On Friday, 7 January it was announced that Johann Steynberg, the fugitive CEO of Mirror Trading International (MTI) had been arrested in Brazil on 29 December 2021. Steynberg fled South Africa in December 2020 after MTI had collapsed. The scheme was liquidated on 30 June 2021 with investors trying to claw back some of their money.

Steynberg was apprehended by an elite military police unit after presenting a fake identity document. After his arrest police found another two fake identity documents, two laptops, a cell phone and six credit cards. Our source has decided to remain anonymous. Here is a unique insight into some of the events that have transpired.

Steynberg Arrest

According to Anonymous: “It is unusual that he had two laptops and only one phone in his possession judging from the vague news reports of his arrest. In these matters there is almost always a second burner phone. Forensic analysis of these devices will be critical in retrieval of information, accounts and wallet access. Further to that, if I were a fugitive on the run and did not want to be found I would definitely not use a credit card.”

Johann Steynberg arrested by the elite military police unit GIRO in Brazil.

Red flag past

Steynberg has a history of dubious projects that date back as far as 2010. These schemes include Slap The Guru and Devoted Investments. Another company domain Kipisa.com was registered in 2015 in Panama for Kipi SA.

Screenshot from the Web Archive of slaptheguru.com – https://web.archive.org/web/20110202175300/http://www.slaptheguru.com/cjsteynberg/
Screenshot from the Web Archive of devotedinvesments.com – https://web.archive.org/web/20100629072622/http://www.devotedinvestments.com/?a=members_stats

In the above screenshot we see the username ‘joesteyn’ appear which is most certainly Steynberg and right away there is deception in regards to him investing in his own “business” under a false name. This username will surface later in MTI.

Johann Steynberg and attendee at a Kipi SA workshop.

Girlfriend material

One of the most bizarre revelations from the Steynberg arrest is that he has a Brazilian girlfriend. He still has a wife and child in South Africa who were left behind when he fled the country in December 2020 after MTI’s collapse. Steynberg married his wife Nerina in 2006. In 2011 Steynberg registered an account using his personal Gmail account on the dating site Fling.com under the username “Euro137”. When he registered the account he adjusted his date of birth (1983-07-13) slightly to 1984-06-12 so as to perhaps throw off any scent from his trail.

This data was extracted from public data dumps.

Johann and Nerina Steyberg on their wedding day, 4 November 2006.


At the height of the MTI saga, when their forex broker FXChoice closed MTI’s trading account, it was claimed that another broker took over MTI’s forex trading called Trade300. It is widely believed that Steynberg himself was behind this entity.

Anonymous: “There was indeed a user account called ‘joesteyn’ on the Trade300 WordPress site and the domain name registration has a bit of a history. If I were Steynberg I would have definitely made the tactical move to purchase a domain name with some history behind it to add some credibility.”

FxChoice, the forex broker that closed MTI’s trading account due to non-compliance.

“A tactic used by people to deceive is to hand a victim one piece of information to quell any doubts they had. Sometimes a person will just want to have that information regardless of whether it is pertinent or not thus suspending critical thinking. It is a common thread with these crypto-based scams to just give any information or data and a victim will pretend to understand it or dismiss that voice in the back of their minds.”

There are indeed traces of a Trade300 related to finances online but perhaps coincidence:


“On 20 July 2020 Johann Steynberg and Tom Fraser, business advisor to MTI, had a meeting with Gerhard van Deventer and Andrea Coetzer from the FSCA”, Anonymous relates about the regulators stepping in. “Both Steynberg and Fraser stated under oath that they partook in criminal activity and nobody at MTI was qualified to be working there, but I am focusing more on the subtext here and flagged a few things.

Deventer takes the soft approach up until the end of the interview whilst Coetzer takes a clinical, direct approach. Good cop, bad cop perhaps. I would say particularly Fraser underestimates the FSCA team and tries to take control throughout the interview while Steynberg, in general, seems rather confused. Since Cheri Marks attended another FSCA interview Steynberg could have had a tactic of bringing in ‘loud’ personalities to deflect and try to confuse the investigators.

Coetzer notably keeps reverting back to previous answers given. This is a common method used in questioning: revert back to the past to see if the integrity of statements hold up. Remember – a recollection is from memory but a lie is from imagination so does not hold up if you go backwards.

Tom Fraser, trusted advisor to MTI pictured to the right of Johann Steynberg.

I get the impression based solely on the transcript that Fraser is indicating dishonesty right from the start. He starts almost every statement in a submissive, apologetic manner and then waffles on about his business acumen and talks to the two financial regulators as if they know nothing. People who talk too much in an interview and that appear overly ‘helpful’ or ‘hyper arrogant’ in my experience are either nervous or up to something. He mostly says nothing and veers off topic often. He also states his belief in the remarkable skill of Steynberg several times to drive home some linguistic programming. Fraser often interjects when Steynberg is asked a question to perhaps further try to control the room. Towards the end of the interview Fraser’s answers become shorter. Fraser states what a savvy businessman he is yet during the interview says he invested in a stokvel and lost all his money indicating that he operates in this MLM (multi level marketing) space. He also repeats ‘Ponzi’ dozens of times and is the only one who uses the term. In one instance Fraser even completes Steynberg’s sentence and constantly repeats himself hence why I say he was trying to control the room.

