Scammers Use Fake Cryptocurrency Trading Pools to Steal More Than $1 Million, Sophos Reports

Sophos, a global leader in innovating and delivering cybersecurity as a service, today released findings on a major shā zhū pán (pig butchering) operation utilizing fake trading pools of cryptocurrency (liquidity pools) to steal more than $1 million. The report, “Latest Evolution of ‘Pig Butchering’ Scam Lures Victim in Fake Mining Scheme,” details the story of one of the scammed victims in the pools and how he lost $22,000 in one week in a dating app.

After Sophos X-Ops investigated the incident, the team uncovered a total of 14 domains associated with the scam operation, as well as dozens of nearly identical fraud sites that, together, netted this one “ring” of pig butcherers more than $1 million in three months. 

This scam takes advantage of the largely unregulated world of decentralized finance (DeFI) cryptocurrency trading applications. Such applications create “liquidity pools” of various types of cryptocurrencies that users can then access to make trades from one cryptocurrency to another. Those who participate in the pool receive a percentage of any fee paid when a trade is made, creating an enticing return on investment. However, unlike legitimate pools, at some point, these scammers “pull the rug” and empty the entire liquidity pool for themselves. 

The victim, Frank had connected on the dating app MeetMe with a scammer hiding behind the persona of Vivian. Frank opened a Trust Wallet account (a legitimate app for converting dollars to cryptocurrency) and connected to the link to the liquidity pool site Vivian recommended. Frank invested $22,000 in the scheme and just three days later, the scammers emptied his digital wallet. Looking to recover money, he turned to Vivian, who claimed he needed to invest even more in the pool to recover his funds and reap the “rewards.” Frank started researching what was going on and came across an article on liquidity mining and reached out to Sophos.

What makes these sorts of scams particularly tricky is that they don’t require any malware to be installed on a victim’s device. They don’t even involve a fake app, like other CryptoRom scams. This entire fake liquidity pool was run through the legitimate Trust Wallet app that connected with a fake support contact from the fraudulent liquidity pool site. There is no regulation of these pools, legitimate or otherwise, on these crypto apps. 

People who believe they may be a victim of pig butchering or liquidity mining fraud are free to reach out to Sophos. They should also reach out to their local law enforcement for assistance. For more about the rise of liquidity mining scams in “Latest Evolution of ‘Pig Butchering’ Scam Lures Victim in Fake Mining Scheme,” go to Sophos.com.