Sophos researchers discovered that malevolent entities pilfered over $1m in just three months through a cryptocurrency scam referred to as ‘pig butchering’. This intricate operation involved the use of 14 domains along with numerous almost identical fraudulent websites.

The culprits deployed deceptive cryptocurrency trading pools, originating from decentralized finance (DeFi) trading platforms, to swindle their victims. Notably, a victim was swindled out of $22,000 within one week.

Such “liquidity pools,” encompassing diverse cryptocurrency types, allow users to profit by swapping one cryptocurrency for another. Engaging users gain a cut from any fee charged during a trade. Moreover, a separate account (usually managed by the pool’s overseers) is granted rights to access users’ digital wallets to streamline the trade process.

Sophos’ findings indicated that these deceptive operators, termed as “pig butchers”, are increasingly establishing these trading pools to divert funds, often depleting the entire liquidity pools of unsuspecting victims.

One notable incident was of an individual known as Frank. He suffered a loss of $22,000, lured by a scam linked to an online dating ruse. He had been approached on the MeetMe dating app by an individual purporting to be a German woman named Vivian, residing in Washington D.C. for work-related reasons. As their interaction spanned several weeks, Vivian continually persuaded Frank to venture into cryptocurrency through a specific liquidity pool website.

Soon after, Frank initiated a Trust Wallet Account, allowing him to transition from fiat to cryptocurrency, and accessed the mentioned liquidity pool website — a deceptive site mimicking the legitimate decentralized finance provider Allnodes. Between May 31 and June 5, Frank’s investment reached $22,000. However, merely three days post-investment, the scammers drained the entire amount.

On seeking Vivian’s guidance, she advised Frank to invest further to retrieve his funds and gain potential “profits”. In the interim of awaiting bank clearance for a money transfer to Coinbase, Frank unearthed an article from Sophos about liquidity mining and sought their assistance. Sean Gallagher, a lead threat researcher from Sophos, advised Frank to sever all ties with Vivian. Despite this, she persisted, even sharing an emotional message, which Gallagher suspects was generated using advanced AI.

Delving deeper, Sophos underscored the intricate nature of this scam, which cleverly refrained from installing malware on the victim’s device. Instead, the malefactors employed manipulative psychological tactics.

Gallagher elucidated that the faux liquidity pool was channelled through the genuine Trust Wallet app. He expressed concern about the increasing frequency of such scams, stressing that their allure is magnified due to the general populace’s limited understanding of authentic cryptocurrency trading operations. As Gallagher commented, the number of these deceptive “liquidity pool” websites has surged from dozens last year to over 500 currently.

He cautioned individuals against trusting unfamiliar entities reaching out abruptly via dating apps or social platforms, especially if the conversation swiftly transitions to investment discussions on platforms like WhatsApp.

Sophos has collaborated with crypto analysts Chainalysis and trading platform Coinbase to further probe the scope of these ‘pig butchering’ scams.