← back to the index
YL-012 Crypto yield scheme · Singapore / Malaysia / Australia 2020

Cloud Token — The AI Wallet That Paid Returns Until the Founders Vanished

yield-savingsat-largedefi-era
Program
Cloud Token
Total Losses
$500M–$4B (disputed)
Investors
Hundreds of thousands
Status
At-Large

Summary

Cloud Token Wallet, a mobile cryptocurrency application launched in 2019 and linked to entities in Singapore, Malaysia, and Australia, raised funds from hundreds of thousands of investors across Asia, the Asia-Pacific diaspora, and globally by claiming that an embedded "artificial intelligence" trading robot — marketed as "Jarvis" — would generate monthly returns of 6 to 12 percent by executing automated cryptocurrency arbitrage across exchanges. No such algorithmic trading infrastructure existed; the platform was a Ponzi scheme that paid existing participants from new investor deposits until deposit inflows became insufficient to sustain payouts. The application ceased functioning in late 2019 to mid-2020. Losses are disputed in the record: estimates from community sources and partial investigations range from $500 million to $4 billion, though no single regulatory enforcement action has produced a judicially validated loss figure.

The scheme was primarily associated with Ronald Aai (also known as Ronald Aai Weng Joon), a Malaysian national who built and promoted Cloud Token's technical and commercial operations from Singapore, initially with co-operator Daniel Csokas. Aai was removed from WBF Exchange's Singapore offices where he had been operating and relocated to Malaysia as regulatory scrutiny in Singapore mounted in mid-2019. The scheme's corporate structure included Cloud Technology & Investments Pty Ltd, registered in Australia, which gave it an appearance of Western legitimacy to Asia-Pacific investors even as the scheme was operated primarily from Southeast Asia.

Chinese law enforcement arrested 72 individuals connected to Cloud Token operations in actions conducted in 2020, making the Chinese enforcement the most significant documented legal action against the scheme's participants. Ronald Aai's status as of mid-2026 is not publicly confirmed as resulting in criminal conviction; the scheme is categorised here as At-Large because no central operator has been publicly convicted in a Western or Singapore jurisdiction. James Riemers, an Australian national described in some records as a scheme promoter and linked to the Australian entity, has not been publicly named in any court filing confirming charges or conviction.

Timeline

2018–early 2019
Cloud Token development and pre-launch
Ronald Aai and associates develop the Cloud Token Wallet application, incorporating Cloud Technology & Investments Pty Ltd in Australia. The scheme is modelled closely on PlusToken, using a similar AI-trading-robot framing and MLM referral structure. Early recruitment begins through cryptocurrency community networks in Singapore and Malaysia.
2019
Public launch and rapid Asia-Pacific expansion
Cloud Token launches publicly, promising 6–12% monthly returns from the "Jarvis" AI robot. The platform is promoted heavily through social media, in-person seminars across Southeast Asia, and diaspora networks reaching Taiwan, mainland China, Vietnam, South Korea, and broader Asia-Pacific communities.
Mid-2019
Singapore regulatory pressure; Aai relocates
Ronald Aai is required to vacate WBF Exchange's Singapore offices amid regulatory attention to the scheme. He relocates the operational centre to Malaysia. The platform continues recruiting globally despite early fraud warnings published by cryptocurrency research communities and some regulators.
Mid-to-late 2019
Withdrawal freezes begin
Cloud Token affiliates report increasing delays and failures in CTO token redemptions and cryptocurrency withdrawals. The scheme's CTO point system — which served as an intermediate layer between investment and cryptocurrency payouts — begins to malfunction, with operators confiscating affiliate CTO point balances in some documented cases.
Late 2019–early 2020
Platform effectively ceases operations
Cloud Token stops processing investor withdrawals. The scheme's official communications attribute the collapse to "hackers," COVID-19 disruption, and regulatory pressure — a sequenced narrative that mirrors the excuse structures used by other collapsing Ponzi schemes. The application ceases functioning for investor withdrawals.
2020
Chinese law enforcement arrests 72 individuals
Chinese authorities, building on investigative work that had traced Cloud Token's operational connections to mainland Chinese participants — including links to the earlier PlusToken network — arrest 72 individuals connected to the scheme across multiple enforcement actions. These represent the most significant documented law enforcement response to Cloud Token globally.
June 2020
Taiwanese investors call for investigation
Investors in Taiwan, reporting losses of approximately NT$900 million ($30 million) affecting more than 1,000 Taiwanese participants, call publicly for Chinese-Malaysian operator Ronald Aai to face investigation. Aai is identified in Taiwanese media reports as having been based in Malaysia following his departure from Singapore.
2020–2026
No central Western-jurisdiction conviction
Despite ongoing documentation of losses across multiple jurisdictions, no central operator of Cloud Token is publicly confirmed as having been convicted by a court in Singapore, Australia, the United States, or the United Kingdom. Ronald Aai's current status and location are not publicly confirmed. The Australian corporate entity Cloud Technology & Investments Pty Ltd has not been the subject of a publicly documented ASIC enforcement action resulting in criminal conviction.

