Who Actually Holds Your Crypto? The Anonymous Operators Running Billion-Dollar Telegram Trading Bots

On March 11, 2024, a pseudonymous developer who goes by Reethmos posted on X that he was splitting from Unibot. Unibot, at that point, was one of the largest Telegram trading bots on Ethereum. Reethmos had been running its Solana arm. The Ethereum team, he said, had blocked his access to the bot's revenue.

His public line, quoted by DL News: "They farmed $30 million from tax farming but apparently it wasn't enough."

The Ethereum side had a different version. They accused Reethmos of launching an unauthorized Unibot clone on Blast and of refusing KYC. They demanded he stop calling the Solana product Unibot.

Reethmos rebranded. The Solana product became Trojan. Two years later, Trojan is the largest Telegram trading bot on Solana. CoinCodex's December 2025 review put lifetime volume north of $25 billion, users at over 2 million, and Dune Analytics data reported Trojan's weekly volume at 39% of the entire DEX trading-bot sector.

Let me say that again. One of the biggest custodial trading products in crypto is run by someone whose legal name has never been publicly disclosed. The $30 million he's referring to sat in a wallet whose controllers no journalist has ever interviewed on the record.

This isn't a bug of the Telegram-bot category. It's the category.

This piece is the companion to our fee-math review of BananaGun, Photon, and Trojan. That article established that the bots take 5-8% per round-trip. This one establishes who "the bot" actually is, and what you are exposed to when you deposit funds into a wallet whose private keys live on someone else's server.

The Composition Question

When you open a BananaGun or Photon or Trojan chat, you generate a wallet. The bot shows you a Solana or Ethereum address. You deposit SOL or ETH into it. From that moment on, you do not hold the private key. The bot's infrastructure does. You can usually export the key through a menu, and most users never do.

This is not a self-custodial wallet with a neat Telegram UI. This is a custodial hot wallet on servers you can't see, run by a team whose identity you can't fully establish. The architecture is closer to an old-style exchange than to MetaMask, except an old-style exchange is a named company, usually with a publicly identified CEO, under some form of regulatory oversight, with an insolvency procedure specified by local law. A Telegram bot has none of that.

And the capital flowing through this model is not small. BananaGun has over $100M in assets under management (as of late 2024). Trojan moved $25B+ lifetime volume. Photon (over 1.3M users, $40B+ volume per 99Bitcoins' reporting; more recent Dune snapshots are higher still) processed more transactions in 2024 than many mid-tier centralized exchanges.

Whose keys did you just hand your crypto to?

Who Are the Operators, Bot by Bot

Here's what I could and couldn't verify, as of April 2026. For each bot I split the evidence into four layers: what's publicly known, what's pseudonymous but traceable, what's claimed but unverifiable, and what's genuinely unknown.

BananaGun

Publicly known. Launched September 2023 on Ethereum. Expanded to Solana, BSC, Base. Listed on Binance via HODLer Airdrop in July 2024. Token is $BANANA, max supply 10M, market cap $15-30M per CoinMarketCap. Advertises multisig cold wallets for treasury.

Pseudonymous but traceable. Official X (@BananaGunBot) and a Telegram support channel. Post-hack communications came from the account without individual-author attribution.

Claimed but unverifiable. BeInCrypto's profile notes the project is "managed by a team of developers and on-chain traders who remain anonymous." No founder has been photographed, interviewed on camera, or confirmed a legal name publicly that I could find. No registered entity under "Banana Gun" turned up in public Cayman, BVI, or Seychelles registry searches [TODO-VERIFY: a paid registry deep-search was not commissioned].

Genuinely unknown. Who signs the multisig. Where the servers physically live. Tax residency of the founders.

