Cryptocurrency Scammers Make Off with More Than $1 Million in Three-Month ‘Pig Butchering’ Scam
In a concerning revelation, Sophos researchers have uncovered a cryptocurrency scam, referred to as ‘pig butchering,’ that has netted malicious actors over $1 million in a mere three months. This insidious operation displayed a high level of sophistication, utilizing 14 domains and dozens of nearly identical fraudulent websites.
The modus operandi of this scam involved deceiving victims through fake trading pools associated with decentralized finance (DeFi) trading applications. Victims were targeted, and their funds were defrauded, with one individual losing a substantial $22,000 in just a single week.
These so-called “liquidity pools” encompass various cryptocurrencies and offer users the opportunity to generate profits by trading between different digital currencies. Participants typically receive a percentage of the fees incurred during these trades. Interestingly, another account, usually controlled by the pool’s operators, gains access to participants’ wallets to facilitate these transactions.
What sets this scam apart is the growing trend of fraudsters establishing such pools to drain users’ funds, ultimately emptying their entire liquidity pools.
A Victim’s Tale: Losing $22,000 in One Week
The report presented a poignant case study involving an individual named ‘Frank,’ who fell victim to this scheme after being ensnared in an online dating scam.
Frank’s journey began when he encountered ‘Vivian’ on the dating app MeetMe. Vivian, who claimed to be a German woman working in Washington D.C., spent weeks engaging in romantic exchanges with Frank. Throughout their interactions, she relentlessly pushed him to invest in cryptocurrency, specifically recommending a liquidity pool website.
Consequently, Frank opened a Trust Wallet Account, enabling him to convert his dollars into cryptocurrency. He then followed a link to a fraudulent site impersonating the decentralized finance provider Allnodes.
Between May 31 and June 5, Frank invested $22,000 in this pool. Astonishingly, a mere three days later, all his funds vanished into the hands of the scammers.
Desperate for a solution, Frank turned to Vivian, who encouraged him to invest even more to recover his losses and reap substantial “rewards.” While awaiting authorization for a money transfer to Coinbase, Frank stumbled upon a Sophos article on liquidity mining. He contacted Sophos for assistance.
Sophos’ Sean Gallagher advised Frank to block Vivian. However, Vivian persisted in her efforts to lure Frank back into the investment, even resorting to sending a lengthy, emotionally manipulative letter—a document Gallagher suspects was generated by an AI application.
A Remarkably Sophisticated Operation
Sophos underscored the remarkable sophistication of the pig butchering scam. It was notable for its absence of any need to install malware on victims’ devices; instead, it relied on social engineering tactics.
Gallagher pointed out, “The entire fake liquidity pool was run through the legitimate Trust Wallet app. At one point, Frank even tried to contact Trust Wallet’s support to recover his money, but he connected with a fake support contact from the fraudulent liquidity pool site.”
Gallagher cautioned that pig butchering scams, also known as shā zhū pán, are becoming increasingly common and incredibly effective for malicious actors. He revealed, “Very few understand how legitimate cryptocurrency trading works, so it’s easy for these scammers to con their targets. There are even toolkits now for this sort of scam, making it simple for different pig butchering operations to add this type of crypto fraud to their arsenal. While last year, Sophos tracked dozens of these fraudulent ‘liquidity pool’ sites, now we’re seeing more than 500.”
He urged individuals to exercise caution when approached out of the blue by strangers on dating apps or social media platforms, especially if the conversation quickly transitions to platforms like WhatsApp and delves into discussions of cryptocurrency investments.
Sophos has shared its findings with cryptocurrency intelligence experts Chainalysis and the exchange platform Coinbase, who are diligently investigating the extent of pig butchering scams.