Squealing on Scammers: Exposing the Crypto-Scam Underbelly

All fraud is equal, but some scams are more equal than others.

Last year, more than 80% of Americans targeted by cryptocurrency scams lost money, making crypto fraud by far the most dangerous type of scam. Victims lost a median amount of $3,800: almost double the next-worst median loss.

The COVID-19 pandemic brought a ton of curious newbies into the blockchain fold. Millions of lockdown-bored investors dropping a couple USD on bitcoin, ethereum, solana and other tokens led to a $2.25 trillion market cap. The crypto space prides itself on lack of regulation, which is great for privacy - but a scammer’s heaven too.

Some crypto scams focus on the theft of your info, like phishing - fake emails or websites that trick users into revealing private keys or logins - or impersonation schemes, where a scammer might claim to be Snoop Dogg or Donald Trump to get details you wouldn’t tell somebody less (ahem) “impressive”.

Others like Ponzi schemes or fake ICOs (Initial Coin Offerings) will promise high returns, only to pay your money to another investor, or pull the rug and reveal that your tokens are worth nothing at all. It’s also possible for scammers to manipulate the crypto market itself with celebrity-backed pump and dump tricks and memecoin fads; to say nothing about epic meltdowns like FTX in 2022. 

The crypto scam we’re talking about starts with an innocent conversation… and leads its victims like hogs to slaughter.
‍

Meet Aidan

A crack OSINT investigator, Aidan has contributed a Case Study for OSINT Industries before. 

As the former Digital Intelligence Program Manager for Traverse Project, a non-profit dismantling trafficking networks, Aidan described leveraging our tool to fight the good fight against human trafficking. He detailed how OSINT Industries was ‘crucial’ in tracing a trafficked child, locating the young victim’s family via email searches and various online profiles. 

But with a background in digital crime investigations, Aidan joined Traverse after making his name in his own right. He used OSINT to expose a crime group in the Dominican Republic, and tracked down a scammer using only a Strava account. He’s since gone on to freelance background checking and digital due diligence, and founding his own digital intelligence organization, Farnsworth Intelligence, which will be launching later this year.

Aidan relies heavily on OSINT Industries’ platform to keep the good work going, and keeps our tool as a ‘go-to’ in his day-to-day investigative toolkit. In fact, Aidan’s the user that first borrowed from military lingo to describe OSINT Industries as a ‘force multiplier’: the single factor that scales up an investigator’s capabilities, expanding his reach beyond the manual level.

So, we were thrilled when this OSINT veteran reached out again to tell us a second story of #OSINT4Good. It was time to bust a crypto scam.
‍

Wait. Isn’t Crypto Anonymous?

OSINT investigation is all about putting names to faces. You’re possibly thinking: crypto is popular because it's anonymous. Does the applicability of OSINT stretch this far? It certainly does. Cryptocurrencies only exist online, and so does OSINT. It’s a perfect fit. 

For the uninitiated, we’ll describe precisely how OSINT sleuths can follow the money.

(Warning: Crypto-evangelists may find the following TL;DR frustratingly reductive.)^†

Cryptocurrency claims to be fully anonymous, but certain elements are traceable. Every investor’s currency has an ‘address’: a unique letter-and-number jumble that only one person can own. One person’s wallet can contain multiple unique ‘addresses’. 

The crypto ecosystem doesn’t put names to these wallets. However, several details are freely available on the universal ledger known as the blockchain. Anybody can see which ‘addresses’ a wallet contains, the amount of currency inside, and the financial transactions that take place between wallets. These facts are publicly available - and that means they’re all OSINF.

From OSINF comes OSINT. From OSINT comes an identity, and even a prosecution for law enforcement. 

^†(No crypto bros were harmed in the writing of this summary.)

‍

Behind the Joke: The Cost of Crypto Fraud

‘The emotional toll of all this has been immeasurable. Since the [fraud] began, I have been trapped in a constant state of anxiety and depression. The uncertainty… has left me feeling hopeless…’ - An FTX Victim [Source: CourtListener]

As an investigator, Aidan’s interest is always piqued by the chance to hunt down a bad actor through the Internet’s long grass. However, his drive to investigate doesn’t come from killer instinct alone - empathy factors into the equation.