Track record under stress. This is what separates BananaGun from the rest of the list. September 2023: the $BANANA token launched with a smart-contract bug that let users evade a 4% sell tax, collapsing the price from $8.70 to $0.02 within hours. The bug had passed two paid audits and was found by ChatGPT in seconds. The team dumped the project treasury and relaunched. September 2024: a Telegram message-oracle vulnerability let an attacker drain $3M from 11 users. The team refunded 100% of victim losses from the project treasury, no tokens sold. They added a 2-hour transfer delay and committed to 2FA on outbound transfers.

The 2024 refund is meaningful. It doesn't make the anonymity fine. It does tell you that when this team was publicly tested on one honor-decision, they honored it.

Photon (Tiny Astro)

Publicly known. Operates out of a company called Tiny Astro. Launched on Solana late 2023. Tiny Astro's own site describes a six-person full-time team: engineers, product designers, marketers. Began with the Tiny Astro Genesis NFT collection on Ethereum in July 2022.

Pseudonymous but traceable. Co-founders run X handles @mintcollectible and @piemonsterx. Both are public and active, attributable to two specific individuals. Their legal names have never been published.

Claimed but unverifiable. Tiny Astro's public materials state both co-founders previously scaled a Web2 platform to "5 million users and $100M in revenue." I could not identify the prior company from public sources. A Forbes 30 Under 30 attribution appears in Tiny Astro's own self-disclosure and is repeated in secondary crypto coverage, but I could not locate a Forbes-published list entry matching either pseudonym, so I am not relying on it here. A named community investor, @NFT_Valor on X, has vouched for both founders as "next level" builders, without identifying them.

Genuinely unknown. Real names of both co-founders, whether Tiny Astro has a registered legal entity and in what jurisdiction, who holds server-side custody of user wallets, and what recourse exists if the team walks.

Architectural note. Photon is primarily a browser-based web terminal, not a Telegram chat. The custody model is closer to a centralized exchange than a Telegram bot, which makes the absence of named operators, a registered entity, and an insolvency procedure more conspicuous rather than less.

Trojan (formerly Unibot on Solana)

Publicly known. Launched January 4, 2024, as a rebrand of the Unibot-Solana product. Current scale is the largest in the category: ~$25B lifetime volume, 2M+ users, 39% weekly market share per Dune data.

Pseudonymous but traceable. Run by a pseudonymous developer who posts under the handle Reethmos. Per DL News's March 2024 reporting on the Unibot split, Reethmos was previously Unibot's "head of community operations." The rebrand announcement acknowledged the continuity.

Claimed but unverifiable. Reethmos's real name, nationality, tax residency, prior employers, education are not publicly disclosed. No named team section on the product page beyond references to Reethmos. The Trojan on Solana X account posts under the brand, not an individual.

Genuinely unknown. Everything else. No named CFO, security lead, or support lead. The BehindMLM review of Trojan's 5-layer referral structure flagged that the product's incentive structure rewards recruitment over retention, and that the operator is not a named entity against which an MLM or securities-fraud action could be easily filed. Whatever one concludes about that framing, the observation about named-entity absence is accurate.

Track record under stress. One contested exit from Unibot (both sides said the other behaved badly) and no subsequent major hack or insolvency. No honor-test analogous to BananaGun's 2024 refund.

Unibot (Ethereum, original)

Publicly known. Launched May 2023 as a Telegram bot for Uniswap V3 trades. Issued $UNIBOT token. Category's first Telegram bot to gain major retail attention. Suffered a $640k token-approval exploit in October/November 2023; team pledged to reimburse affected users. UNIBOT token price fell ~40% on the news.

Pseudonymous but traceable. Secondary crypto-media coverage (BeInCrypto's Unibot guide and others) reports that the founder goes by Ayden and describes him as having previously worked at Apple, with a co-founder attributed to a Bay Area ML startup. None of these biographical details are attributed to a primary source I could verify. Neither person has been publicly identified by full legal name.

