People want to get rich, and people want to fall in love — and these are the two motivations behind the growing number of so-called "pig butchering" fraud scams occurring online. Currently, most of these scams involve an investment fraud scheme that promises riches in cryptocurrencies and a false promise of romance.
Such scams typically start with the scam artist operating behind a fake online persona. The scammers either initiate contact with potential victims or lure the prospective victim to contact them. These actions typically occur on social media, investment, or dating sites. Over time, the scam artist tries to build trust in their targeted victim, often through the pretense of a potential friendship or romance. During this process, the scammer introduces their mark to an investment strategy, or more like a scheme, and may socially engineer the victim with images of fake investment gains, often involving a cryptocurrency.
If the scammer is good at their craft, they will gain increased trust from the victim and interest in the investment "opportunity."
Once the victim begins to believe that the investment is legitimate and profitable, the scammer may ask for a small amount from the potential victim to get them started. The scamster will then provide the victim with a small number of profits. After that, the scammer will request much more investment into the scheme. Once the victim invests all that the scammer believes they can invest, the scammer vanishes, and the victim cannot recover the stolen money or cryptocurrency.
Pig butchering scams are on the rise
Such scams are growing. The pig butchering attack is believed to have begun in China, with operations typically in Laos, Malaysia, and Indonesia. It's named after fattening a hog before its slaughter.
According to the FBI, crypto fraud and pig butchering crypto scams cost $2.6 billion in a single year. In 2021, the FBI tracked pig-butchering attacks and categorized them under the umbrella of "romance" scams, citing $429 million in losses related to pig butchering that year.
A survey of 550 victims of pig-butchering scams showed that the average loss internationally (excluding those who lost under $2,500) was $155,117, with a median loss of $52,000. In the USA, the average loss was $210,760, with a median loss of $100,000.
Sophos began investigating pig butchering attacks in 2020 while researching fake mobile cryptocurrency apps, known as CryptoRom apps, that victims downloaded at the behest of their newfound online connections. These apps exploit the vulnerabilities of legitimate cryptocurrency applications by linking to web applications, thus bypassing mobile device security measures.
In their post, Sophos highlights a particular case in which they labeled the victim with the pseudonym "Frank." In this case, Frank lost more than $20,000 in the scam. The investigation into that case led to the identification of a more extensive set of scams operating across more than a dozen domains. Sophos determined that those demands were controlled by five wallets that funneled the stolen cryptocurrency to additional sites so that the stolen cryptocurrency could be laundered. The scams were likely run by three affiliates connected to a Chinese-language multinational crime organization.
A complex fraudster infrastructure
Between January 1 and November 20, 2023, these contract wallets had moved $1.22 million worth of Tether (USDT) from targeted wallets to laundering destinations. The wallets involved in the scheme had moved nearly $2.9 million worth of cryptocurrency by November 15, 2023, from the scams tracked.
The scam's infrastructure was complex, with the scammers using smart contracts to create an allowance for another wallet address, which could then transfer Tether tokens from the linked wallet. The investigation uncovered multiple threat activity groups using identical fraudulent decentralized finance app sites, suggesting they were part of or affiliated with a single organized crime ring.
Sophos emphasized the importance of public awareness and skepticism toward online interactions as the best defense against these scams. Victims are advised to withdraw all funds from wallets connected to scam sites, document all interactions, contact law enforcement, and reach out to the Cybercrime Support Network for assistance.
Avoiding the slaughter
To defend against pig butchering scams, individuals can take the following steps:
Be skeptical of unsolicited contact: Scammers often initiate contact through social media, dating apps, or messaging platforms. Be wary of such messages from people who seem too good to be true.
Verify people: Scammers create fake online personas designed to gain potential victims' trust. Verify the identity of anyone new you communicate with, especially whenever exchanging funds.
Handle investments with extra care: Scammers often manipulate victims into investing more money by falsely implying that their investments perform exceptionally well. Always do your own research.
Never share sensitive information: We were told not to talk to strangers as kids. As adults, it's also a good idea not to share sensitive information with strangers. With such information, scammers may gain access to online account information.
Once a scam is detected, report it: If you think you may be the target or victim of a scam, break off communications and notify law enforcement.
