Crypto Entrepreneur Mark Koh Loses Over $14,000 in Sophisticated Crypto Fraud Scheme
Crypto's Wild West Claims Another Victim
Mark Koh, a known figure in the digital asset space, just got a brutal, multi-thousand-dollar lesson in blockchain's dark side. The entrepreneur was blindsided by a scam, watching over fourteen grand vanish into the ether—a stark reminder that in crypto, the wolves often wear sheep's code.
The Anatomy of a Modern Heist
Forget bank vaults and ski masks. Today's financial crimes happen with a few clicks. Koh's case highlights a growing trend: schemes so slick they bypass even seasoned participants. The fraud didn't just steal funds; it exploited trust in the very systems built to decentralize it.
Why the 'Smart Money' Isn't Immune
If a crypto entrepreneur can get duped, what hope is there for the average investor? The incident exposes a critical vulnerability—not in the technology, but in the human layer. Protocols can be flawless, but the interfaces and offers built on top? That's where the old-school cons have simply found a new playground. It's the ultimate irony: a sector built to cut out middlemen keeps creating new, unregulated ones to lose your money to.
Regulation's Siren Call Gets Louder
Every high-profile loss like this adds fuel to the regulatory fire. Agencies worldwide are sharpening their knives, using these stories to justify tighter controls. The community's mantra of 'self-custody, self-responsibility' rings hollow when the playing field is rigged from the start.
The Cost of Innovation
This isn't just a fourteen-thousand-dollar loss for Koh. It's a credibility withdrawal from the entire ecosystem. Each scam chips away at the fragile mainstream trust that crypto desperately needs to build. The industry sells freedom but keeps delivering expensive cautionary tales—a business model that would make a traditional banker blush with its sheer, audacious fee structure.
The path forward is littered with these costly lessons. For crypto to mature, it needs to solve for human greed as effectively as it solves for double-spending. Until then, caveat emptor isn't just a warning—it's the only real terms of service.
Koh regrets keeping his virtual assets on-chain
The early Polygon investor said he believed in crypto and helped build the DeFi ecosystem on Polygon and BSC. Koh revealed that his belief in keeping virtual assets on-chain instead of on centralized exchanges cost him everything.
The angel investor said he found a beta testing campaign for a gaming project called MetaJoy in a Telegram group. He confirmed that the campaign had a professional website, active Discord, and GitBook documentation.
A local newspaper revealed that Koh met a team member named Shanni, who claimed to be the co-founder of the Meta team. He saw that Shanni had listed some of his professional credentials, including from Persistence One and Bitunix Official. The entrepreneur added that he was also convinced since the team replied to his questions thoughtfully and didn’t rush him.
Koh argued that his numerous evaluations of Web3 projects gave him an edge in spotting scams. However, he acknowledged that the fatal mistake he made was downloading the MetaJoy game launcher, which is intended for testing beta versions. He noted that the malware in the game embedded itself in his system the moment he ran the installer.
The crypto entrepreneur said he was shocked by the sophistication of the attack, as he had never connected his wallet to anything. Koh added that his Norton antivirus, which he’s on 360 deluxe, immediately flagged suspicious activity.
He said he thought he was SAFE after deleting every suspicious file he could find in his registry entries. He added that he was even more confident about his safety after enabling TPM 2.0, memory isolation, and reinstalling Windows 11.
Koh found that all wallets connected to his Rabby and Phantom browser extensions had been completely drained just 24 hours after the incident. He also acknowledged that not just his main wallet, but all of them.
“The malware had already exfiltrated my encrypted wallet data before I even knew anything was wrong. All my cleanup efforts were already too late. The attacker waited patiently, decoded what they needed, and executed the theft when I thought the danger had passed.”
–Mark Koh, Co-Founder of RektSurvivor.
Koh filed a police report at 21:52 hours on December 12 under Report number F/20251212/7113. He said he has been waiting for someone from the Singapore Police Force to contact him for the last three days.
Attacker offramps stolen funds through CEXs
Koh said his involvement in the project stemmed from his belief in TPRO Network, SBP Game, and NeverLetGo. He added that he planned to support those projects by holding their crypto assets.
The angel investor believes the incident was credential theft at the operating system level. He also said his belief in self-custody over centralized exchanges, which he had advocated for years, backfired immediately.
The co-founder of RektSurvivor said his firm helps people who’ve lost funds in crypto, but he’s now one of the victims. The entrepreneur believes that the attacker may have sent the funds to other exchanges, including Cryptomus, Binance, and WhiteBIT. Koh followed on-chain data identified the attacker’s wallet (0xc17490) and included the DeBank LINK for the transactions.
If you're reading this, you’re already ahead. Stay there with our newsletter.