The Product: An AI Robot That Did Not Exist

Cloud Token's investor proposition was built on the "Jarvis" robot — an AI trading system that, operators claimed, continuously scanned dozens of cryptocurrency exchanges for price differentials and executed automated arbitrage trades to generate profits, which were then distributed to investors as CTO token returns. The marketing materials presented Jarvis as a genuinely sophisticated technological product, with claimed monthly returns of 6 to 12 percent described as the computational output of its arbitrage activity.

The technical architecture of Cloud Token was designed to create the appearance of functionality without the substance. Unlike a genuine crypto wallet — which holds a user's private keys and allows cryptographically verified ownership of assets — Cloud Token's application stored user funds on the operator's private servers. There was no blockchain-based custody: no on-chain address controlled by the investor, no verifiable transaction record linking deposits to an investor's control. The app's interface displayed balances and purported returns, but these figures were data entries in a private database, not reflections of on-chain asset holdings.

Investors transferred cryptocurrency into Cloud Token-controlled addresses, after which those assets were entirely under operator control. The CTO token layer added an additional complexity: investor returns were initially paid in CTO points rather than directly in cryptocurrency, and conversion of CTO tokens to cryptocurrency required further processing by the platform. This structure gave operators additional levers to delay or deny withdrawals — and documented instances of operators confiscating affiliate CTO point balances appeared in the record before the scheme's final collapse.

The design closely followed PlusToken, China's larger preceding Ponzi, in both technical architecture and marketing language. Multiple investigators and cryptocurrency researchers noted specific structural similarities; at least some participants in the Cloud Token network had previously been involved in PlusToken, and the Chinese enforcement actions against Cloud Token's participants drew on the same investigative capacity that had been developed during the PlusToken prosecution.

The Operators and the Jurisdictional Maze

Ronald Aai's profile illustrates the distributed and deliberately obscured operator structure that characterised Cloud Token. He was a Malaysian national operating from Singapore with a corporate entity registered in Australia — three jurisdictions, none of which had complete visibility into the operation. When Singapore's regulatory environment became difficult, the operational centre relocated to Malaysia. The Australian entity provided legitimacy in investor marketing materials without creating meaningful Australian regulatory oversight.

The Chinese arrests of 72 individuals in 2020, while the most substantive enforcement action documented, addressed participants in the Chinese-language segment of the scheme's operation. These individuals were downstream in the network from the primary operators rather than the architects of the scheme. The prosecutorial focus of Chinese enforcement on domestic network participants, rather than on the Singapore- and Malaysia-based operation leadership, reflects the practical limits of cross-border enforcement in fraud cases where different jurisdictions have visibility into different segments of a global network.

James Riemers, described in some accounts as an Australian national who promoted Cloud Token through the Australian-registered entity, appears in the scheme's documented record primarily as a promoter rather than a founding operator. His connection to the scheme and any legal proceedings related to it have not been confirmed through publicly available court filings as of mid-2026. The absence of public prosecution does not resolve questions about his role, but the evidentiary standard for this file requires confirmed court records, which do not exist at the time of writing.

The combination of distributed operator identities, offshore corporate registration, and the dispersal of network participants across Asia, the Pacific, and the West made Cloud Token one of the hardest cryptocurrency fraud cases to prosecute as a unified matter. Enforcement proceeded in fragments — Chinese authorities acting on domestic participants, Taiwanese investor groups filing complaints, Australian consumer protection bodies issuing general warnings — without a single jurisdiction mounting a comprehensive prosecution of the scheme's founding architecture.

