Scapegoating Nigerians for a loophole the platform built: What Celestia’s faucet ban really reveals

Blessed Frank
Three young Africans, two males and a female on their phones

On July 7, 2026, Mustafa Al-Bassam, the Celestia Labs co-founder and CEO, better known on X as @musalbas, posted a two-line apology that quietly went viral: his team had to block Nigerian residents from a faucet feature after discovering that most of them were withdrawing the $5 it dispensed rather than using it to test the product as intended. 

According to the CEO, Nigeria accounts for 9,189 units bridged out, more than fourteen times the next-highest country, the United Kingdom, at 638. Germany, Morocco, and the Netherlands follow in the low 300s, with the United States at just 214. 

Details of the ban were contained in what appears to be a Discord-style community channel by an account called “bild”, with a green sloth avatar tagged “LAZY”, likely a nod to Celestia’s own working title before launch, LazyLedger. Rather than a plain apology, the message leans hard into flattery. 

It praises Nigerians as some of the most creative people in the world; credits the country’s cultural exports; says people are “built different”; and states the team is “temporarily geoblocking Nigeria from the faucet out of pure respect”, while insisting Nigerians remain welcome to use the product if they deposit TIA themselves. 

Celestia's Faucet TIA bridge out by countries
Celestia’s TIA bridge out by countries

It closes by declaring that Nigerian influence can be felt in music, fashion, tech, and food and that “the future is Nigeria”. The message reads as good-natured on its face, but the substance underneath the compliments is unchanged: one country, and one country only, loses free access to try the product.

What actually happened with the faucet

Faucets are a standard onboarding tool in crypto products. A new user connects a wallet, verifies they’re human, and receives a small, fixed amount of a token, usually just enough to cover a transaction fee or demonstrate a feature like bridging. The token isn’t meant to be withdrawn; it’s meant to be spent inside the product, generating the test activity the team needs to see.

The bridging data suggests the faucet had no real constraint between “receive TIA” and “bridge it straight back out”. If Nigerian users accounted for over 90% of a sample this lopsided, that’s the predictable output of an underspecified system: when a reward is fungible, portable, and only loosely tied to actual product usage, rational users anywhere will take the exit that’s available to them; Nigeria’s users simply did it at a scale and speed that exposed the gap faster than any other market did. 

The Kled AI precedent: same shape, higher stakes

Kled AI’s case, from two months earlier, is the more fully documented version of this story. Kled is a US-based data marketplace, launched in 2025, that pays everyday users for uploading photos, videos, and other content that AI companies use as training data. The company removed its app from Nigerian app stores and IP-banned the entire region

Founder Avi Patel explained that after several months of uploads, the company found Nigeria had an approximately 95% fraud rate, with users submitting black screens, duplicate photos, and AI-generated or internet-sourced images at scale. The platform had reportedly paid out hundreds of thousands of dollars over four months before the scale of the abuse became unsustainable.

Patel drew an explicit comparison that did most of the reputational damage: he noted that Malaysia, Indonesia, and the Philippines had fraud rates below 10% across a user base ten times the size. That framing, one country singled out by name against a backdrop of others behaving normally, is what turned a fraud-prevention decision into something that read, to many Nigerians, as a verdict on national character rather than a platform failure. 

Amid a sudden Nigerian ban, Kled AI is accused of severe data privacy breaches
Avi Patel, founder of Kled (IMG: Business Insider)

The backlash was immediate, with many Nigerian users accusing the company of stereotyping the country, even as Patel insisted the decision was purely business-driven and not about race or nationality. Before the ban, the app had genuine traction in Nigeria, ranking among the top 100 on Apple’s App Store multiple times over four months and pulling in more than 25,000 users, which undercuts any suggestion that Nigerian demand for the product wasn’t real.

The stereotype is doing the heavy lifting

It’s worth asking directly why a faucet-draining incident and a data-upload incident both resolved, within weeks of the abuse being noticed, into a national ban rather than a technical fix and why the language used to justify both leant so heavily on national character, “built different”, a 95% figure presented as a national trait, rather than a description of the vulnerability itself. Part of the answer is a script that predates both of these products by decades. The assumption is that a Nigerian on the other end of a transaction is more likely than not to be a fraudster.