Crypto scams are a common punchline. Media often characterizes targets as ‘rich dupes’, insulting victims in an echo of Sam Bankman-Fried’s defense at trial: ‘it’s a victimless crime’.

‘The financial loss we incurred was significant — not just in monetary terms, but in the stability it provided our family. We were brought to the brink of losing our home, struggling to meet mortgage payments and maintain a semblance of normalcy for our child.’ - An FTX Victim [Source: BI]

Jokes aside, victims of even the most high-profile crypto scams are not all millionaire football players like Tom Brady. Most are normal people: struggling fathers, ambitious students, single mothers with sick kids, first-generation immigrants with a dream of being self-made. They lose everything in an attempt to build a better life.

So when Aidan saw victims of a real estate crypto scam had lost $50,000, he knew he had to put his OSINT skills to use. This type of scam is not uncommon; in fact, it’s becoming more common by the year. 

For example, this year a Melbourne-based scammer fleeced fledgling investors of $8.7m in crypto, proposing victims invest in a scheme to demolish their homes to build swank townhouses instead. What Aidan described looks like a similar form of crypto scam. A real-estate-focused variant of a quirkily named - but deeply destructive - scheme: ‘Pig Butchering’.

‍

Oink Oink: The Pig Butchering Scam

Originating as a romance scam, the ‘Pig Butchering’ scheme is a type of investment fraud specific to crypto. The wacky name, like the scam itself, comes from China, and references the fraud’s mechanism: ‘Sha Zhu Pan’(杀猪盘), literally translated as ‘Killing Pig Plate’. 

Scammers fatten up their victims with the promise of a great crypto return - before ‘slaughtering’ them for their money.

‘That’s the whole pig butchering thing—they are going for the whole hog…They want to get every last bit of oink, and they are persistent.’ - Sean Gallagher, Senior Threat Researcher, Sophos [Source: WIRED]

It starts with a text, a WhatsApp message, or even an email. It’ll seem like an innocent chat with a random person; they might even claim to have got the wrong number, or got the target’s number from a mutual friend. They’ll make conversation - but quickly turn the topic to crypto. 

The scammer, or ‘butcher’, lures their victim into investing their money (as crypto) in a seemingly legitimate way, like real estate, promising a high return or a successful venture. They’ll use impressive fake investment portfolios, fake profiles and even fake images of themselves to make their ‘pigs’ - or victims - trust their scam proposal all the more.

Yet once they’ve got their ‘pigs’ in a pen, parted with a significant amount of their hard-earned money, the ‘butchers’ will suddenly split - and disappear. Victims will have no way of contacting the scammer and no way of recovering their life savings. 

If the scam works as intended, the ‘butchers’ have made off with all the bacon, leaving the ‘pigs’ with… well, pig-feed. 

For all the farmyard imagery, this is a thoroughly modern scam. ‘Pig butchering’ didn’t exist before the advent of crypto, and the rate of victimisation has risen by 2000% since 2019 and the COVID pandemic. The impact it leaves behind, however, is traditional for a financial scam: plain old devastating. ‘Pig butchering’ scams have even claimed lives.

‍

Follow the Money: Transaction Analysis

Aidan’s clients had lost their $50,000 to a ‘butcher’ that promised them a straightforward real estate investment, only to fill his own piggy bank with their savings.

The ‘pig butchering’ scam’s mechanism relies on victims’ inability to track down the scammer who hurt them. What these scammers don’t realize is that by providing contact details before they vanish, they’ve just made a pigs’ ear of their tidy profit.

Aidan started with his ‘go-to’: OSINT Industries. 

He inputted the scammer’s contact details into our platform, making use of our multiple search functions. Our tool quickly helped Aidan to reveal it all: the target's address, phone number, online accounts, usernames, email, and more. Soon Aidan had beefed up his suspect profile with LinkedIn, PayPal, Apple, Telegram and even Microsoft accounts - and a government name. This hunter had his quarry in the bag. 

Now, to link the scammer to the scam; prove this ‘butcher’ dealt crypto.

Aidan weaponized a common tool for OSINT crypto investigation: Onchain Industries. This tool allows users to search, via a publicly visible username or profile, for a related Web3 or crypto platform profile. From here, it’s often possible to connect an account to a wallet address: building a chain from username, to wallet, to an asset trace. A Twitter account with a Bored Ape profile picture, for example, would provide a username - and a perfect lead to work with.