Claimed but unverifiable. The Apple and Bay Area ML backgrounds are repeated across multiple secondary crypto-media articles. I could not find a primary source (LinkedIn with both names, an on-the-record interview, a verifiable bio) confirming either. Both originate from the same project-adjacent narrative circulated at launch [TODO-VERIFY].

Genuinely unknown. Full legal names. Company registration. Post-split governance of the Ethereum-arm treasury. Current custody arrangements.

Maestro

Publicly known. One of the oldest in the category, launched 2022. Claims a patented "Anti-Rug" liquidity-monitor and a patented anti-MEV private-relay. Operates across Ethereum, Solana, Base, BSC, Tron. CoinGecko's 2025 roundup puts Maestro at $12.8B+ lifetime volume, ~573K users (as of mid-2025).

Pseudonymous but traceable. The @MaestroBots X account posts product updates. No individual team member posts publicly in a founder capacity that I could find.

Claimed but unverifiable. The "patent" claim. I found no registered patent in USPTO, EPO, or WIPO public databases under "Maestro" for anti-rug or anti-MEV mechanisms [TODO-VERIFY: a paid patent-attorney search would be needed for a conclusive answer]. Until a patent number is published, the claim reads as marketing language.

Genuinely unknown. Founders. Registered entity. Jurisdiction. Custody architecture. Treasury signers.

BONKbot

Publicly known. Telegram trading bot built by the BONK memecoin team to trade memecoins on Solana. 1% fee; 100% of trading fees buy $BONK, 10% of that is burned. Volume has crossed $5B lifetime.

Pseudonymous but traceable. Lead developer goes by Karol. Co-founder goes by King Dot Sol. Karol has done at least one podcast interview with Unlayered in which his first-name identity is acknowledged.

Claimed but unverifiable. BONK memecoin was launched by a 22-person team of Solana community builders whose identities were not individually disclosed. So you have a pseudonymous product, built by pseudonymous developers, associated with a pseudonymous memecoin community. Each layer is internally consistent. The stack is still fully anonymous.

Genuinely unknown. Full legal names of Karol, King Dot Sol, or any of the original 22. Registered entity. Jurisdiction.

GMGN.ai

Publicly known. Launched around June 2023. Operates a GMGN.ai web terminal plus a Telegram bot. Works on Solana, Ethereum, BSC, Base. Supports Chinese, English, and ~10 other languages. The specific operating legal entity, its jurisdiction, and its registry details are not publicly documented in English-language sources I could confirm.

Pseudonymous but traceable. Co-founder goes by Haze and has given at least one on-the-record interview to PANews describing himself as born 1985, originally from Hunan, China, transitioning from a conventional 9-to-5 career into crypto around 2017 after discovering Bitcoin. He joined a quantitative grid-trading firm in 2018 before eventually founding GMGN; his pre-crypto employment industry is not publicly specified. A second co-founder, Arthur, is referenced in secondary coverage but has no on-the-record profile I could locate. A third named associate, Jerry Ma, is described by RootData as GMGN.ai's founder/CEO with 20+ years of tool-product experience; I could not find an English-language primary interview confirming this detail.

Claimed but unverifiable. The bio details from the PANews interview are from Haze's own telling. Jerry Ma's full name and verifiable prior employment are not publicly documented in English-language sources I could confirm [TODO-VERIFY: Chinese-language sources may have more; a bilingual deep-search was not conducted]. GMGN Labs appears to be registered somewhere but I could not locate a corporate-registry entry via English-language search.

Genuinely unknown. Full identities, verified work histories, corporate-registration details, jurisdiction of user-fund custody.

The Accountability Chain (Or Lack Thereof)

What happens if Bot X is compromised tomorrow, versus what happens at a Swiss bank or at Interactive Brokers or at Coinbase. Not as rhetoric, as a checklist.

Insolvency process. At a Swiss bank, insolvency is governed by the Banking Act and the FINMA insolvency ordinance, with administrators appointed and claims processed in priority order. At an anonymous Telegram bot there is no process, no administrator, no registered entity to go bankrupt. If the operators walk, they have walked.

