I will copy paste what I wrote in the original message of this user.


For everyone concerned:
1) This individual is the only one had this issue out of hundreds of thousands of users. If there was an issue in the app, scammers would have used this vulnerability multiple times. Why scam one person if you could scam all of the users. Just doesn't make sense.

[For full disclosure 2 of his mates also from the same African country reported this issue. Maybe it is the same person just with multiple reports: one in the app, one via email, one in our telegram group. Anyway we are talking to all 3 of them in best faith trying to help.]

2) Preliminary investigation showed that this user has compromised his credentials somewhere.

3) But we believe it is unfair to go reporting that such an established and reputable app is a scam without any proof. Moreover we are trying to help him understand what happened the very same moment.

More will unfold later.