Pork scams turn into DeFi threats.
Online criminals responsible for the “pig farming” scam are using fraudulent decentralized finance (DeFi) applications to steal from victims, according to a report by anti-virus firm Sophos.
As Cointelegraph previously explored, pork scams have become lucrative for online criminals. In the year In November 2023, the United States Department of Justice seized $9 million from more than 70 American citizens.
Pork scams involve criminals strategically building an online relationship with a victim, whether romantic or platonic, before convincing them to invest in a business or scheme. These schemes typically end in “carpet-pulling” fashion, with criminals stealing money and cutting off contact with victims.
According to a Sophos report, pork slaying is becoming one of the fastest growing online scams, with US victims losing billions of dollars in fraudulent cryptocurrency investment schemes.
Related: How the IRS seized $10B worth of crypto using blockchain analysis
Sophos risk researcher Sean Gallagher said criminals have turned to internet-based scams to convince them to convert savings to cryptocurrency to steal money, “simply ignoring the boundaries of cryptocurrency, enabling multinational crime rings to quickly access and deposit funds.”
Gallagher points out that porkers are now moving away from social engineering and online grooming efforts to trick victims into using fake DeFi platforms to hide money from users' Web3 wallets.
“These new scams, fraudulent decentralized finance (DeFi) applications, are an evolution of the ‘liquid mining' scams we saw in 2022. ” Gallagher explained.
The report says Diffie's savings scams allow criminals to bypass the technical “barriers” of earlier pork scams.
Related: MailerLite Confirms Hack That Led to $3.3M Crypto-Phishing Email Attacks
New methods don't require victims to install custom mobile apps, which typically focus on convincing victims to install a specific app and also pass Apple and Google app store reviews. DeFi scams use trusted apps, asking victims to load websites within the app.
Second, DeFi scams don't allow victims to deposit or send money from private wallets, maintaining the illusion of user control:
Victims' cryptocurrency holdings appear in their wallets until the trap is sprung, and the fraudsters add cryptocurrency tokens to their accounts to create the illusion of profits.
Victims are typically lured into linking Web3 wallets to DeFi “savings” or liquidity pools controlled by fraudsters. Attackers can then withdraw funds from the wallet and launder the stolen crypto.
The wallet-draining software was used in a phishing email scam in January 2024 that drained an estimated $3.3 million from subscribers after email marketing firm MailerLite's system was compromised.
Magazine: Blockchain Investigators: M. Gox's Collapse Begat Chinaliss
