In a startling case of cybercrime that has captured international attention, a Nigerian internet fraudster, commonly known as a "Yahoo Boy," allegedly defrauded a U.S.-based donor of $250,300 in cryptocurrency intended for Donald Trump’s 2025 inaugural committee. The scam, which unfolded in December 2024 and was reported in July 2025, involved sophisticated impersonation tactics and rapid laundering of funds through multiple cryptocurrency wallets. This incident not only exposes vulnerabilities in cryptocurrency transactions but also raises significant concerns about the security of political donations during high-profile events.
The case has sparked widespread discussion, with some initial reports inaccurately suggesting that Donald Trump himself was the victim. Fact-checking has clarified that the target was a donor, not Trump, highlighting the importance of accurate reporting. As the FBI pursues the suspect and seeks to recover the stolen funds, this case serves as a cautionary tale about the risks of Business Email Compromise (BEC) schemes and the need for heightened vigilance in digital transactions.
The scam began with a carefully crafted Business Email Compromise (BEC) scheme, a type of cybercrime where fraudsters impersonate trusted entities to trick victims into transferring funds. In this case, the scammer created an email address using the domain @t47lnaugural.com, which closely mimicked the legitimate Trump-Vance Inaugural Committee domain, @t47inaugural.com. The difference—replacing the letter "I" with a lowercase "L"—was subtle enough to go unnoticed by the victim.
On December 26, 2024, the U.S.-based donor received an email that appeared to come from Steve Witkoff, co-chair of the Trump-Vance Inaugural Committee. The email requested a donation for the 2025 inauguration and directed the donor to transfer funds to a specific cryptocurrency wallet. Believing the request to be legitimate, the donor sent 250,300 USDT.ETH, a stablecoin pegged to the U.S. dollar, to the Ethereum address 0xC7bdBA7ffB126F68E8454CF5e7445d3695A58c52.
Within 24 hours, the scammer transferred 215,000 USDT.ETH to multiple other cryptocurrency addresses to obscure the funds’ trail. Additional transfers of 10,012 USDT.ETH each were made on December 27 and 30, 2024, to another address: 0x2447dd599220154145a51cc750f579b015fbe386. This rapid movement of funds is a common tactic in cryptocurrency scams, making recovery efforts challenging.
FBI Investigation and Legal Action
Upon receiving a report of the scam, the FBI launched an investigation to trace the stolen cryptocurrency. By analyzing blockchain transactions, investigators discovered that part of the funds had been deposited into a Binance account linked to Ehiremen Aigbokhan, a resident of Lagos, Nigeria. IP geolocation data further confirmed that the fraudulent email accounts were accessed from Nigeria, strengthening the case against the suspect.
On December 31, 2024, the FBI coordinated with Tether (the issuer of USDT) and Binance to freeze the involved cryptocurrency addresses, preventing further movement of the funds. Approximately 40,353 USDT.ETH was recovered and seized by the U.S. government as part of a civil forfeiture action.
On July 2, 2025, a civil complaint was filed in the U.S. District Court for the District of Columbia, seeking the forfeiture of the seized cryptocurrency. The complaint charged the perpetrators with wire fraud and money laundering, citing violations of 18 U.S.C. §§ 981(a)(1)(C), 981(a)(1)(A), 1343, 1956(a)(1)(B)(i), and 1957. The fraudulent domain, t47Lnaugural.com, was created on December 15, 2024, and was associated with a Gmail account (pmmohdnajibrazak@gmail.com). Additional email accounts, including financersvp@t47Lnaugural.com and steve_witkoff@t47Lnaugural.com, were also created on the same day to facilitate the scam.
The FBI is reportedly pursuing an arrest warrant for Ehiremen Aigbokhan, though recovering the full amount of stolen funds remains challenging due to the decentralized and pseudonymous nature of cryptocurrency transactions.
Was Donald Trump Scammed?
No, Donald Trump was not personally scammed. But a U.S.-based donor intending to contribute $250,300 in cryptocurrency to Trump’s 2025 inaugural committee was defrauded by a Nigerian "Yahoo Boy" in December 2024. The scammer impersonated a committee official using a spoofed email address. Some early reports inaccurately suggested Trump was the victim, but fact-checking, such as by the Guardian Nigeria, clarified that the donor, not Trump, was targeted. The FBI has recovered about $40,353 and identified a suspect, Ehiremen Aigbokhan, but the case highlights the challenges of tracing cryptocurrency fraud.
Implications of such Scam on a Global stage
High profile political events, such as presidential inaugurations, are prime targets for scammers seeking to exploit the trust of donors. This incident underscores the need for robust security measures to protect political contributions.
The speed and relative anonymity of cryptocurrency transfers make them attractive to fraudsters. Once funds are moved across multiple wallets, tracing and recovering them becomes a complex task, as demonstrated in this case where only a fraction of the stolen funds was recovered.
The involvement of a Nigeria-based suspect illustrates the global nature of cybercrime. International cooperation between law enforcement agencies is essential to address such schemes effectively.
Media misinformation can also exacerbate the situation, as seen in the initial reports suggesting that Donald Trump was personally scammed. Clear and accurate communication is vital in the aftermath of such incidents to prevent further confusion and to maintain public trust. Fact-checking by outlets like the Guardian Nigeria clarified that the victim was a donor, emphasizing the importance of verifying information before publication.s
How to Prevent Similar Scams
To protect against BEC scams and similar frauds, the FBI and cybersecurity experts recommend the following precautions:
- Verify Email Addresses: Carefully inspect email addresses for subtle misspellings or domain variations. In this case, the difference between @t47inaugural.com and @t47lnaugural.com was a single letter.
- Confirm Requests Directly: Always verify donation or payment requests through official, secure channels, such as the organization’s verified website or phone number.
- Beware of Urgency: Be cautious of requests that create a sense of urgency or pressure to act quickly. Scammers often use these tactics to bypass careful scrutiny.
- Use Secure Platforms: Make donations through official websites or verified payment methods rather than responding to unsolicited emails or messages.
The theft of $250,300 in cryptocurrency from a donor to Donald Trump’s 2025 inaugural committee by a Nigerian Yahoo Boy is a stark reminder of the evolving tactics used by cybercriminals. While the FBI has made significant progress in recovering a portion of the stolen funds and identifying a suspect, Ehiremen Aigbokhan, the case highlights the challenges of combating cryptocurrency fraud. As legal proceedings continue, with the U.S. seeking forfeiture of the seized assets and potentially pursuing the suspect’s arrest, this incident serves as a call to action for individuals and organizations to exercise greater caution in digital transactions, particularly those involving political donations.
This case may set a precedent for future investigations into transnational cybercrime, emphasizing the need for international cooperation and robust cybersecurity measures. For now, it stands as a cautionary tale for donors and organizations alike to verify requests and protect against the growing threat of BEC scams.