Deposit insurance. Swiss bank deposits up to CHF 100'000 are covered by Esisuisse. Coinbase has FDIC pass-through insurance on USD at partner banks. Interactive Brokers has SIPC on securities. Telegram bots: zero. Your funds are in a hot wallet (lose on hack) or a treasury (lose on exit). No backstop.

Personal liability of directors. At a named company, directors can be sued for breach of fiduciary duty, negligence, or fraud; D&O insurance is standard. With an anonymous operator there are no disclosed directors to sue. You can file against "John Does 1-10" and spend years tracing flows through Tornado Cash.

Jurisdiction. I could confirm no jurisdiction of operation for any of the seven bots. If you're a German user who loses $50'000, what court has subject-matter jurisdiction? The analysis will cost more hours than the loss justifies.

Law-enforcement reach. The QuadrigaCX case is instructive. CEO Gerald Cotten died (apparently) in 2018 with sole custody of the wallets. Creditors were eventually awarded 13 cents on the dollar, years later. And Quadriga was named, with a public Canadian corporate registration. For a fully anonymous bot, recovery is harder, slower, and more often zero.

Regulation. The EU's MiCA regulation took full effect December 2024. Custodial wallet providers serving EU users technically fall under its obligations. I know of no Telegram trading bot listed as an authorized CASP by any EU national regulator. Under FinCEN, a business holding custodial private keys is a money-services business and must register; I could find no Telegram sniper bot registered with FinCEN under any brand name in this article [TODO-VERIFY: this is a reasonable public-registry check, not comprehensive legal analysis].

The accountability chain is: no registered entity, no identified directors, no insolvency path, no deposit insurance, no clear jurisdiction, limited law-enforcement reach, and operation outside all three major regulatory regimes (MiCA, FinCEN, FINMA) that would normally apply to a business holding custodial funds.

If you deposited $5'000 in one of these bots last Tuesday, that is the stack behind your deposit.

Why This Isn't Like Satoshi

The obvious counter. Satoshi was anonymous, and we're all fine with that.

Two different things. Bitcoin is code that runs autonomously. Satoshi wrote the software and released it; the network enforces the rules. Satoshi holds nobody's Bitcoin. He can't freeze your wallet or change your balance. His anonymity doesn't expose you because he has no ongoing authority over your assets.

A Telegram trading bot is not that. The bot is a live, operator-controlled service that holds your private keys in real time. The operator chooses when to process withdrawals, where funds are custodied, when to shut the bot down. If the operator disappears, the bot goes with them. If the operator is compromised, user funds go with the operator.

This is the centralized-exchange model without the usual trappings (registered company, KYC'd principals, a regulator that can revoke the license). The closest structural analog is not Satoshi. It's Mt. Gox before the collapse: a custodial operator whose internal controls were invisible to users.

Pseudonymity for protocols is load-bearing privacy infrastructure. Pseudonymity for custodians is an absence of accountability that the user bears the cost of.

Why Anonymous? Three Reasons

These are observations, not accusations.

1. Regulatory exposure. A named founder of a custodial crypto trading service is one subpoena, FOIA request, or MiCA enforcement letter away from personal liability. FinCEN registration, principal-KYC, and AML reporting all start with a name on a form. An anonymous operator offers zero surface area for that correspondence.

2. Tax reporting. When a Telegram bot processes $20B in volume and earns ~$200M in fees over 18 months, there is no 1099 sent to any user and no corporate tax return filed anywhere I can verify. No registered entity, no entity-level tax. No identified principals, no individual-level tax on the fee revenue without successful identification and jurisdictional reach from a tax authority. This is not evidence of evasion by any specific bot named here; it is a structural observation about what the corporate absence makes possible.

