The QSI and Whiplash347 Stellar Token Scheme: An Investigative Report

Published March 2026 by @maattssoonn

Background

The Quantum Stellar Initiative (QSI) and WhipLash347 are the names behind a network of Telegram channels that have promoted fraudulent custom tokens on the Stellar blockchain since at least 2021. The scheme has been the subject of investigations by Logically Facts, Vice, CoinTelegraph, HackenProof, and multiple independent blockchain researchers. As of March 2026, the operation remains active and a formal complaint process is underway with U.S. law enforcement agencies.

The primary channels are QSI (reportedly operated by an individual known as PatriotQakes, identified in multiple investigations as Emily Tang) and WhipLash347 (an anonymous account that amassed over 270,000 Telegram followers). A former QSI administrator named Rocky Morningside told Logically Facts investigators: "I am without doubt that WhipLash347, Emily, and QSI are scam artists. They were promoting pump and dumps, and this appeared to be a very large and well organized Ponzi Scheme."

The channels blend QAnon conspiracy theories, NESARA/GESARA narratives (fictional government debt forgiveness programs), and claims of a "Quantum Financial System" with cryptocurrency promotion. According to investigative journalist Danny de Hek, QSI is "not affiliated with Stellar, not based on real cryptographic or economic principles, and not recognised by any financial institution -- it is a fantasy wrapped in technical jargon, led by anonymous promoters who often use voice filters and aliases." The scheme primarily targets retirees, spiritual seekers, and people previously involved in MLM schemes.

How the Scheme Works

Creating a custom token on the Stellar network costs virtually nothing -- just standard network fees amounting to fractions of a cent per operation. The QSI network has exploited this by creating tokens with names resembling real companies or appealing concepts, then promoting them to followers who are told to buy and hold in anticipation of a coming financial "reset."

According to the Logically Facts investigation, the domains associated with these tokens were typically registered only days before the tokens first appeared on the WhipLash347 and QSI channels. Blockchain forensic analysis revealed that the wallets minting the fraudulent assets were directly connected to the wallets earning profits from their sale. The tokens were promoted through weekly "curated lists" distributed to channel subscribers, accompanied by claims of secret military intelligence about which assets would succeed.

When real companies whose names had been used for token branding attempted to correct the record, they were blocked. Logically documented that fintech company Novatti "registered its concern that Tang had not checked with Novatti to check the veracity of the coin, had not taken action to correct the post when she was informed, and had blocked the Novatti executive from the QSI chat when they attempted to correct the record." Cryptocurrency company Pendulum similarly issued a public statement that it had not issued the coins being promoted in its name.

The SunGold Case Study (2022, Blockchain-Verified)

The ICO Pattern (2026, Ongoing)

Independent blockchain researchers monitoring the scheme's wallet activity have documented that the operation continues through a pattern of back-to-back Initial Coin Offerings (ICOs) as recently as January 2026. The pattern, tracked through on-chain transaction analysis by the Whiplash347 QSI EXPOSED community, follows a consistent cycle:

1. A new token is created and an ICO is announced in the QSI Telegram channels.
2. Followers send XLM to participate, creating trustlines.
3. The ICO closes after reaching a target amount.
4. A "dev swap" occurs: the collected XLM is moved through a chain of intermediary wallets.
5. The funds are off-ramped to a centralized exchange (MEXC has been documented) for conversion to fiat currency.
6. The promised tokens are either never distributed or are worthless.

Documented examples from January 2026 include:

• ANTECEDENCE (January 13-14): 42,157 XLM collected across 134 trustlines. On-chain analysis shows 42,370 XLM routed through intermediary wallets to a MEXC exchange account, yielding approximately $9,321 at the then-current XLM price of $0.22.
• BLOODS (January 24-25): 55,001 XLM collected across 163 trustlines.
• SKYR (January 25-26): 60,000 XLM collected across 130 trustlines. This ICO launched just 90 minutes after BLOODS closed.

