For the first time, the US Department of Justice has seized seven domains that hosted websites linked to “pig cutting” scams, where fraudsters trick victims of romance scams into investing in cryptocurrency through fake investment platforms.
The list of seized domains includes simexcbr.com, simexlua.com, simexwim.com, simexarts.com, simexrue.com, simexvtn.com and simexbiz.com, all impersonating the one used by the Singapore International Monetary Exchange (SIMEX).
Although originating in Asia, pig slaughter scams have spread globally after cryptocurrency scammers realized that users of dating apps and social media sites ( “pigs”) are easy targets after building trust using various social engineering tactics.
Once “hooked”, the victims are supported by other members of the cybercrime network who also operate fraudulent cryptocurrency investment platforms.
After being told to invest and transfer the funds via prepaid cards, wire transfers and cryptocurrency payments to wallets controlled by attackers or via ATMs, the scammers shut down their fake portal. crypto investment and disappear with victims money.
Five victims lost over $10 million
As the US Department of Justice revealed in a press release this week, the fraud ring that used the seven seized domains tricked five victims into transferring more than $10 million to crypto deposit addresses. currency immediately emptied by the crooks.
For example, in August 2022, one of the victims told investigators that one of the fraudsters, who contacted via LINE and WeChat mobile messengers, promoted a cryptocurrency investment platform using the domain simexlua.com.
After being tricked in May 2022 into installing a bogus investing app and initially making a small investment of $400, the victims transferred approximately $9.6 million in USD Coin (USDC) to a deposit address provided by scammers.
According the affidavit unsealed on Wednesdaythe scammers also sent “trading profit” notifications via the scam app after each deposit for the victim to “invest”.
When the victim attempted to withdraw some of the fake profits, totaling over $7 million through the fake in-app alerts, the scammers demanded additional payments of “taxes”, “fees” and “deposits”. guarantee” to prove that they were “not involved in illegal conduct.”
“According to court records, from May to at least August 2022, scammers claimed five lives in the United States using the seven seized domains, all of which were domains impersonated from the Singapore International Monetary Exchange,” the ministry said. of Justice. said.
“After the victims transferred investments into the deposit addresses provided by the crooks through the seven seized domain names, the victims’ funds were immediately transferred through numerous private wallets and exchange services in an attempt to conceal the source of the funds. In total, the victims lost more than $10 million.”
FBI warns cryptocurrency investors
The FBI also recently warned against pig butcher scams highlighting its emergence as a highly profitable scheme around the world where cybercriminals steal ever increasing amounts of cryptocurrency from unsuspecting investors.
“Many victims report being told to make wire transfers to overseas accounts or buy large amounts of prepaid cards,” the FBI warned last month.
“The use of cryptocurrency and cryptocurrency ATMs is also an emerging payment method. Individual losses related to these schemes ranged from tens of thousands to millions of dollars.”
The FBI also shared a list of some red flags that should let aspiring investors know they’re the target of a “pig-cutting” scam:
- You are contacted by a long-lost contact or a stranger on social media.
- The URL of the investment platform does not correspond to the official website of a popular cryptocurrency market/exchange, but is very similar (typo-squatting).
- The investment app you downloaded generates “untrusted” warnings when launched on Windows, or your antivirus marks it as potentially dangerous.
- The investment opportunity sounds too good to be true.