How KIKI’s betrayal led to a community takeover

The investigation that flipped KIKI from a $3 million rug into a project now fully seized by the same community it betrayed didn’t start with a roadmap or relaunch plan.

It started with James Afante’s wallet getting drained. It was January 11th, around 3PM, when James messaged the team with five words: “Guys, my wallet got hacked.”

Every token he held got dumped. The price crashed. James had been part of the original KIKI team, not just a face but a core. And suddenly, all of it was gone.

Instead of asking for sympathy, James reportedly sold his luxury watches to buy back as much KIKI as he could. It wasn’t about value. It was about trust. But trust was exactly what started to break. The dump was too clean. Too fast.

Hackers don’t usually move that quickly. And in private, people were whispering that maybe James had done it himself. When those whispers got loud, James reached back out to the team and said, “People are accusing me of this being a self-hack. I need help. I need to find out what really happened.”

Community turns tracking tool into forensic weapon

At the time of the attack, the community had already been building a basic allocation tracker, something to monitor token movements among KOLs and contributors. That tool became the KIKI PI bot. It wasn’t meant to investigate theft, but they adapted it instantly.

Because James’ wallet was a team allocation, they already had full visibility. The stolen tokens moved across several wallets, but the team noticed one wallet in the mix that had spoken to James’ wallet before and after the hack.

James looked at the address and froze. “That’s my friend’s wallet,” he said. That connection changed everything. They hired a blockchain investigator to verify it. Every piece aligned. The tokens had gone through that friend’s wallet.

So they set a trap. They invited James’ friend to Malaysia under a fake business deal. When he showed up, they confronted him. They had transaction logs. Wallet paths. Screenshots. A digital paper trail with every move accounted for. The guy denied everything. But nothing he said made sense. His answers didn’t match up. They asked for his phone. He hesitated, then eventually gave it up.

Inside his gallery, they found a picture, stacks of cash, large enough to pay off a house. “Where did this money come from?” they asked. He said it was from construction work. But James remembered the guy being broke just days earlier. And now he had a new car and cash stashed.

Then they checked timestamps. The guy had received a large deposit at 7:02PM. By 7:03PM, it was already gone. He was waiting for it. When they pressed harder, he broke. “It was me,” he said. “I’ve always been jealous of you, James. You never made me part of anything. I wanted what you had.”

He gave up the hiding places. Told them where the money was. They sent someone to the Philippines immediately to recover it. Thanks to the KIKI PI bot, they already knew the most likely locations. Within days, most of the stolen tokens and funds were back in team control.

Community forces out KIKI’s original leadership

After the James incident, attention turned back to Jay Ha, the project’s original founder. He had already vanished. But months earlier, Jay admitted during private chats that he had sold KIKI tokens OTC. Those tokens were supposed to be locked.

But he dumped them to cover “internal expenses,” to “pay friends,” and for “exchange listings.” The problem is, KIKI already had over $2 million in treasury funds. There was no reason to sell anything.

JayC, another early member, confirmed the practice. “Tokens were moved through MEXC to avoid public tracking,” he said. These weren’t dev burns or marketing allocations. They were exits. Real volume on the chart had been faked. That’s why price swings made no sense, because the chart was hiding insider activity.

At the same time, the bot caught other wallet clusters that kept reappearing. They weren’t random. They were connected. More dumping. More private deals. The deeper they went, the more they realized Jay had turned the entire ecosystem into a backdoor exit. The public thought tokens were vested and safe. They weren’t.

The community then started cutting access. Wallets were disconnected. Admin rights were revoked. Jay Ha was removed from comms. Some early supporters started flipping sides. Some handed over passwords. Some shared private logs. Some tried to hide, but the damage was done.

A full report was assembled with the full wallet map. Everyone who dumped. Everyone who lied. Every locked wallet that wasn’t really locked.

Sign up to Bybit and start trading with $30,050 in welcome gifts