Through synthesising our platform and Onchain Industries, Aidan was able to follow the money. He could track down an ETH (Ethereum) account and wallet. From here he sniffed out an account on OpenSea: the largest decentralized marketplace for buying, selling, and trading NFTs (non-fungible tokens).

This OpenSea account showed that this scammer had spent several thousand dollars on NFT’s via ETH over the past two years; namely, over the period his ‘pigs’ were fattening up his faux real estate scheme. On mint.fun, a social-media-esque minting and aggregator platform for NFTs, Aidan could see what the victims’ investment had really bought. 

Bleeding his stuck ‘pigs’, this scammer had gambled their ‘investment’ on digital collectibles and virtual art. He’d also helped himself to some very tangible sparkle: a chain and a ring at a jewelry store.

‍

Red Meat: Connecting the Scammer and the Scam

In terms of justice, to connect the scammer with the scam, and reveal to the victims where their money had really gone was a strong beginning. It wasn’t bad for first blood. Still, Aidan knew the trail wasn’t quite cold yet. 

Continuing the chase, Aidan discovered via OSINT Industries that the ‘butcher’ had left a Google Review for the realtor that helped him purchase a £325,000 new home in 2022. It seemed this scammer did have some interest in real estate after all - when it was serving himself. This placed the scammer in a location that corresponded with Aidan’s intel. 

Pig ignorant of what he was revealing, the scammer confirmed his current address, geolocated himself, and shared his middle name on realty records for garnish. 

This confirmed the suspected identity that Aidan attributed to the scammer. 

‍

A Happy Ending?

From here, it was time to involve the authorities, and make this white collar criminal sweat like a pig. Thanks to Aidan, the tables had certainly turned. 

Aidan’s hope is that the family that fell victim to this crypto scam can find resolution. Law enforcement have begun the process of legal action - and hopefully, they can achieve a return of their stolen funds. 

Meanwhile, Aidan remains in contact with them, getting as much info as he can to bring their scammer to justice, and hopefully heal the emotional wounds of their financial loss. Attaining closure may be slow, but it is possible.

In some ways, this painful crypto scam saga could have been even worse. Aidan could bring about a happy ending, bringing down a scammer that deserved consequences.  Less lucky investigators may find themselves in a morally stickier situation. 

Today, crypto scams like ‘pig butchering’ often intersect with another wrong Aidan’s OSINT work has attempted to right: human trafficking. 

Proliferating in tandem with crypto during the COVID-19 pandemic, ‘fraud factories’ are rife in the world of crypto-scammery. 

Existing mostly in Southeast Asian conflict zones like Myanmar, this horrifying phenomenon sees criminal gangs forcing trafficking victims to victimise others. Foreign national victims are lured by the promise of a job in crypto, but put to work crypto-scamming people online - with ‘pig butchering’ the most common scheme. 

In a shocking contrast to crypto’s intangibility, these ‘fraud parks’ or ‘scam compounds’ are prison-like buildings with victims trapped inside; their passports are confiscated, and they are held under threats of physical violence, forced prostitution or even organ harvesting.

In future, as some investigators have begun to do, OSINT could provide a pathway to investigating - and confronting - this dark intersection of Aidan’s concerns. 

‍

OSINT Industries x Crypto Analysis

Aidan’s case underlines what OSINT can do when it comes to crypto.

If Aidan’s work inspires you, we train OSINT investigators in cryptocurrency skills as part of our bespoke OSINT Training.

Our Blockchain Investigations module covers all the essentials of the digital currency space, the blockchain ecosystem, and practical skills and strategies for identifying and investigating digital currency flows. We incorporate tools like Chainalysis, TRM Labs, and even Onchain Industries - but our focus is always on helping investigators master universal methodologies for OSINT in crypto.

 Reach out to our Experts to book a meeting and learn more.
‍

For further details of Aidan’s work, visit the following links.

To contact Aidan, visit:

- contact@devaidan.com

- https://www.linkedin.com/in/devaidan/

‍

To learn more about Aidan’s current work, visit:

- www.farnsworthintelligence.com

‍

To learn more about the Traverse Project, visit:

- https://www.traverseproject.org/