Disclaimer: This is an active scam and is pending review by federal law enforcement. Due to the nature of this case, some details have been modified and/or hidden to protect the victim’s identity (including the victim’s name and scammer’s alias) and the sanctity of the investigation which is underway. The victim has given zeroShadow authorization to discuss and report on their case to help educate and protect other potential victims from falling victim to this scam.
This article will be split into two parts - one to help victims of scams like this one and the second to show what zeroShadow is able to do to help combat this activity. Stay tuned for Part 2
What is a pig butchering scam (PBS)?
A pig butchering scam (PBS) or “Sha Zhu Pan” (“Killing Pig Plate”) is sometimes referred to as a cryptocurrency “investment scam” or “romance scam,” in which the scammer utilizes a combination of establishing confidence with the victim to trick and manipulate the victim into investing in a fraudulent cryptocurrency scheme.
The scammer creates fake online profiles and seeks out victims via social media platforms such as Facebook, Instagram or WhatsApp, or dating platforms such as Tinder and Bumble. From here, the scammer engages with the victims telling them about an investment opportunity or “B2B investment opportunity.” In this fraudulent cryptocurrency scheme, the victim is incentivized to make increasing contributions on an “investment platform” which is a fake investment platform and receive “rewards” based on the level of investment.
As the scam goes, eventually the scammer disappears with the victim’s funds.
Our Victim’s Story
In 2023, our victim “Arjun”, who is a South Asian male in his 50s, received a friend request from “Kareena R.” on Facebook. Based on mutual friends, Arjun thought maybe Kareena was one of his friend’s daughters.
Conversation between Arjun and Kareena initially began on Facebook Messenger with a typical opener, “Thank you for accepting my friend request.” During the initial conversations, Kareena was the one to initiate conversation with Arjun. Kareena told Arjun how she lives in Europe, and filled him in on her day-to-day activities, which was often through photos, videos, and social media stories. Kareena referred to Arjun as her “other dad” and Arjun thought of Kareena as his “other daughter”. The conversation got deeper over time to include religion, family updates, and community values.
After a few weeks of conversation, Kareena suggested that they move the conversation from Facebook to WhatsApp. Arjun didn’t think anything of it since WhatsApp is widely used in the South Asian community. As the days followed, Kareena would message Arjun more and more on how she is working on a B2B investment opportunity. Kareena explained how there were different levels of investment, with different levels of rewards. She told Arjun that she could guide him through the entire process.
In January 2024, Arjun decided he would support his “other daughter” in her B2B investment opportunity with $5,000 USD, a small amount he felt okay to lose. Kareena sent Arjun screenshots on WhatsApp on how to open an account at a cryptocurrency exchange. Kareena then instructed Arjun to download a cryptocurrency wallet application on his phone called “DeFi Wallet.” He called Kareena to confirm he was doing everything correctly, step by step. He transferred funds to the cryptocurrency account which would then make their way to the wallet application, and ultimately to the investment platform.
Within a few days, Arjun saw on the investment platform that he received rewards for his initial investment. Kareena asked him if he wanted to have more of a “buy in” to the rewards. Arjun agreed, but Kareena let Arjun know that if he wanted higher rewards, he would have to invest higher amounts to unlock the real rewards.
Arjun’s first investment was $5,000 USD, then six days later, he decided to triple his initial investment and invest an additional $15,000 USD. He saw his account growing on the platform. Kareena told Arjun his investments were doing great. She also gave him the heads up on a special investment opportunity…but…if Arjun wanted to participate in that investment opportunity, he would have to invest around $100,000 USD. Arjun asked some friends to chip in and was able to invest an additional $200,000 USD.
After this investment, in February, Arjun started having issues with his investment account and Kareena guided Arjun to download Telegram so he could talk to the “commissioner” for support. The “commissioner” told Arjun his account on the investment platform had been frozen because hackers got access to his account, and that they stole over $90,000 USD. If Arjun wanted to regain access and unfreeze his account, he would need to deposit more funds. It was a “tax” he had to pay to the platform to unfreeze his account and reactivate his funds due to the “network interruption.”
