Scammers practicing “pig butchering” schemes started actively using malicious DeFi apps, the mechanics of which make it easier to swindle funds from inexperienced users.
Sean Gallagher, Principal Threat Researcher at Sophos X-Ops, published a report on “pig butchering” scams that involve decentralized finance (DeFi). The researcher says that such a method of deceiving “investors” is one of the fastest growing segments of online scams in the world.
The expert notes that crypto is more appealing to fraudsters compared to fiat funds, as it’s cross-border, allows for quick receipt of funds, and provides many options for subsequent laundering. Moreover, DeFi technologies enable scammers to skip complex social engineering schemes and use fake DeFi platforms to fool inexperienced Web3 users.
“Pig butchering” is a scam scheme in which a victim is gradually lured into a friendship or romance by gaining their trust. At some point, the victim is recommended a lucrative investment offer, which turns out to be a scam. After the victim “invests” the funds, the “butchering” follows — the funds disappear and communication is cut off. Similar schemes boom in the sphere of online dating.
DeFi apps make deception much easier for scammers:
- they don’t require victims to install separate mobile apps;
- users can download malicious pages inside verified apps;
- victims don’t have to transfer funds from their personal wallets, which maintains the illusion of control until the last moment.
Victims typically connect their wallets to a decentralized “pension fund” or “liquidity pool” created by scammers. This results in victims losing all of their money. According to Sophos X-Ops, the “DeFi Savings” scam kit was detected on 300 different domains.
The Singapore police recently expressed concern about the growing level of cybercrime and released the most popular methods of crypto theft, describing ways to counteract them.