For the first time, the U.S. Department of Justice seized seven domains that hosted websites linked to “pig butchering” scams, where fraudsters trick victims of romance scams into investing in cryptocurrency via fake investment platforms.
The list of domains seized includes simexcbr.com, simexlua.com, simexwim.com, simexarts.com, simexrue.com, simexvtn.com, and simexbiz.com, all of them spoofing the one used by the Singapore International Monetary Exchange (SIMEX).
While originating from Asia, pig butchering scams have spread globally after cryptocurrency scammers realized that users of dating apps and social media sites (the “pigs”) make for easy targets after building trust using various social engineering tactics.
Once “hooked,” the victims are handled by other members of the cybercrime ring who also run fraudulent cryptocurrency investment platforms.
After being asked to invest and transfer the funds via prepaid cards, wire transfers, and cryptocurrency payments to attacker-controlled wallets or via ATMs, the scammers shut down their fake crypto investment portal and vanish with the victims’ money.
Five victims lost over $10 million
As the U.S. Justice Department revealed in a press release this week, the fraud ring that used the seven seized domains tricked five victims into transferring more than $10 million to cryptocurrency deposit addresses immediately emptied by the scammers.
For instance, in August 2022, one of the victims told the investigators that one of the fraudsters—who reached out via LINE and WeChat mobile messengers—promoted a cryptocurrency investment platform using the simexlua.com domain.
After being tricked in May 2022 into installing a fake investment app and initially making a small $400 investment, the victims transferred roughly $9.6 million worth of USD Coin (USDC) to a deposit address provided by the scammers.
According to the affidavit unsealed on Wednesday, the fraudsters also sent “trading profit” notifications via the fraudulent app after each deposit to keep the victim “investing.”
When the victim tried to withdraw some of the fake profits, totaling over $7 million per the fake in-app alerts, the scammers asked for additional payments of “taxes,” “fees,” and “security deposits” to prove they were “not involved in any illegal behavior.”
“According to court records, from at least May through August 2022, scammers induced five victims in the United States by using the seven seized domains, which were all spoofed domains of the Singapore International Monetary Exchange,” the Department of Justice said.
“After the victims transferred investments into the deposit addresses that the scammers provided through the seven seized domain names, the victims’ funds were immediately transferred through numerous private wallets and swapping services in an effort to conceal the source of the funds. In total, the victims lost over $10 million.”
simexbiz.com seizure banner (BleepingComputer)
FBI warns cryptocurrency investors
The FBI also recently warned about pig butchering scams highlighting its emergence as a highly profitable scheme worldwide where cybercriminals steal ever-increasing amounts of cryptocurrency from unsuspecting investors.
“Many victims report being directed to make wire transfers to overseas accounts or purchase large amounts of prepaid cards,” the FBI warned last month.
“The use of cryptocurrency and cryptocurrency ATMs is also an emerging method of payment. Individual losses related to these schemes ranged from tens of thousands to millions of dollars.”
The FBI also shared a list of some red flags that should let wannabe investors know they’re the target of a “pig butchering” scam:
- You are contacted by a long-lost contact or a stranger on social media.
- The URL of the investment platform doesn’t match the official website of a popular cryptocurrency market/exchange but is very similar (typo-squatting).
- The investment app you have downloaded generates warnings of being “untrusted” when launched on Windows, or your anti-virus marks it as potentially dangerous.
- The investment opportunity sounds too good to be true.
Those who suspect they may have been the victim of such scams are urged to file a report on IC3.gov’s crime complaint center or to reach out to CryptoFraud@SecretService.gov.