‘Pig Butchering’, a new and particularly mean and ruthless form of cryptocurrency fraud that originated in China, has evolved into a global scourge.
Sha zhu pan, which translates as “pig-butchering”, uses sophisticated fraudulent decentralized finance (DeFi) applications to bypass most of the defenses provided by mobile device vendors. WhatsApp is the preferred platform for targets outside China; Telegram is also used, as is Skype.
According to cybersecurity firm Sophos: “Originating in China at the beginning of the COVID pandemic, ‘pig butchering’ scams have expanded globally ever since, becoming a multi-billion-dollar fraud phenomenon.”
The Chinese scam typically targets the lonely and vulnerable with a professionally organized team of ruthless professional cybercriminals working around the clock to strip them of their life savings. On one occasion, Sophos also observed a small bank go down as one cybercriminal group used a highly sophisticated crypto-scam to ensnare a bank officer.
This new generation of decentralized finance (DeFi) scams use trusted applications from well-known developers, only needing the victim to load a web page from within the application. Nor does the SeFi scam require crypto funds to be deposited into a wallet controlled by the fraudsters, or wire a deposit to them. Crucially, this gives the victim the illusion of having full control over his/her funds. Until the moment that the trap is sprung, the victims’ cryptocurrency deposits are visible in their crypto wallets. According to Sophos, the cybercriminals will add additional cryptocurrency tokens to the crypto account to create the illusion of profit in the mind of the victim.
The face the scammers present to potential victims is usually an apparently friendly one. This can be in the form of a hijacked account of an unsuspecting third party or a totally fictitious ‘false flag’ identity cooked up using artificial intelligence (AI). The victim of a DeFi crypto-scam is unaware that they are not dealing with a single ‘helpful’ individual but with a well-oiled operation conducted by a skilled team of operatives often spread across different geographies. Direct contact with the victim is generally conducted by what Sophos labels a ‘a front office’ team.
‘Front office’ hackers pose as victim’s friends
“The front office operates teams of “keyboarders”—often people lured from China, Taiwan, the Philippines, Malaysia, and other Asian countries with the promise of high-paying tech or phone center jobs—to engage potential targets,” says Sophos.
The front office fraudsters are trained to operate using pre-written scripts, texting, and sending images to targets to convince potential victims that they are “friends” or romantically interested in their target. Once the victim is hooked, the scam passes into the hands of a ‘back office’ populated by an IT team and money launderers. They conceal the wallet network that launders stolen crypto behind a contract wallet—an address that is given control over the victims’ wallets when the victims “join” the scam.
“Until the moment that the trap is sprung, the victims’ cryptocurrency deposits are visible in their wallets’ balances, and the scammers even add additional cryptocurrency tokens to their accounts to create the illusion of profit,” reports Sophos.
Sophos adds that scam is: “A new variant on what has become perhaps the fastest growing segment of online fraud, accounting for billions of dollars in losses from thousands of victims in the US alone—cryptocurrency-based investment fraud.”
