Cybercriminals Escalate Use of Deceptive DeFi Apps in 'Pig Butchering' Scams
Summary:
Cybersecurity firm Sophos reports a rise in "pig butchering" scams where criminals use fake relationships to convince victims to invest in fraudulent schemes. Recently, criminals have moved towards fraudulent decentralized finance (DeFi) applications to scam victims out of their savings. Experts note that these scams have evolved to bypass traditional technical boundaries, using reputable apps to load malicious web pages. These scams often convince victims to connect their Web3 wallets to a DeFi "savings" pool controlled by scammers, who then drain the wallets and launder the stolen cryptocurrency.
Cybercriminals involved in "pig butchering" scams are escalating their use of counterfeit decentralized finance (DeFi) applications as a means to rob their victims, advises a study by cybersecurity company Sophos. It's been previously reported by Cointelegraph that "pig butchering" scams have become a profitable venture for digital wrongdoers. In November 2023, the United States Justice Department confiscated $9 million linked to a deceptive operation that had ensnared over 70 American citizens.
The strategy behind "pig butchering" scams revolves around criminals carefully building either a romantic or friendly bond with a potential victim, persuading them to invest in a business or proposition. These underhanded plots usually culminate with the swindlers running off with the money, leaving the duped individuals in the lurch.
Sophos' study highlights the rapid rise of "pig butchering" as a rapidly growing segment of online fraud, with American victims losing billions of dollars to sham cryptocurrency investment schemes.
Related: IRS acquires $10B in cryptocurrency through the use of blockchain analytics.
Sean Gallagher, a threat researcher at Sophos, highlights the easy manipulation of cryptocurrencies by unscrupulous individuals across international borders. On account of speedy funds acquisition and laundering, criminals are shifting tactics toward internet scams that manipulate victims into converting their savings into cryptocurrencies ripe for the stealing.
With scam motivators increasingly veering away from conniving social interaction moves toward brandishing imitation DeFi platforms, Gallagher posits that the exploitation of defrauded funds from user Web3 portfolios has amplified.
"The latest fraudulent incarnation using deceptive decentralized finance (DeFi) apps showcases an evolution of ‘liquidity mining’ scams uncovered in 2022. Criminals now combine the perfected deception of fictitious relationships with smart contracts and tablet crypto wallets," explains Gallagher.
The report reveals that such DeFi savings scams grant criminals a bypass of the earlier technical difficulties experienced with "pig butchering." More recent modalities negate the need for victims to install tailor-made mobile apps, circumventing the installation of particular applications and sidestepping Apple and Google store app reviews. Instead, DeFi scams cash in on reputable apps and need only the loading of web pages inside the app.
In a second point, DeFi deceits don't require victims to redeposit or forward funds away from personal wallets, thereby maintaining a false sense of control for the victim: “Only once the scam is sprung do victims' cryptocurrency deposits vanish from their wallets' balances. In a further nod to illusion, cybercriminals will even deposit cryptocurrency tokens into victims’ accounts to simulate a profit.”
DeFi “savings” or liquidity pool structures are often used as bait to lure unknowing victims into connecting their Web3 wallets. Attackers then have the ability to empty these wallets and launder the swindled cryptocurrency.
One such notable “DeFi Savings” scam, detected by Sophos, operated across a staggering 300 domains. "Wallet-draining" software was used in a recent email phishing score that resulted in an estimated $3.3 million loss after the system at email marketing firm MailerLite was compromised in January 2024.
Published At
2/2/2024 5:16:06 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.