Crypto Founder Abducted in Uganda, Forced to Send $500,000 at Gunpoint

A crypto founder was abducted in Uganda, held at gunpoint, and forced to send crypto worth $500,000 to his attackers, in the latest of a spate of crypto kidnap attempts.

Festo Ivaibi, founder of crypto education hub Mitroplus Labs, was abducted on May 17 near his residence on Bunamwaya Road in Kampala, Uganda.

The attackers were reportedly armed, dressed in military uniforms, and claimed to be “security operatives” of the Uganda People’s Defence Forces, or UPDF, according to a formal statement from Mitroplus’s Afro Token Project account on X.

The armed group allegedly forced Ivaibi to unlock crypto wallets and transfer $500,000 in crypto to their controlled wallet. A portion of Afro Token, a meme coin, was also sold under coercion, Mitroplus Labs claimed.

CRYPTO ABDUCTION IN UGANDA.

On Saturday, May 17th 2025, our founder @IvaibiFesto was abducted by individuals posing as security agents(@MODVA_UPDF) and forced under duress, to release his crypto assets. We thank God he is now safe, and all systems have been secured.

This is… pic.twitter.com/ipZkrwTv95

— Afro Token (@AfroTokenSUN) May 19, 2025

“This is not just an attack on one person, it’s an attack on a growing vision,” the project said.

Afro Token was created on SunPump, a meme coin platform on the Tron blockchain. The cryptocurrency used for the other coerced transfers is unclear, though some amounts were reportedly sent to a Binance wallet.

Data from DEX Screener shows the token’s value has dropped by roughly 16.7% since the day of the attack, with a remaining market cap of around $1.6 million, down from over $7.3 million in December last year.

Decrypt has reached out to Mitroplus Labs and the UPDF for comment and will update this article should they respond.

‘Wrench attacks’ on the rise

Mitroplus Labs alleges that the attack is part of a coordinated pattern involving informants posing as crypto traders, rogue law enforcement officers, and two Chinese nationals.

The firm claimed that at least 48 similar attacks have been identified, with many cases being dismissed “at the influence of their ring.”

Wrench attacks, thefts in which crypto holders are physically threatened, have proliferated in recent months.

Earlier this year, David Balland, co-founder of hardware wallet manufacturer Ledger, was kidnapped and mutilated as part of a ransom demand. In February, a crypto broker broke his ankles attempting to flee captors.

Just this month, the father of a crypto entrepreneur was freed in a police raid after kidnappers demanded almost $8 million for ransom in crypto.

The challenge with wrench attacks lies in how they are executed physically “to reveal private keys or authorize transactions under duress,” Michael Pearl, vice president of strategy at blockchain security firm CyVers, told Decrypt.

Pearl suggests security methods such as multi-factor authentication could help make “forced transfers harder to execute without alerting others.” Monitoring “unusual transaction patterns or access from new devices” could also help by “triggering alerts or temporary freezes to protect assets,” he added.



Still, wrench attacks continue amid “widening income disparity and the skyrocketing value of crypto,” Harry Halpin, CEO of decentralized VPN service Nym, told Decrypt in an emailed statement.

And yet, governments are “demanding more transparency and identity data,” which could easily get leaked to criminals trying to target crypto holders, Halpin noted.

Using VPNs (virtual private networks) is one of a number of techniques that crypto users could practice to maintain security, Halpin suggested.

Edited by Stacy Elliott.

Source