Pig-butchering scammers are using a “cybercrime as-a-service”-like business model by selling pig-butchering kits on the dark web, globally expanding to new markets, a new report from cybersecurity firm Sophos reveals.
Traditionally originating in China, pig-butchering scams involve criminals cultivating romantic or personal relationships with victims through dating apps or social media. After gaining trust over weeks of virtual conversations, fraudsters manipulate victims into investing in phony cryptocurrency schemes, ultimately making off with their funds and, in some cases, robbing innocent people of their life savings.
The latest evolution of these schemes known as “DeFi Savings,” involves cybercriminals utilizing blockchain to bypass mobile device defenses.
“Criminals position DeFi savings scams as passive investment opportunities that are similar to money market accounts, often times to people who have no understanding of crypto. Victims only need to connect their crypto wallet to a “brokerage account,” with the expectation that they will earn significant interest from their investment. In reality, victims are adding their crypto wallets to a fraudulent cryptocurrency trading pool, which the fraudsters then empty,” the company said.
The scheme combines the script for fake romance and friendship with smart contracts and mobile crypto wallets, which allows to overcome some technical hurdles faced by traditional pig-butchering techniques, such as installing customized mobile apps or wiring deposits to scammers.
-
No Customized Mobile App Installation: Unlike previous pig-butchering scams that required convincing targets to install a customized mobile app, DeFi scams use trusted applications from well-known developers. Victims only need to load a web page from within the application.
-
Illusion of Full Control: DeFi scams do not require victims to deposit crypto funds into a wallet controlled by scammers. Until the trap is sprung, victims can see their cryptocurrency deposits in their wallets, with scammers even adding additional tokens to create the illusion of profit.
-
Concealing Stolen Crypto: DeFi scams hide the wallet network laundering stolen crypto behind a contract wallet. This address gains control over victims' wallets when they "join" the scam, providing an added layer of anonymity.
According to the report, the DeFi savings schemes are the fastest-growing scene in pig-butchering, with dozens of new kits emerging daily. One DeFi ring studied by Sophos brought in a staggering $3 million over a three-month period.
“We expect that DeFi mining scams will constitute an increasing percentage of pig-butchering scams going forward because they can more easily be bundled for sale and distribution to other cybercriminals, and because they can be easily adopted by existing romance scam operators,” the researchers said. “Because these scams use legitimate software and frequently change their web hosting and cryptocurrency addresses, they often only detected once they have begun—often by banks and cryptocurrency brokerages who are alerted by large volumes of transactions from customers who have never traded in cryptocurrency before that trip money laundering and bank fraud alerts.”