The Five Factors

01
PlusToken blueprint as operational inheritance
Cloud Token was not independently designed; it was adapted directly from PlusToken's proven architecture — the same AI-robot framing, the same deposit-and-return wallet structure, the same MLM referral commission tiers. This inheritance gave Cloud Token's operators a tested model that had already demonstrated its ability to scale globally. The adaptation was fast enough that Cloud Token launched and collapsed before the full PlusToken prosecution had concluded, illustrating how quickly the fraud template propagated once established.
02
AI framing as 2019-specific legitimacy signal
In 2019, "AI" was the most potent legitimacy signal available to consumer technology products. The naming of the trading robot "Jarvis" — an overtly fictional AI reference from popular media — and the framing of returns as computationally generated positioned Cloud Token at the intersection of cryptocurrency enthusiasm and AI marketing hype. Investors who were skeptical of trading yield claims were less skeptical of AI-generated arbitrage returns. The framing collapsed the same epistemic gap that PlusToken's "AI Dog" had exploited, but in a more saturated AI-marketing environment.
03
Private server custody as structural fraud
The Cloud Token wallet's failure to provide any on-chain custody of investor assets was the architectural foundation of the fraud. A genuine cryptocurrency wallet holds private keys that are controlled by the investor and verifiable on the public blockchain. Cloud Token's application held investor funds on private servers controlled entirely by operators — a structure identical to a conventional bank account, but with none of a regulated bank's safeguards. The display of balances and returns in the application was operator-controlled data, not cryptographic proof of asset ownership.
04
Jurisdictional distribution as enforcement deflection
The deliberate distribution of Cloud Token's corporate structure across Malaysia, Singapore, and Australia — with operational network participants spread across China, Taiwan, South Korea, Vietnam, and the Pacific diaspora — meant that no single enforcement authority had jurisdiction over the complete scheme. Each authority saw a fragment. Chinese enforcement reached domestic participants. Australian regulators had a registered entity but limited visibility into operators who were resident elsewhere. Singapore had observed Aai's operation but the scheme relocated before enforcement could be completed. The jurisdictional distribution was a structural feature, not incidental geography.
05
Ponzi collapse narrative as misdirection
Cloud Token's stated reasons for collapse — hackers, COVID-19, regulatory pressure — followed a documented pattern of Ponzi schemes deploying external-cause narratives at the point of failure to delay investor withdrawal runs and obscure operator departure. The COVID-19 framing was particularly effective in early 2020 because it was plausible for almost any business disruption in that period. Investors who accepted the external-cause narrative delayed reporting, delayed coordinating legal action, and in some cases reinvested in subsequent Cloud Token relaunch attempts before accepting the loss was permanent.

Aftermath

As of mid-2026, no central Cloud Token operator has been publicly confirmed as convicted in a Western-jurisdiction criminal proceeding. Ronald Aai's location and legal status are not publicly confirmed through available records. The 72 individuals arrested by Chinese authorities in 2020 were primarily network participants rather than scheme architects; no publicly available reporting confirms criminal convictions and sentences for all of those arrestees, though Chinese enforcement proceedings against them were ongoing or concluded in the years following arrest.

Investor losses remain unrecovered across all jurisdictions. The disputed loss range — from $500 million in conservative estimates to $4 billion in higher-end community assessments — reflects the absence of any central judicial process that has produced an audited figure. The Australian corporate entity through which the scheme marketed itself was wound up without producing any investor recovery. Victim communities in Taiwan, South Korea, Vietnam, China, and the Pacific diaspora have had limited recourse given the jurisdictional dispersal of the scheme's operators.

Cloud Token occupies a specific place in the history of Asia-Pacific cryptocurrency fraud as one of the first major post-PlusToken "second-generation" schemes: operators who had observed or participated in PlusToken adapted its model rapidly and deployed it to a partially overlapping investor base before enforcement caught up. The case illustrates both how quickly fraud templates replicate in the cryptocurrency space and how slowly cross-border enforcement can respond when the operator structure is designed from the outset to exploit jurisdictional seams.

Lessons

  1. A cryptocurrency wallet that does not provide verifiable on-chain custody — where investor assets can be confirmed on a public blockchain at an address controlled by the investor — is not a wallet in any meaningful security sense; it is an account in a private system entirely controlled by the operator.
  2. AI and algorithmic trading claims attached to cryptocurrency yield promises have no inherent credibility without independently audited trade records showing actual positions, counterparties, and execution logs; the naming of a trading system does not constitute evidence of its existence.
  3. Operators who register entities across multiple jurisdictions while conducting operations in a different country have structured their scheme to minimise enforcement exposure; investors should require that the entity they invest with is regulated in the same jurisdiction where the responsible operators are resident and identifiable.
  4. When a yield platform's stated reason for halting withdrawals is an external event — a hack, a pandemic, a regulatory order — investors should treat that claim with maximum skepticism and initiate legal action and loss reporting immediately rather than waiting for the stated disruption to resolve.
  5. The rapid replication of proven Ponzi architectures — Cloud Token's near-identical adoption of PlusToken's model — means that investors and regulators should treat structural similarity to known fraud templates as a disqualifying indicator, regardless of rebranding, new platform names, or updated AI-marketing language.

References