A threat actor has been using the promise of investments to trick users into handing over wallet permissions. The newly discovered scam uses elements of social engineering, pig butchering, and laundering funds through stablecoins. The attacker extracted about $1.2M from user wallets through social engineering tactics. The newly discovered scam was noticed by Whitestream analysts. The funds have not been tracked in detail, but Whitestream notes most were directed to a single wallet before they were sent to exchanges. Threat actor offers shady investments in confidence scams The attacker’s method of stealing funds copies romance scams or pig butchering models, which relies on gaining the victim’s confidence. The end goal is to either request crypto directly or introduce a malicious link. While wallets can flag some sites, they are not filtering third parties yet. This allows anyone to build a wallet connection request and potentially drain funds. The scam led users to a site presented as an investment portal for Seed Crypto. The threat page is still active, displaying a basic message and a button to connect wallets. The landing page explained crypto in a language targeting outsiders while promising a vague investment opportunity. The page required a wallet connection, which then used the permission to drain wallets. The site required a WalletConnect or a Coinbase wallet, one of the most widely used apps. Early details revealed about the scam reinforce the regional nature of attacks and their limited time frame. In this case, the threat actor operated out of Southeast Asia, and focused on local services for cashing out. The exploiting address, however, had no problems with swapping out funds through HTX, Binance, OKX, Gate.IO, and ChangeNow. Pig butchering and confidence scams are among the most closely watched, as they often target mainstream users and not crypto insiders. However, due to the ease of acquiring crypto or stablecoins, scammers are capable of convincing users to hand over or “invest” funds. Both Tether and Circle have assisted law enforcement with tracking and freezing pig butchering addresses, while they were still incapable of cashing out. Personal message scams took up to $3.6B in 2024 Confidence scams targeting crypto outsiders surpassed losses from attacks against crypto protocols. It is difficult to track confidence scams, as some are regional and limited to a campaign. However, an estimated $3.6B was lost and laundered through this type of scam as revealed by data from a preliminary Cyvers overview for the past year. Over the course of 2024, the influence of the Huione Guarantee market was noted as a tool to launder funds through faked commercial activity. The main tools for moving funds were again USDT and USDC, which despite attempts to freeze wallets, managed to remain undiscovered. As this type of scam became more common, Interpol called for removing the “pig butchering” term, to avoid stigma and help victims seek help without shame. Some of the scams were considered romance-baiting, while others still had an element of confidence. Both eventually led up to the same point – investment offers. Confidence scams caused a lot of devastation this year, causing deep losses because they typically target individuals with disposable funds. The US Securities and Exchange Commission (SEC) estimates total confidence scams at $5.6B for the whole of 2023. Crypto and stablecoins only accelerate the process and make the funds potentially untraceable. A Step-By-Step System To Launching Your Web3 Career and Landing High-Paying Crypto Jobs in 90 Days.
