Crypto brothers: Meet the SA-born forensic sleuth on the Africrypt case

After the crypto brothers and co-founders of South African Bitcoin investment firm Africrypt — Ameer and Raees Cajee — disappeared, a South African-born forensic sleuth (now based in the US) partnered up with law enforcement agencies around the world to unpack what happened with the Africrypt billions.

What happened to the Africrypt billions?

The South African previously reported that Ameer told investors that Africrypt was hacked and billions of dollars worth of Bitcoin was stolen in April 2021.

The Cajees asked their clients not to report the hack to the authorities, as this would supposedly slow down the recovery of the stolen funds. Nevertheless, a few sceptical investors took action and hired Cape Town-based law firm Hanekom Attorneys to handle the matter.

It wasn’t long after when the Cajee brothers were nowhere to be found. At the time, Hanekom Attorneys could not trace them and reported the matter to the Hawks and warned cryptocurrency exchanges across the world to be on the lookout for the missing Bitcoin.

“We were immediately suspicious as the announcement implored investors not to take legal action,” said Hanekom Attorneys to Bloomberg.

Africrypt employees reportedly lost access to the platform’s back-end a week before the alleged hack. Hanekom Attorney’s found that the funds were taken from their South African accounts and client wallets and sent through “tumblers and mixers”, which makes them virtually impossible to trace.

Whether the theft of R43 billion was the result of a hack – as claimed by Raees and Ameer Cajee – or whether it was an inside job, remains to be seen.

Who is Hamilton Cheong?

Now, MoneyWeb reports that the 29-year-old Hamilton Cheong from Magaliesburg has the best chance to figure out what happened to the Africrypt billions.

https://twitter.com/HamiltonCheong/status/1134691457107922944

Cheong’s company, Crypto Investigation Bureau (CIB), helps governments and organisations secure their digital assets against modern-day threats coming from ransomware and organised crime.

It has developed a blockchain track-and-trace programme called God’s View to hunt down missing digital assets, and it was this programme that was used to piece together the movement of funds into and out of Africrypt wallets.

The final liquidation of Africrypt

Cheong says the evidence does not support the story of a hack originating out of Ukraine, as claimed by Raees in an affidavit before the Gauteng High Court seeking to stop the final liquidation of Africrypt.

Under Cajee’s version of events, on 13 April hackers from Ukraine smashed through several layers of security to make off with more than R50 billion in crypto assets.

“We don’t think this is possible,” says Cheong, a certified crypto and blockchain investigator. “If this is true, the hackers would have broken through several security layers in a matter of minutes to get to the crypto, and that is extremely unlikely. We don’t think this was a hack. One reason we say this is that four months before the alleged hack, funds were being depleted out of wallets under the control of Africrypt.”

Thus far, there have been discrepancies in just exactly how much has gone missing.

Cheong says R43 billion is closer to the truth and hints that the actual figure could be higher once all the wallets used by Africrypt are totalled together.

By painstakingly piecing together the web of transactions into and out of wallets used by Africrypt, Cheong hints that some of these wallets are used by operators known for ransomware attacks on business and by ‘dark web’ operatives.

“I don’t buy the hack story, and I think the Cajees were in over their heads and perhaps got mixed up with some really bad people,” says Cheong.

A better picture of what occurred awaits the release of a full forensic report by Cheong’s team.

Innocent until proven guilty

Cheong says that SA is earning a reputation internationally as a haven for dodgy crypto ventures, but we “must assume the Cajee brothers are innocent until proven guilty”.

“My question to them is why have they not commissioned an incident report by professionals to clear [their] names, instead of running? If they are willing to provide CIB with their full app and source code, we would love to help,” he adds.