The FSCA is the Financial Sector Conduct Authority that regulates the financial sector of South Africa.

Steynberg’s answers are sometimes confused and he even appears to mumble a critical person’s name at one stage for some reason. Fraser several times attests to the intelligence of Steynberg, yet Steynberg can barely speak English during the interview. His answers compared to Fraser are a lot shorter, hardly ever using long or convoluted words. Something I noticed in regards to this interview and in minutes of MTI meetings is that Steynberg is always in the process of making a change, working on something, about to release something, working with a team on a task, but never actually doing anything at all. Steynberg several times tries to subtly deflect liability onto other people and just generally seems to not know anything.”

The Last Supper

The last Zoom call that Steynberg appeared on was streamed on 7 December 2020. By this time it was already obvious that Steynberg had left South Africa. 

Anonymous talks us through this video: “Cheri Marks’ and other MTI leaders on the call show body language that indicated stress. Firstly, her blink rate is very high. Her eyes often shift left and right as well as close to block out the viewer. At a point near the end of the call Marks starts to swivel in her chair back and forth while Steynberg is speaking which is a change in her movement. Several times during the call Marks smiles. The smile does not last and it is with her mouth and not with her eyes. “

The last Zoom call the Johann Steynberg appeared on streamed on 7 December 2020. https://www.youtube.com/watch?v=7o4ETFOd3i4

“Steynberg also mirrors a lot of her body language and their interactions are very passive aggressive. Marks pushes her lips together while waiting for Steynberg to answer several questions possibly indicating stress and several times she over-gesticulates which, based on other videos of her, is a break from her usual body language. Marks’ also nods constantly as if she wants the viewer to follow along.”

“At the 44:59 mark, Marks makes mention about catching up with outstanding withdrawals. Steynberg reacts by his respiration clearly becoming higher, adjusting his shirt as if he is hot and taking a drink of water but swallowing it really slowly. He also appears to be more self aware looking around and adjusting his laptop camera’s view slightly.”

The email

Anonymous: “Shortly after Steynberg’s disappearance Cheri Marks released a letter with her explanation of what was going on. Included in the communication was an allegedly automated “dead man’s switch” email that was set to go out in the event of an issue with Steynberg. Here is the exact creation date of this ProtonMail email address: 2020-12-15 13:54:54. Straight away this contradicts the narrative as the body of the email contains the date of “1 December 2020” at the top. This is of course impossible since the account had not been created yet. The actual timestamp of the email just below the email address is: Tue, 15 Dec 2020, 14:36. So less than an hour after this ProtonMail account was created the email was sent from it.” 

The email that was sent from the mti-icoe@protonmail.com email address.

“The devil is in the details here as you cannot automate an account creation for any Proton service and you also have to either supply a recovery email or telephone number. Contrary to popular belief, Proton does service search warrants under certain conditions but indeed can only supply a certain amount of information.”

Protonmail uses the Pretty Good Privacy (PGP) encryption standard for encrypting emails. Herewith is the PGP key for the email address mti-icoe@protonmail.com which confirms its creation date.

Version: ProtonMail

PGP key above decrypted for the mti-icoe@protonmail.com confirming its creation date.

Private Investigator

Anonymous: “After Steynberg went missing a private investigator was mandated by Marks and the MTI leaders to locate him. A submission amongst all the court documents was the report from a Private Investigator (PI) called Nambiti Investigations formerly known as Classidra Investigation Services. A lookup on the Private Security Industry Regulation Authority (PSIRA) site, which governs persons or companies operating in the security field, showed that Nambiti’s license expired in 2017. This could be an issue with regards to what was conducted according to the submitted report. On page 1558 of the report the PI claims that he established the IP addresses used by Steynberg and several other people and claims that he tracked them down to a specific physical location. The report included no annexure containing this list of IP addresses nor any explanation of how the PI achieved this technically impossible feat. There are a number of other discrepancies inside the report, for example calling the Incident Report Book at a charge office an ‘Information Book’.”

Nambiti Forensic Investigation Services registered credentials as per their Facebook page.


When asked about his final thoughts, Anonymous says: “These are amateurs playing in the professional league who got lucky. A little bit of time and a lot of OSINT (open source intelligence) you can see a bit more behind the curtain with my findings as this entire debacle has turned into an open source investigation of sorts.

A sobering thought is that if it weren’t for the diligent work of one journalist, the general public would have no idea or care about MTI’s transgressions. Coupled with the solid investigation conducted by the inundated FSCA, one hopes credit is given where it is due. When I wake up tomorrow morning, I will be thankful for many things but mainly thankful that I am not a defendant with regards to MTI because there is a lot more data beyond what I have released and others will have already figured out far more.”


Steynberg will be charged in Brazil for using a fraudulent identity document and have to pay a fine. Since there was an international warrant out for his arrest he might be extradited to South Africa. The Hawks have confirmed his arrest and are busy investigating. Since MTI sold products to US citizens, Steynberg might also face charges in the US.

Spread the love