When the CEO Gets Phished: What the MoonPay Scam Reveals About Executive Vulnerability

A Costly Mistake in the Heart of Crypto

You’d expect the leaders of a major crypto firm to be untouchable when it comes to digital fraud. But in a recent DOJ filing, it was revealed that two top MoonPay executives — reportedly including CEO Ivan Soto-Wright and CFO Mouna Ammari Siala — fell victim to an email scam that cost them over $250,000 in USDT (a stablecoin pegged to the U.S. dollar).

The twist? This wasn’t a complex blockchain exploit. It wasn’t a technical flaw. It was a classic phishing attack, executed with slight domain manipulation and a convincing impersonation of a well-known real estate figure.

This breach of trust — not code — should send a strong message to CISOs across every industry.

The Attack: Typosquatting and Social Engineering at the Executive Level

The scammer's method was deceptively simple:

• Use typosquatted email addresses, replacing lowercase "i" with uppercase "I" to spoof domains
  
  
• Impersonate Steve Witkoff, a high-profile developer and public figure
  
  
• Send targeted emails with legitimate-sounding requests tied to real-world events
  
  
• Convince the executives to transfer stablecoins to a scam wallet — no malware, no exploit, no breach
  
  

This approach is known as typosquatting, and while it’s common in phishing, what makes this case notable is its success against savvy, technically equipped individuals at the top of a major crypto firm.

Even more striking, investigators traced the scam to a known wallet on Binance, connected to a Nigerian resident — showing that the attackers didn’t need insider access or blockchain expertise to succeed. They just needed the right hook and attention to detail.

Industries at Risk: If Crypto Execs Are Vulnerable, Who Isn’t?

This wasn’t a breach of blockchain. It was a breach of human judgment — and it’s a risk that transcends the cryptocurrency sector.

CISOs in the following sectors should especially take note:

• Financial Services & Fintech: Executive-level phishing remains one of the top threats to wire transfers, trading platforms, and client funds.
  
  
• Venture Capital & Investment Firms: Where large, fast-moving sums and public figures intersect, so does social engineering risk.
  
  
• Healthcare & Biotech: High-trust environments, VIP patient targets, and executive access create ripe conditions for phishing attacks.
  
  
• Media & Entertainment: Talent agencies and entertainment execs face impersonation threats as attackers chase fame and money.
  
  

The message is clear: no level of technical sophistication protects against human deception, especially when it’s engineered for executive targets.

Recommendations for CISOs: Executive Protection Is Not Just a Compliance Box

To reduce risk at the executive level, CISOs must rethink phishing defense as more than employee training. Here’s where to start:

1. Executive Inbox Hardening

Implement domain impersonation monitoring, typo-domain flagging, and inbound verification tools specifically tuned for high-risk individuals.

2. Tailored Simulation Training

Generic phishing awareness isn’t enough. Run simulations mimicking real-world executive targeting – including impersonation of known partners, investors, or public figures.

3. Clear Transaction Protocols

Institute multi-step verification for all executive-initiated transfers, especially for crypto or international payments. Require second-party validation for new recipients.

4. Incident Transparency Plans

Have pre-scripted communication plans ready for executive-level phishing incidents, internal and external, to maintain trust and contain fallout.

5. Audit “Shadow IT” Use

Ensure that executives aren’t using personal wallets or unofficial channels for company-adjacent transactions. Personal activity can become an organizational risk surface.

How Jericho Security Helps CISOs Prepare for the Next Executive-Level Scam

At Jericho Security, we understand that modern attackers aren't just writing better code – they’re writing better emails. And increasingly, those emails are landing in executive inboxes.

We help CISOs:

• Simulate high-fidelity phishing attacks that mirror real executive threats
  
  
• Monitor for AI-generated impersonation attempts and spoofed domains
  
  
• Build a culture of security that protects even the most experienced leaders
  
  

If crypto executives can be deceived, anyone can. The time to harden your leadership layer is now.

👉 Book a private demo with Jericho Security and let us show you how to reduce human risk at the highest levels of your organization.