The blockchain researchers have also documented that multiple QSI "developer" domains (masguardian.org, synergyfound.org, moonbunny.org, stellarbelarus.com) redirect to lumendex.com, and that proceeds from a separate LDEX scam were traced to wallets associated with the same operator before being off-ramped through the same MEXC exchange account.

The SSE Auto-Fee Extraction (February 2026)

A newer variant involves a token called SSE ("Stellar Stock Exchange"), where the issuer wallet automatically receives 25% of every trade as a fee. On-chain transaction memos reading "auto25%" document this extraction in real time:

• 25% of a 90 XLM trade = 22.5 XLM skimmed
• 25% of a 1,111 XLM trade = 277.75 XLM skimmed
• 25% of a 5,000 XLM trade = 1,250 XLM skimmed

The extracted XLM is routed through the Changelly exchange for conversion to fiat -- the same off-ramping pattern documented in the 2022 SunGold case, four years later.

Why Many QSI Tokens Cannot Be Removed

Beyond the financial losses from pump-and-dump cycles and fraudulent ICOs, many tokens distributed through the QSI network are engineered to be permanently irremovable from your wallet. This is one of the most damaging aspects of the scheme.

Clawback-Enabled Tokens

The issuer creates a token with the Stellar clawback flag enabled, then mass-distributes millions or billions of units to thousands of wallets. You might open your wallet and see a balance of a billion tokens you never asked for. The clawback flag means the issuer can revoke your tokens at any time -- the tokens were never really yours. They are bait.

The clawback flag also prevents you from removing the trustline. You are stuck looking at the token indefinitely. The issuer can reclaim and redistribute the same tokens endlessly, and it costs them nothing to maintain. Meanwhile, each of these trustlines locks 0.5 XLM of your reserves.

Auth-Revoked Tokens

In this variant, the issuer creates the trustline, sends you tokens, then revokes your authorization. Now you cannot sell, send, or remove the asset. It sits in your wallet as a permanent hostage, locking 0.5 XLM of your reserves with no way to recover it without the issuer's cooperation -- which will never come.

Documented Losses

The human cost extends beyond financial losses. Vice reported in June 2022 that a 34-year-old construction company owner, identified by the pseudonym "Tom," lost over $100,000 to WhipLash347-promoted tokens. He lost his house and construction business to unpaid debts. He reportedly died by suicide in March 2022, according to Vice.

Infrastructure

LOBSTR's public fraudulent assets repository (GitHub Issue #60) documents 27 interconnected wallet addresses and over 150 fraudulent domains associated with the network. Domain categories include:

• Stellar impersonations: stellar-networks.co, StellarETFs.com, stellar-tesla.energy, newstellar.io, stellarverse.tech
• Financial system fakes: quantum-tokens.org, quantumsystem.finance, qfs-tokens.org, quantum-financial-system.org
• Company impersonations: pendullum.pw, strongholdpayx.co, ripplenode.com (note: "pendullum" with double L)
• Government impersonations: continentalpublicsbank.com, turklsh-lira.org (note: lowercase L instead of i)

Domain obfuscation is systematic: substituting "l" for "i", "rn" for "m", and "f" for "t" to create lookalike domains.

The QSI mobile app published by "Get Konversed Pty Ltd" remains available on the Apple App Store (ID 6447522381) and Google Play Store as of March 2026, categorized under "Education." The app's own screenshots advertise "QSI Resources," "QFS Proofs," and "Official QSI Assets on Stellar" -- actively funneling users into the token scheme. User reviews on both platforms include warnings identifying it as a scam.

Industry and Law Enforcement Response

LOBSTR published an explicit QSI scam warning, most recently updated February 14, 2025, stating: "This group operates by pretending to offer safe investments but is, in reality, stealing funds from innocent people."

