CryptoRom scammers hid the money with several layers of obfuscation, but the Cybernews research team discovered that the stolen funds ended up in Binance accounts.
A man from Florida in the US recently reached out to Cybernews for help. Scammers had lured him into parting with $480,000 after cultivating a long-term relationship, eventually coaxing him into making cryptocurrency investments.
Usually involving fake romantic interest, the scheme is known as “cryptocurrency romance” or “CryptoRom.” This increasingly popular scam is often run by criminal gangs in Southeast Asia, where the affair is called “Sha Zhu Pan,” a Chinese phrase that means “pig butchering.”
“CryptoRom scams are very sophisticated and indicate a vast criminal organization behind the curtain. This certainly necessitates a significant amount of social engineering. This type of scam has an enormous psychological toll on victims in addition to their financial loss,” the researchers said.
The Cybernews research team meticulously followed the money that the victim sent to scammers in seven installments. Even though the crooks attempted to hide the funds, moving money between several accounts, the team managed to locate the victim’s money in Binance, the world’s largest crypto exchange.
Here’s how we did it.
The scam
The victim first met the scammers via OkCupid, a popular online dating app. The crooks used a fake profile to develop a romantic relationship with the victim online, slowly gaining the trust of the Floridian.
This type of fraud is particularly vicious as scammers carefully cultivate long-term relationships with their victims. Not a single word about crypto investments or even money may be uttered for several months.
However, once the crooks deem that the act has gained an acceptable level of trust, the dance begins. The victim is gently persuaded to invest in cryptocurrency. The first investments are rarely audacious, as the crooks want there to be more. For example, the victim who contacted us started by “investing” $10,000.
The catch is where the supposed investment goes. In the Floridian’s case, the crooks set up a fake website (www.cmecryptopm.com) impersonating CME Group, the world’s largest financial derivatives exchange that also services cryptocurrencies. Using WhatsApp numbers, the crooks managed to imitate the exchange’s customer support, further legitimizing the service in the eyes of the victim.
The victim said he was persuaded to invest in e-wallet accounts on the fake website. The crooks inflated the victim’s balance to make him believe that his supposed investment was profitable, enticing him to 'invest' more.
Unfortunately, the Floridian realized it was all a scam only after he was asked to pay $200,000 in taxes to make a withdrawal from his 'investment' account. Between June and July of 2022, the victim claims to have completed seven transactions totaling $480,000.
“CryptoRom scams are very sophisticated and indicate a vast criminal organization behind the curtain. This certainly necessitates a significant amount of social engineering. This type of scam has an enormous psychological toll on victims in addition to their financial loss.”
Cybernews researcher team said.
Money flows
From the transaction data victim provided to our team, we can confirm at least seven transactions made to two separate cryptocurrency addresses, 0xc7bB31a0396Be487BaA4731a2EFFaAfB80xxxxxx and 0xa9aaCadf346d33aC0329433D75a62ffDC7xxxxxx. The address is a unique identifier, akin to an email address, only in the crypto realm.
The addresses that the scammers gave to the victim were not the final destination for the funds. Since every crypto transaction is recorded, criminals use various techniques to obfuscate the money flow until finally cashing out the illicit profits.
According to Bitquery, a service that stores blockchain data, the people who scammed the Floridian used several layers of obfuscation, bouncing the funds between six and eight times between different crypto addresses before the money ended up in a Binance account.
Funds from both original addresses were later transferred through the same network of obfuscating addresses. The latter was used in an attempt to hide the true origin of the money.
The team looked at a time span ranging from the beginning of June until the end of August. This specific range was used because the victim’s transactions occurred between June and July, and the team gave additional time for the scammers to withdraw the money.
Since the crooks didn’t immediately use a crypto mixer, a service that blends the cryptocurrencies of many users, the whole process could be tracked to Binance.
Be extra wary
The data from obfuscating transactions show that more crypto passed through the accounts than the victim initially sent out. This could point to scammers using a money laundering service or employing the same addresses to funnel funds collected from more than one victim.
However, we couldn’t pinpoint the exact address in Binance, although our team shared their suspicions and all the data gathered with the police and the FBI. Since Binance claims to have “the world’s most sophisticated anti-money laundering systems” and employ “the most experienced anti-money laundering investigators,” the company should be able to help authorities with the investigation.
Our team strongly advises everyone to be extremely wary of scammers roaming the internet and never give any strangers their personal information or data on their financial situation.
To avoid future pain and heartbreak, users should never trade, invest, or send money to someone they’ve met online. Anyone who claims to have exclusive “investment opportunities” and urges you to “act quickly” should be treated with suspicion.
According to blockchain analysis firm Chainalysis, crypto scams were a $6 billion 'business' last year, and cybercrooks are not likely to reduce their efforts. Always be extra cautious about any investing platform or anyone you meet online.
Your email address will not be published. Required fields are markedmarked