Report Shows How Scammers Stole More Than $1M

Findings on a major sha zhu pan (pig butchering) operation utilizing fake trading pools of cryptocurrency to steal more than $1 million, have been released. The findings were released by cybersecurity service provider Sophos in its latest report.

The report, ‘Latest Evolution of Pig Butchering scam lures victim in fake mining scheme’, details the story of one of the scammed victims (named Frank) in the pools and how he lost $22,000 in a week after falling for scam that he had been contacted by someone he met through dating app ‘MeetMe’.

After Sophos X-Ops investigated Frank’s story, the team uncovered a total of 14 domains associated with the scam operation, as well as dozens of nearly identical fraud sites that, together, netted this one “ring” of pig butcherers more than $1 million in three months.

This scam takes advantage of the largely unregulated world of decentralized finance (DeFI) cryptocurrency trading applications. Such applications create “liquidity pools” of various types of cryptocurrencies that users can then access to make trades from one cryptocurrency to another. Those who participate in the pool receive a percentage of any fee paid when a trade is made, creating an enticing return on investment. To join a pool, participants first have to sign an online smart contract—a contract that gives another account (typically the operators of the pool) permission to access participants’ wallets to facilitate trades.

Fake pools, which pig butcherers are increasingly utilizing to siphon funds from targets, operate in much the same way. However, unlike legitimate pools, at some point these scammers “pull the rug” and empty the entire liquidity pool for themselves.

“When we first discovered these fake liquidity pools, it was rather primitive and still developing. Now, we’re seeing sha zhu pan scammers taking this particular brand of cryptocurrency fraud and seamlessly integrating it into their existing set of tactics, such as luring targets over dating apps,” said Sean Gallagher, principal threat researcher, Sophos.

“Very few understand how legitimate cryptocurrency trading works, so it’s easy for these scammers to con their targets. There are even toolkits now for this sort of scam, making it simple for different pig butchering operations to add this type of crypto fraud to their arsenal. While last year, Sophos tracked dozens of these fraudulent ‘liquidity pool’ sites, now we’re seeing more than 500,” he further explained.

Sophos has shared its data on Frank’s case with Chainalysis and Coinbase, as well as other threat intelligence professionals in the cryptocurrency space, all of whom continue to investigate. People who believe they may be a victim of pig butchering or liquidity mining fraud are free to reach out to a cybersecurity expert. They should also reach out to their local law enforcement for assistance.