The Stellar Development Foundation published general scam protection guidance in July 2022 warning that anyone can issue tokens on Stellar and that scam tokens function like "email spam -- phishing for buyers."

stellar.expert community members have flagged QSI tokens with [SCAM] designations. The QSI token issued via quantum-stellar-initiative.com carries a zero rating.

Law enforcement: As of March 2026, no criminal charges or regulatory actions related to QSI have been made public. However, the Whiplash347 QSI EXPOSED community has organized a formal complaint process, compiling victim reports via a standardized intake form for submission to the USS, State Attorneys' offices, the FBI (IC3.gov), Secret Service cyber division, FTC, and SEC. Victims are encouraged to file reports through multiple agencies simultaneously.

In a related case, Hanoi police in December 2024 dismantled a "QFS coin" scam worth $1.17 million that used the same Quantum Financial System narrative, arresting the general director and seven key suspects.

How to Identify QSI Tokens in Your Wallet

Known token codes associated with the QSI network include:

• QSI -- issued via quantum-stellar-initiative.com (flagged [SCAM] on stellar.expert)
• SunGold -- issued via indus.gold
• QAKE, QDF, 347 -- issued via qsi.xmint.io
• SSE -- "Stellar Stock Exchange" with automatic 25% fee extraction
• ANTECEDENCE, BLOODS, SKYR -- January 2026 ICO tokens

Any token whose issuer domain appears on LOBSTR's fraudulent assets list, redirects to lumendex.com, or is flagged on stellar.expert should be treated as fraudulent.

How to Safely Remove QSI Tokens

Do not interact with any URL associated with QSI tokens. Do not visit quantum-stellar-initiative.com or any of the 150+ documented domains. Do not enter your secret key on any QSI-related website.

For tokens that are not issuer-locked (no clawback flag, no auth-revoked status), the safe removal process is:

1. Attempt a DEX sale -- Try selling the token on the Stellar DEX for XLM. Most QSI tokens have no remaining liquidity.
2. Return to issuer -- Send the remaining balance back to the token's issuer address to zero out the trustline.
3. Remove the trustline -- With a zero balance, close the trustline and instantly reclaim the 0.5 XLM reserve.

For tokens with clawback enabled or auth-revoked status, there is currently no removal method available. These trustlines remain until the issuer changes their settings or the Stellar protocol introduces a mechanism for forced trustline removal.

I built Stellar Asset Pruner for the sole purpose of helping scammed individuals like myself -- yes, QSI bit me too -- automate the removal of all tokens that can be removed. Your secret key never leaves your browser, never touches a server, and is wiped from memory after each signing operation. Tokens that are issuer-locked will be clearly identified during the selection process so you know which ones cannot be cleaned.

Sources

1. Logically Facts -- "QAnon-linked crypto trading scheme lost investors millions" (June 20, 2022)
2. Vice -- "Inside the QAnon Crypto Scam That Cost People Millions and One Man His Life" (June 28, 2022)
3. CoinTelegraph -- "Crypto influencers allegedly weaponize conspiracies to fleece QAnon followers" (June 22, 2022)
4. HackenProof -- "Users Lost More Than $2 Million in QAnon Crypto Trading Scam" (2022)
5. Danny de Hek -- "Quantum Stellar Initiative (QSI) Exposed" (August 2025, updated November 2025)
6. LOBSTR -- "Read This Before You Send Tokens to QSI" (updated February 14, 2025)
7. LOBSTR Fraudulent Assets Repository -- GitHub Issue #60 (June 2022)
8. stellar.expert -- QSI token page (flagged [SCAM])
9. Stellar Development Foundation -- "How to Protect Yourself from Scammers" (July 2022)
10. Left Coast Right Watch -- "I Spent a Weekend with QAnon Crypto Scammers" (March 18, 2025)
11. New Lines Magazine -- "Republican Politics and Crypto Scams" (July 9, 2025)
12. Whiplash347 QSI EXPOSED -- Public Telegram channel, ongoing blockchain forensic documentation