Connect with us

Hi, what are you looking for?

White Papers

Scammers use fake cryptocurrency trading pools to steal over $1M – Sophos

After Sophos X-Ops investigated Frank’s story, the team uncovered a total of 14 domains associated with the scam operation, as well as dozens of nearly identical fraud sites that, together, netted this one “ring” of pig butcherers more than $1 million in three months.

Sophos, a global player in innovating and delivering cybersecurity as a service, recently released findings on a major shā zhū pán (pig butchering) operation utilizing fake trading pools of cryptocurrency (liquidity pools) to steal more than $1 million.

The report, “Latest Evolution of ‘Pig Butchering’ Scam Lures Victim in Fake Mining Scheme,” details the story of one of the scammed victims in the pools, named *Frank, and how he lost $22,000 in one week after “someone” pretending to be “Vivian” on the dating app MeetMe contacted him.

After Sophos X-Ops investigated Frank’s story, the team uncovered a total of 14 domains associated with the scam operation, as well as dozens of nearly identical fraud sites that, together, netted this one “ring” of pig butcherers more than $1 million in three months.

This scam takes advantage of the largely unregulated world of decentralized finance (DeFI) cryptocurrency trading applications. Such applications create “liquidity pools” of various types of cryptocurrencies that users can then access to make trades from one cryptocurrency to another. Those who participate in the pool receive a percentage of any fee paid when a trade is made, creating an enticing return on investment. To join a pool, participants first have to sign an online smart contract—a contract that gives another account (typically the operators of the pool) permission to access participants’ wallets to facilitate trades. Fake pools, which pig butcherers are increasingly utilizing to siphon funds from targets, operate in much the same way. However, unlike legitimate pools, at some point these scammers “pull the rug” and empty the entire liquidity pool for themselves.

Advertisement. Scroll to continue reading.

“When we first discovered these fake liquidity pools, it was rather primitive and still developing. Now, we’re seeing sha zhu pan scammers taking this particular brand of cryptocurrency fraud and seamlessly integrating it into their existing set of tactics, such as luring targets over dating apps. Very few understand how legitimate cryptocurrency trading works, so it’s easy for these scammers to con their targets. There are even toolkits now for this sort of scam, making it simple for different pig butchering operations to add this type of crypto fraud to their arsenal. While last year, Sophos tracked dozens of these fraudulent ‘liquidity pool’ sites, now we’re seeing more than 500,” said Sean Gallagher, principal threat researcher, Sophos.

Sophos X-Ops first learned of this liquidity mining operation from a victim named Frank. Frank had connected on the dating app MeetMe with a scammer hiding behind the persona of Vivian, a German woman supposedly living in Washington, D.C. for work. For weeks, Frank chatted with Vivian, who mixed her romantic promises with persistent attempts to convince Frank to invest in crypto.

Eventually, Frank opened a Trust Wallet account (a legitimate app for converting dollars to cryptocurrency) and connected to the link to the liquidity pool site Vivian recommended. In reality, the pool site was a fraud site utilizing the brand of Allnodes, an established decentralized finance platform provider, as a cover. Between May 31 and June 5, Frank invested $22,000 in the scheme. Just three days later, the scammers emptied Frank’s digital wallet. Frank, looking to recover his money, turned to Vivan, who claimed he needed to invest even more in the pool to recover his funds and reap the “rewards.” While waiting for his bank to authorize a money transfer to Coinbase, Frank started researching what was going on and came across an article on liquidity mining from Sophos. At this point, Frank reached out to Gallagher for help.

Even after Gallagher instructed Frank to block Vivian, she eventually found him on Telegram and continued her attempts to entice him into “continuing their investment,” going so far as to send a lengthy, emotional letter that was very likely created by a generative AI app.

“What makes these sorts of scams particularly tricky is that they don’t require any malware to be installed on a victim’s device. They don’t even involve a fake app, like some of those we’ve encountered in other CryptoRom scams. This entire fake liquidity pool was run through the legitimate Trust Wallet app. At one point, Frank even tried to contact Trust Wallet’s support to recover his money, but he connected with a fake support contact from the fraudulent liquidity pool site. There is no regulation of these pools, legitimate or otherwise, on these crypto apps. These scams succeed solely through social engineering, and the scammers are persistent. Vivian continued trying to contact Frank for weeks after he blocked her on WhatsApp.

Advertisement. Scroll to continue reading.

“The only way to stay safe from these scams is to be vigilant and know that they exist and how they operate. That is why Frank wanted to share his story. Users need be wary of anyone they have no connection with reaching out to them suddenly via any dating app or social media platform, particularly if the ‘person’ reaching out wants to move the conversation to a platform like WhatsApp and then discusses investing in cryptocurrency,” said Gallagher.

Sophos has shared its data on this case with Chainalysis and Coinbase, as well as other threat intelligence professionals in the cryptocurrency space, all of whom continue to investigate. People who believe they may be a victim of pig butchering or liquidity mining fraud are free to reach out to Sophos. They should also reach out to their local law enforcement for assistance.

For more about the rise of liquidity mining scams in “Latest Evolution of ‘Pig Butchering’ Scam Lures Victim in Fake Mining Scheme,” go to Sophos.com.

Advertisement. Scroll to continue reading.
Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement