According to a recent report from cybersecurity firm Sophos, cybercriminals are increasingly resorting to fraudulent decentralized finance (DeFi) applications to perpetrate "pig-killing" scams, a form of fraudulent scheme that has proven to be highly lucrative. These scams involve criminals establishing online relationships with victims, often under the guise of romantic or platonic connections, before persuading them to invest in various business ventures or schemes. Ultimately, the perpetrators abscond with the funds, severing ties with their victims in a practice known as "blacklisting."
The Sophos report underscores the alarming rise of hog slaughter scams within the realm of cyber fraud, with victims in the United States alone reportedly losing billions of dollars to fraudulent cryptocurrency-related investment schemes. Sean Gallagher, a threat researcher at Sophos, highlighted the borderless nature of cryptocurrencies, which enables transnational criminal syndicates to swiftly amass and launder illicit proceeds. In response to heightened scrutiny and countermeasures against traditional social engineering tactics, cybercriminals are now turning to internet-based scams, particularly fraudulent DeFi platforms, to exploit unsuspecting victims.
Gallagher elucidated on the evolution of pig-killing scams, noting that perpetrators have shifted from relying solely on social engineering and online deception to leveraging fake DeFi applications to siphon funds from users' Web3 wallets. These new iterations of scams represent a fusion of past fraudulent practices with the sophistication of smart contracts and the decentralized nature of DeFi platforms, enabling criminals to perpetrate their schemes with greater efficacy and efficiency.
Unlike earlier iterations of pig-killing scams, which often required victims to install custom mobile apps, the latest DeFi scams circumvent such technical hurdles by operating within trusted applications and prompting victims to interact with web pages directly through these platforms. Moreover, these scams maintain the illusion of user control by not necessitating victims to deposit or transfer funds from personal wallets until the trap is sprung, thereby enhancing the allure of perceived profitability.
One common tactic employed by cybercriminals involves luring victims into connecting their Web3 wallets to fraudulent DeFi "savings" or liquidity pools controlled by the perpetrators. Once access is granted, the attackers can clandestinely siphon funds from the victim's wallet and subsequently launder the stolen cryptocurrency. This modus operandi was recently demonstrated in a phishing email scam that targeted email marketing company MailerLite, resulting in substantial financial losses estimated at $3.3 million from unsuspecting subscribers following a security breach in January 2024.
