Beware of Scams: Unmasking Fake Cryptocurrency Trading Tactics

ganerationlmn
By ganerationlmn 7 Min Read
Beware of Scams: Unmasking Fake Cryptocurrency Trading Tactics

Beware of Scams: Fake Cryptocurrency Trading

Sophos, the company I work for in Brazil, recently released new information about a large pig butchering operation, in which scammers used fake cryptocurrency trading pools – known as liquidity pools, which are mechanisms with different participants and assets to facilitate trading. Trading and increasing the liquidity of a particular market or platform – to steal more than US$1 million.

A report, entitled “Latest evolution of ‘pig butchering’ scam lures victim in fake mining scheme”, details the story of one of the deceived victims, called Frank – a fictitious name used to protect the person’s privacy. He lost $22,000 in one week after a scammer posing as a woman named Vivian contacted him on the dating app MeetMe.

After the Sophos X-Ops team, the company’s multi-operational unit investigated the story, they discovered 14 domains associated with the fraudulent operation, as well as dozens of almost identical malicious websites that, together, earned this group of scammers more than US$ 1 million in three months.

Cryptocurrency scams no longer necessarily need malware to be applied.

 Cryptocurrency scams no longer necessarily need malware to be applied.

The scam in question takes advantage of the unregulated universe of decentralized finance (DeFi). Which is carried out through cryptocurrency trading applications. These apps create liquidity pools of various types of virtual currencies that users can access to trade from one to another. Those who participate in the pool receive a percentage of any fees paid when a trade is made. Creating an attractive return for investors.

To be part of a pool, participants first need to sign an online contract, which gives the other account (usually those of the pool operators) permission to access other members’ wallets to facilitate trading. Fake pools, which scammers increasingly use to siphon funds from victims, work in much the same way. However, unlike the legitimate ones, at some point criminals “pull the rug out” and divert the money to themselves.

When these fake liquidity pools were first discovered, they were quite primitive and still under development. Now, we see criminals taking this specific type of cryptocurrency fraud and seamlessly integrating it into their arsenal of tactics. Like trying to lure victims through dating apps, for example.

Few understand how legitimate cryptocurrency trading works, which is why it is much easier for scammers to deceive people. There are even toolkits for this type of scam, making it easier for different pig butchering operations to add cryptocurrency scams to their attack playbooks. To give you an idea, last year, Sophos tracked more than 500 fraudulent websites that had this purpose.

The Frank Case: dating app used for scam

(Fake Cryptocurrency Trading) Frank had connected, via the dating app MeetMe, with a scammer posing as a German woman named Vivian, who supposedly lived in Washington, D.C. For weeks, he chatted with Vivian. Who mixed her romantic promises with persistent attempts to convince you to invest in cryptocurrencies.

Eventually, Frank opened a Trust Wallet account. A legitimate app for converting dollars into cryptocurrencies – and connected to the liquidity pool link recommended by Vivian. What he didn’t expect was that the site was fraudulent and used the Allnodes brand as a front. Which is a decentralized financial platform provider.

Between May 31 and June 5, Frank invested $22,000 in the scheme. Three days later, the scammers emptied the victim’s digital wallet, and, looking to recover her money, she turned to Vivian. Who claimed she needed to invest further into the pool to recover her funds and reap the “rewards.

While waiting for his bank to authorize a financial transfer to Coinbase. A legitimate platform for buying, selling, transferring, and storing cryptocurrencies. Frank started researching what was going on and came across a Sophos article about liquidity mining. It was at this point that he contacted us and asked Sean Gallagher, a company researcher, for help.

Even after Gallagher instructed Frank to block Vivian. The undercover scammer found him on Telegram and resumed attempts to induce him to “continue his investment“. Going so far as to send a long and emotional letter that was most likely created through a generative AI application.

What makes these attacks particularly complex is that they do not require any malware to be installed on the victim’s device. They don’t even involve a fake app like some of the ones we find in other CryptoRom scams, for example. The entire fake liquidity pool was run through the Trust Wallet app.

At one point, Frank even attempted to contact the app’s support to retrieve his money but encountered a fake contact linked to the fraudulent liquidity pool website. There is no regulation of these pools, whether legitimate or not, in cryptocurrency applications. Scams are only successful through social engineering – and they are persistent. Vivian continued trying to contact Frank for weeks after he blocked her on WhatsApp.
The only way to protect yourself against these scams is to be vigilant and know that they exist and how they work. That’s why it’s important that we share Frank’s story. Users need to be wary of any strangers suddenly contacting them via dating apps or social media. Especially if the “person” wants to take the conversation to a platform like WhatsApp and then discuss investing in cryptocurrencies.