The U.S. Justice Department (DoJ) on Monday announced the takedown of seven domain names in connection to a "pig butchering" cryptocurrency scam. The fraudulent scheme, which operated from May to August 2022, netted the actors over $10 million from five victims, the DoJ said.
Pig butchering, also called Sha Zhu Pan, is a type of scam in which swindlers lure unsuspecting investors into sending their crypto assets. The criminals encounter potential victims on dating apps, social media sites, and through SMS messages.
These individuals initiate fake relationships in an attempt to build trust, only to trick them into making a cryptocurrency investment on a bogus platform.
But upon transferring the funds to wallet addresses supposedly provided by these domains, the digital currencies are said to have been immediately moved through an array of private wallets and swapping services to conceal the trail.
"Once the money is sent to the fake investment app, the scammer vanishes, taking all the money with them, often resulting in significant losses for the victim," the DoJ said.
The seven seized portals -- simexcbr[.]com, simexlua[.]com, simexwim[.]com, simexarts[.]com, simexrue[.]com, simexvtn[.]com, and simexbiz[.]com -- all mimicked the Singapore International Monetary Exchange (SIMEX), the agency pointed out.
"Pig Butchering fraud highlights the lengths actors will go to socially engineer a target into falling victim to crime perpetuated by large cybercrime ecosystems," Sherrod DeGrippo, vice president of threat research and detection at Proofpoint, previously told The Hacker News.
"The emotional manipulation, friendly tone, and sheer duration of the pre-exploitation phase allows genuine feelings to develop, and the actor exploits that emotion for financial gain, to the loss of sometimes millions of dollars."
An advisory released by the U.S. Federal Bureau of Investigation (FBI) last month noted how when the victims attempted to withdraw their investments, they were asked to pay extra taxes or penalties, leading to more losses.
Are you aware of the risks associated with third-party app access to your company's SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.RESERVE YOUR SEAT
The intelligence agency, in April, revealed it received more than 4,300 complaints related to crypto-romance scams in 2021, resulting in more than $429 million in losses.
A recent report from Proofpoint also detailed some of the other tactics adopted by the fraudsters, including suggesting shifting the conversation to Telegram or WhatsApp for a "more private chat" and encouraging the victims to send compromising photos.
"In addition to cryptocurrency-based lures, these criminal enterprises have used gold, forex, stocks, and other subjects to exploit their victims," researchers Tim Kromphardt and Genina Po said.
"Such schemes are successful due to the intimate nature of the conversations leading up to the 'slaughter.' Causing shame and embarrassment are key goals for threat actors that leverage this type of social engineering to exploit victims, similar to romance fraud."