3. Crypto-cultural normalization. Pseudonymity is a default in crypto product-building. Founders of successful DeFi protocols routinely operate under handles. Users have been trained that this is normal, sometimes a positive signal. In 2026, a Telegram bot operator disclosing zero identity triggers no consumer alarm in a way it would in fintech or traditional wealth management.

Add those together and you get a category where anonymity is the path of least resistance, the rational tax-efficient choice, and the culturally accepted default.

What Happens in an Exit-Scam or Major Hack

The realistic scenario if, say, Trojan's servers went dark at 3am next Tuesday and nobody in leadership was reachable.

Hour 0 to 4. Users notice trades failing. The bot stops responding. Twitter fills up. Moderators say they are "investigating."

Hour 4 to day 1. The community looks for an on-chain trail. A professional exit would use Tornado Cash, Railgun, or a mixer; the trail goes cold. A clumsy exit leaves wallets on-chain, and KYC'd exchanges may or may not freeze incoming deposits (they are under no legal obligation to).

Day 1 to week 2. Class-action lawyers investigate, discover no named defendant, no corporate registration, no clear jurisdiction. Some file against "John Doe" defendants and identifiable parties (exchanges that processed exit flows, identifiable early investors). These settle for cents or go nowhere.

Month 1 to year 2. Chainalysis or TRM Labs works with law enforcement. Some portion (typically 5-15% of stolen funds in high-profile cases) gets frozen at regulated exchanges. Victim recovery takes years and is prorated across all claimants.

Final loss rate. Quadriga CX (named and Canadian) creditors eventually got 13 cents on the dollar. FTX came out closer to whole only because a multi-year bankruptcy process had named-defendant recourse and billions in traceable assets. For a fully anonymous, offshore, hot-wallet-structured Telegram bot exit, I would expect final recovery closer to zero.

Has any Telegram bot exit-scammed so far? Not at the scale we're discussing, not among the major-brand bots in this article. CertiK warned in 2023 that 40%+ of Telegram bot tokens showed signs of potential exit-scam dynamics (mostly smaller-brand launches, not custodial bot operations). The major-brand custodial bots have operated 1-3 years without a scale exit. That's 18 to 36 months of good behavior on an asset base that keeps growing, run by teams whose names we don't know.

The honest version: precedent for this specific scenario is thin because the category is young. When the first scale exit happens, we'll learn what happens. Until then the expected value of "$500M anonymous-bot exit" is, on current evidence, closer to total loss than to anything resembling the FTX outcome.

Verdict / How To Think About This

Same landing as the fee-math article. I'm not here to tell you what to do. I'm here to give you the information most people typing commands into Telegram trading bots do not have.

Option 1: don't use these bots. Trade from your own self-custodial wallet via Jupiter (Solana) or 1inch (Ethereum). Near-zero platform fees. Keep your keys. Lose no edge that isn't explainable by base-rate memecoin math. Combined with the fee drag we documented in the companion piece, the bots are a drag on returns and a risk on custody for the vast majority of users. Default-no is sensible.

Option 2: use them, but only with money you can lose. If the honeypot-check or UX is worth it for your strategy, keep the bot balance at a level where a total loss would be an unpleasant weekend, not a life event. A rough rule: cap your bot balance at what you would deposit into a well-reviewed offshore poker site.

Option 3: favor the most-accountable operator. Of the seven bots audited here, BananaGun is the only one where the team has been publicly stress-tested on an honor decision (the September 2024 refund) and honored it. That is one data point, not a full risk model. But the absence of a comparable test on Trojan, Photon, Unibot, Maestro, BONKbot, and GMGN is itself a data point. BananaGun's combination of (post-hack full refund + multisig treasury + published transfer-delay security) is, in my view, a non-trivial advantage over the category baseline. Still anonymous. Still custodial. Still drag-heavy. But the best of a category where the baseline is "we know literally nothing about the team."

What I would not do is deposit meaningful capital into any of them without understanding every line above.

