US cybercops take on 'pig butchering' org, return $9M in scammed crypto

The US has seized nearly $9 million in proceeds generated by exploiting more than 70 victims across the nation in so-called "pig butchering" scams.

Authorities tracked payments to cryptocurrency addresses belonging to one organization known for romance scams and fake cryptocurrency investments, known together as "pig butchering" which means the marks are "fattened" for slaughter as they load up scammers' accounts before being taken for as much as the crims can extract.

The Department of Justice (DOJ) said on Tuesday that the cybercriminals worked together to create and pitch fake investment companies and crypto exchanges to investors, convincing them to deposit their money which was then stolen.

The criminals then attempted to launder the proceeds using chain hopping techniques, which involve quick and frequent transactions whereby the crims switch cryptocurrency tokens in an attempt to evade detection.

The switch between blockchains makes investigators' roles more difficult and the attackers often use the method in addition to converting tokens with so-called "privacy coins" like Monero or Z-cash, which are more difficult to track compared to tokens such as Bitcoin and Ethereum.

Cryptocurrency laundering used to be performed using services called mixers and tumblers but after a series of arrests and sanctions, scammers have started to use fresh forms of laundering.

Alongside chain hopping, coin swaps and cross-chain bridges have also emerged as go-to methods of attempting to evade law enforcement, according to Mark Tibbs, cyber intelligence director at Mishcon De Reya.

"Coin swaps are decentralized protocols which allow users to exchange coins directly with others with no intermediaries," he said. 

"A cross-chain bridge connects different blockchains and enables the transfer of assets and information between them. Services like these can be used for legitimate privacy purposes but can also be abused to launder funds."

Analysts at the US Secret Service San Franciso Field Office tied the criminals' laundering efforts to multiple wallet addresses associated with the criminal organization and various reports made through the FBI's and FTC's cybercrime reporting portals.

"This seizure exemplifies the Secret Service's mission to protect the financial infrastructure of the United States. We remain determined and vigilant to combat cyber-enabled financial fraud," said Shawn Bradstreet, special agent in charge of the USSS San Francisco Field Office. 

"It is a priority for the Secret Service to protect the financial security that citizens work so hard to obtain. We want to thank the Justice Department for their partnership, dedication, and outstanding work on this case."

The DoJ didn't mention any arrests or the names of the cybercriminals in the organization, but the case continues to be handled by its computer crime division, the National Cryptocurrency Enforcement Team, and assistant US attorneys Chris Kaltsas and Galen Phillips for the Northern District of California.

The proceeds were returned in the US dollar-tied stablecoin Tether, which received thanks from the DoJ for its involvement in effectuating the transfer of assets.

Pig butcherers sent to the abattoir

Romance scammers and fake crypto investors have been firmly in the crosshairs of law enforcement for some time, in part due to the continued success they continue to generate.

According to the FTC's figures, nearly 70,000 US citizens reported romance scams in 2022, netting cybercriminals at least $1.3 billion in the process.

These romance scams typically involve criminal Cassanovas drumming up a rapport with their victims, usually over dating apps, then selling an excuse as to why they need to be sent some money, perhaps for hospital bills, or desperately needing money for an emergency flight home to see a dying relative – you know the ones. If you spot them early, you can even have some fun with them, like this guy.

Pig butchering is a more recent twist on the typical romance scam. It still involves a high degree of social engineering but instead of playing on victims' heartstrings, criminals prey on victims' desire to get rich quickly.

Some involve the traditional formula of making contact, building a bond, and then introducing the scam with a quick "You seem cool, I'll let you in on this crypto opportunity that's made me some serious cash recently…"

Others are a bit more high-tech and involve creating a brand-new beta crypto-trading app to download, which of course is actually just some stealer malware skinned with enough buttons and features to trick users, who download them outside of approved app stores, to enter their financial information. 

• Romance scam targets security researcher, hilarity ensues
• British woman loses £1.6 million to romance scam love rats
• FBI boss: We went to the Moon, so why can't we have crypto backdoors? – and more this week
• 'Toyota dealer stole my wife's saucy snaps from phone, emailed them to a swingers website'

Speaking on the most recent seizure, Ismail J. Ramsey, US attorney for the Northern District of California, said the government would continue to crack down on these scams.

"This seizure is the culmination of the exceptional hard work and collaborative partnership between the Justice Department and the United States Secret Service," he said.

"Silicon Valley remains one of the world's preeminent locations for cryptocurrency firms," he added. "As such, we remain dedicated to using all tools at our disposal to bring justice to the victims of frauds and scams. Even when money and criminals are abroad, we will work with our partners to seize cyber criminals' illegal proceeds." ®