Arjun was able to pool more funds and wanted to deposit another $95,000 USD to pay the “tax” to regain access to his investment portfolio, but his exchange account was closed for unknown security reasons. This had already happened to him at a previous exchange, which Kareena said was a “bad” exchange. Again, Kareena helped Arjun open another exchange account. At Arjun’s third exchange account, he deposited over $185,000 USD.
At this point, Arjun had invested approximately $500,000 USD and saw his portfolio had grown to around $750,000 USD, as shown below. During this time, on the family side, Arjun was planning a family vacation to Europe and told Kareena it would be great if she could join since she’s part of the family. But within months, the commissioner would tell Arjun he was hacked again.
Days later, the “commissioner” advised Arjun to replace his phone due to security concerns. Arjun was also advised to connect his DeFi wallet to the platform.
Arjun started to get anxious about the hackers, and decided to reach out to a friend about the “virus” and “hackers" and let Kareena know. He told Kareena he didn’t think there was a virus. Arjun continued feeling uneasy, so he messaged Kareena on WhatsApp asking for her full home address in Europe because he wanted to send his “other daughter” some flowers. Kareena didn’t reply for hours. The next day, Arjun looked at his DeFi wallet and saw that all his funds were gone. It was then Arjun realized the entire relationship with Kareena and the investment platform was a scam.
Arjun lost around $500,000 USD which came from his own money, as well as his friends and family. Arjun decided to take out a mortgage against his home to repay everyone. Arjun has also reached out to mutual friends he has with Kareena to help prevent another person from falling victim to this scam.
Post Scam - Looking In
Looking at this story from the beginning, there were tell-tale signs of scam:
“Kareena’s” photos and videos were actually from someone else’s identity. The scammer added several Facebook profiles and mutual friends to build their personna, which is needed to start the trust process with their victims. The scammer began with “grooming” or relationship building leading to a conversation about the fraudulent cryptocurrency scheme.
Using the fake platform, the scammer was able to incentivize the victim into sending more funds and would use, what’s likely assumed to be other victims’ funds, to send “rewards” back to the victim, to incentivize them to invest more funds.
Since the higher reward levels are more enticing, the scammer was able to push or manipulate the victim into taking whatever means necessary to pool funds to invest in the higher “rewards” opportunities. The scammer ceased connection with the victim and fled with the victim’s funds.
zeroShadow walked the victim through the transactions which were sent to what the victim perceived as the “investment” platform, and were actually sent directly to the scammer. For additional funds lost on the DeFi wallet, those funds were lost as the victim gave “permissions” to the investment platform to have access to the victim’s wallet and funds.
zeroShadow was able to speak with federal U.S. law enforcement about this case and was told that it appears that these scammers are targeting the South Asian community, as they have seen law enforcement complaints increase. They assume there are many more victims, but victims generally feel a sense of shame and are less reluctant to report or share within their community, which results in more potential victims.
How else can zeroShadow help? See Part 2 for our analysis on and off-chain
What to do if I or someone I know has fallen victim to a PBS?
If you have fallen victim to a cryptocurrency scam or know someone who has, please consider the following steps:
If you haven’t already, stop sending funds to the scammers. Paying for “taxes” or “VIP fees” will not result in the scammers returning your funds.
Report the theft to law enforcement. This can be reported on a local and federal level. See our resource page for additional information on how to report.
Depending on how you fell victim to the scam, warn and educate others in your community to bring awareness and help minimize who could become a future victim.
If you engaged with an “investment platform” which is connected to a cryptocurrency wallet application someone told you to download, please revoke permissions from that entity, as these permissions allow the scammers to continue having access to all funds associated with that cryptocurrency wallet address and/or the application itself.
Update passwords which might have been used for any applications used to engage with the scammers and enable two-factor authentication (2FA) on your accounts, as it is unknown if the scammers still have access to your login credentials.
Also, if you want to share your story with us so we can continue spreading the word or if you have any questions about zeroShadow, feel free to get in touch with us at zeroshadow.io. Also give us a follow on our social media pages.
Twitter: @zeroshadow_io
LinkedIn: zeroShadow
Original article by the zeroShadow team