Honest Disclosure

Affiliate relationship: None. BearBullRadar takes zero affiliate revenue from any Telegram bot operator. Same structural reason as the fee-math piece: we won't recommend anything we'd rather people not buy, and we won't take referral cuts from products whose incentive structure already works against the end user.

Why this article has [TODO-VERIFY] flags. Three of the identity claims in this piece could not be confirmed to primary-source standard:

• Photon founders' Forbes 30 Under 30 year/category. Removed from the body. Self-disclosure repeated across secondary crypto coverage but not matched to a specific Forbes list, so not relied on here.
• Maestro's "patented" anti-rug and anti-MEV mechanisms. No USPTO/EPO/WIPO patent numbers located in public registers under the Maestro name. Marketing language.
• Unibot founder "Ayden" Apple background and his co-founder's ML-startup background. Repeated across multiple secondary sources, no primary-source interview or verifiable bio confirming either.

Any flagged claim that a reader or operator can document with a primary source is welcome for update. Email dominic@bearbullradar.com.

Primary sources used in this piece:

• BananaGun: Cointelegraph on the Sept 2024 $3M hack and refund, The Block on the September 2024 bot outage, Cointelegraph on the September 2023 token-contract bug, Cryptonews on the 99% token-price collapse, CoinMarketCap for $BANANA market data
• Photon / Tiny Astro: Tiny Astro official site, Photon-sol product page, 99Bitcoins review, @NFT_Valor tweet vouching for founders
• Trojan / Reethmos / Unibot split: DL News on the March 2024 Ethereum-Solana split, CoinCodex Trojan 2026 guide, Crowdfund Insider on Trojan $25B milestone, AInvest / Dune data on 39% market share, BehindMLM review, Wayback snapshot
• Unibot Ethereum exploit: Decrypt on the $640k approval exploit, BeInCrypto founder profile for Ayden
• Maestro: Maestro official site, CoinGecko top-bot roundup
• BONKbot: Solana Compass Unlayered interview with Karol, Solana Compass BONKbot project page, Altify on BONK team composition
• GMGN: PANews Haze interview, RootData Jerry Ma profile, ChainCatcher Haze profile
• Regulatory context: ESMA on MiCA, Esisuisse on Swiss deposit insurance, FINMA crypto-regulation overview via CMS
• Historical exit comparators: QuadrigaCX creditor payout coverage, CertiK 2023 warning on Telegram-bot-token exit-scam rates

Research limits worth knowing.

• I did not commission a paid corporate-registry deep-search (Cayman, BVI, Seychelles, Delaware, Panama). A funded journalist at a legacy outlet might turn up a registered entity for one or more of these bots that a public-web search misses.
• I did not conduct Chinese-language primary-source research. GMGN in particular has significantly more Chinese-language coverage than English. A bilingual reviewer might find verifiable details I couldn't.
• I did not file any FOIA or Freedom of Information requests to FinCEN, MiCA national regulators, or FINMA about any of these bot operators. A paid investigative effort might.

What I am confident about is the direction. Across seven major Telegram trading bots moving tens of billions in annual user volume, the count of publicly-named legally-accountable principals is approximately zero. That structural fact is the thing this article is really about.

Related reading:

• Telegram Sniper Bots Reviewed: BananaGun, Photon, Trojan, the fee-math companion to this piece
• Bybit Spot Grid: 1'961 Tests, first in our Bot Reviews series
• Bitget Copy Trading: The Wall of Winners, second in the series
• Why Any Trading Strategy Must Beat HODL, the benchmark every review uses
• Bot Trading Explained, what bots do, what they don't

Coming next in the Bot Reviews series:

• Bybit Futures Grid Neutral: Monte Carlo on the liquidation probability nobody publishes.
• Pionex Infinity Grid: the "set and forget" promise tested across 4 market regimes.
• 3Commas Three Years After the API Leak: did they fix it?

Subscribe to the Bot-Letter to get each review the day it lands.