The actual data doesn’t support treating that as a national trait. The most rigorous attempt to measure where cybercrime originates, the Oxford/UNSW World Cybercrime Index, ranks Russia at the top of the list, followed by Ukraine, China, the USA, Nigeria, and Romania, meaning four other countries, including the United States itself, rank above Nigeria on the overall cybercriminal threat. 

Where Nigeria does lead is a single, narrower category: Nigeria ranks first for online scams specifically, while North Korea leads in attacks and extortion, and the UK tops cashing out and money laundering. 

The same research notes a meaningful distinction in sophistication. Russian and Ukrainian cybercriminals run highly technical operations, while Nigerian offenders are concentrated in less technical forms of cybercrime, a description that fits neither faucet-bridging nor Kled AI’s upload abuse.

Scale matters too. Nigeria’s Economic and Financial Crimes Commission, the country’s main anti-fraud agency, secured at least 20,011 convictions between 2014 and 2025, with cybercrime-linked convictions only part of that number. Even taking those figures as an undercount of actual offenders by a wide margin, they describe a small, identifiable criminal minority, not a national characteristic. 

The EFCC’s own chairman has also pushed back publicly on the assumption that Nigerian-looking fraud is Nigerian-run: in 2025, he disclosed that Nigeria had arrested 194 foreign nationals, mostly Chinese and Filipino, who had been using Nigerian identities, email accounts, and IP addresses specifically because doing so made their fraud look Nigerian to the outside world. That single case alone means some unknown share of the data that platforms use to justify banning Nigeria isn’t Nigerian activity at all; it’s foreign fraud wearing a Nigerian mask, exploiting the same reputational shortcut the geoblocking founders are relying on.

This isn’t denying that their concerns aren’t legitimate, but their claim is narrower. Every nation has a fraction of bad actors, a handful of countries specialise in more scam-type cybercrime than others, and Nigeria’s specific, real specialisation in low-technical-effort scams is still a minority-of-a-minority phenomenon that gets mapped onto all 230 million-plus Nigerians the moment a US founder needs a fast, publicly defensible reason for a product decision. 

That’s the scapegoat mechanism at work. It’s faster to geoblock a country and call it “pure respect” than to say plainly that the product’s own guardrails were too weak for the incentive it built, and a national fraud reputation, however disproportionate to the actual numbers, is what makes the first option feel justified without further explanation.

CBN PSV 2028: How Nigeria is using eNaira and stablecoins to bank 50 million people

Both cases share a structure. A US platform builds a feature with a soft spot: value that can be extracted with minimal verification and no real cost to the user for trying. Nigerians, alongside other users in high-mobile-penetration, cash-constrained markets, find that soft spot fast because a working-class smartphone economy has both the incentive and the density of users to stress-test any leak in a system within weeks. The platform then responds not by hardening the mechanism but by geoblocking the entire country.

That response solves the immediate bleeding, but it also does two things worth naming plainly. First, it treats a design failure as a demographic one. The loophole existed for every user of the product, but only one nationality was asked to leave. Second, it forecloses the market rather than the exploit; legitimate Nigerian users, developers, and testers who never touched the loophole lose access alongside the people who did, while the underlying vulnerability often isn’t disclosed in detail at all. 

None of this excuses fraud, and it would be dishonest to pretend platforms don’t face real, costly abuse. Kled’s own numbers, if accurate, describe a genuinely unsustainable loss rate. But “we got exploited, so we’re banning the country” is a business decision dressed up as an observation about a people. The more accurate, and more useful, statement in both cases would have been ‘Our verification was too weak for the incentive we built.’ That’s a claim about product design, and it’s the one thing a founder can actually go fix.


Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!

Register for Technext Coinference 2023, the Largest blockchain and DeFi Gathering in Africa.

Technext Newsletter

Get the best of Africa’s daily tech to your inbox – first thing every morning.
Join the community now!