’ who asked not to be named.
International law enforcement agencies are starting to take an in-depth look at Africrypt and what may turn out to be the biggest crypto hack in history.
The Cajees, talking through their lawyer John Oosthuizen, denied any involvement in the “heist”.
“There is no foundation to the accusation and there’s no merit to those accusations,” Oosthuizen is reported as saying, according to the BBC.
The Cajees also apparently dispute the purported size of the hack – $3.6 billion – though just one address (of several) that was hacked had a balance of more than 71 000 bitcoin, worth about $2.4 billion.
Moneyweb understands the Cajees sold a Lamborghini, a Ferrari and two properties days before they bolted.
There are conflicting reports as to their whereabouts, with London and Dubai being the most likely locations. United Arab Emirates and SA have just concluded an extradition treaty to fast-track the extradition of the Gupta brothers to SA to face corruption charges related to state capture.
Says Darren Hanekom, of Hanekom Attorneys, who has investigated the hack on behalf of several clients: “We believe, and we now have more evidence to suggest, that the Cajees were acting on behalf of a much bigger international syndicate.
“It is very unlikely that they managed to rope in more than R50 billion from investors,” says Hanekom.
“This was a money laundering operation.”