- Victim was lured to open a Trust Wallet account and connect it to a fake liquidity pool
- He invested $22,000 in the pool over several days
- The scammers pulled the rug
Cybersecurity firm Sophos has released a report on a major pig butchering operation using fake crypto trading pools, which culminated in theft of more than $1 million.
The report tells the story of a victim who lost $22,000 in a few days after being contacted by someone on a dating app pretending to be a German woman living in the US.
Sophos found 14 domains connected to the scam operation and tens of other similar and fraudulent sites. Collectively, they had netted the scammers more than $1 million in three months.
Fraudulent liquidity pools
Liquidity pool participants get a percentage of any fee paid when someone makes a trade, which can be a lucrative return on investment. To become part of a pool, participants must sign an online smart contract. This gives another account permission to access the participants’ wallets and enable trades.
Fake pools work similarly, with the exception that the scammers “pull the rug” at some point, emptying the liquidity pool and making away with the funds.
Sean Gallagher from Sophos shared:
Very few understand how legitimate cryptocurrency trading works, so it’s easy for these scammers to con their targets. There are even toolkits now for this sort of scam, making it simple for different pig butchering operations to add this type of crypto fraud to their arsenal.
The victim and the scammer chatted for weeks. She convinced him to open an account with Trust Wallet, a legitimate app for exchanging fiat to crypto, and link it to the fake pool. The pool used DeFi platform Allnodes as a cover.
The victim invested $22,000 in the pool over several days. Then, the butchers emptied his wallet. He turned to Vivian again, who told him he had to pay more to get his money back.
Continuing the investment
The victim started doing research and found an article by Sophos on liquidity mining. He contacted Gallagher, who told him to block Vivian. However, she found him on Telegram and tried to get him to continue the “investment.”
Sophos has shared its report with Coinbase and Chainalysis, who are also investigating into the matter
