Malicious actors have executed a highly sophisticated cryptocurrency scam referred to as ‘pig butchering,’ stealing over $1 million in just three months, according to research by Sophos. The operation involved 14 domains and dozens of nearly identical fraudulent websites.
Furthermore, the scammers exploited fake trading pools in decentralized finance (DeFi) applications to defraud victims, with one individual losing $22,000 in a single week. These fake “liquidity pools” in cryptocurrencies allowed users to profit from trading, and the scammers accessed participants’ wallets to facilitate the trades.
The case of an individual named ‘Frank’ was highlighted in the report, who lost $22,000 to this scheme after falling victim to an online dating scam. ‘Vivian,’ who claimed to be a German woman on the dating app MeetMe, persistently convinced Frank to invest in cryptocurrency and recommended a fraudulent liquidity pool site.
Frank invested $22,000 in this pool, only to have his funds emptied by scammers three days later. Despite warnings from Sophos, Vivian continued to entice Frank into further investments.
The pig butchering scam was executed with remarkable sophistication, not requiring any malware installation on the victim’s device, relying instead on social engineering tactics. Sophos cautioned that pig butchering scams, also known as shā zhū pán, are increasingly prevalent and highly effective for threat actors.
It’s essential to exercise caution when approached by unknown individuals on dating apps or social media platforms, especially if they propose moving the conversation to platforms like WhatsApp and discuss cryptocurrency investments. Sophos has shared its findings with crypto intelligence experts Chainalysis and exchange platform Coinbase, who are investigating the extent of pig butchering scams further.
