Showing posts with label pig butchering scam. Show all posts
Showing posts with label pig butchering scam. Show all posts

236,000 Crypto Scam Sites Trace Back to a Single Chinese App Builder...

Crypto scam network glow

A new investigation just put a number on something every crypto user should be worried about.

Threat intel firm Infoblox identified 236,493 distinct second-level domains that are all built on the same Chinese open-source app framework, DCloud Uni-App, and a huge portion of them exist for one purpose, which is to drain crypto wallets and run fake exchanges. The framework itself is perfectly legitimate, used by real developers around the world to ship apps to iOS, Android, and the web from a single codebase. That same convenience is what makes it so attractive to fraud crews. They get a polished, mobile-friendly fake exchange or fake investment dashboard in days instead of months, and the underlying code looks indistinguishable from a thousand actual startups.

Why This Is Worse Than the Usual Scam Site Sprawl

The numbers tell their own story about how quickly this got out of hand. Before October 2024, Infoblox was seeing a few thousand new DCloud-fingerprinted scam sites appear each month, which already would be a lot. After the RainbowEx scandal broke into international headlines that fall, the rate ballooned to roughly 15,000 newly observed sites per month at peak. Scammers apparently looked at the press coverage and decided the playbook was worth copying at scale, not abandoning. The sites target speakers of at least eight languages and span every continent, posing as everything from major stock exchanges to retail giants to messaging platforms. Most of them are hosted on Cloudflare, AWS, Alibaba Cloud, and Tencent Cloud, which lets them blend in with real businesses and makes simple IP blocklists basically useless.

Few RainbowEx and the Argentine Town That Got Wiped Out

If you want a sense of what victims actually experience, the RainbowEx case is the textbook example. In 2024, residents of San Pedro, Argentina poured money into what looked like a slick cryptocurrency exchange. The dashboard showed live trades, balances climbed steadily, and stablecoin deposits flowed in without issue. Then withdrawals stopped working. Thousands of people in a single small town discovered the trades had been fabricated, the balances were synthetic, and the operators were gone. Argentine authorities later arrested seven people allegedly tied to the operation, but most of the money is gone, and the exact same template, with cosmetic branding changes, is now running on a measurable percentage of those 236,000 domains.

What an Average Trader Should Actually Do About It

There is no clean solution here, because the underlying framework is legitimate software and the hosts are mainstream cloud providers who cannot deplatform their entire customer base. About 6% of confirmed scam domains were found running on bulletproof hosts like CTG Server Limited, which has been flagged for malicious activity before, so at least those have a clear villain. The rest hide in normal traffic. Anyone evaluating a new exchange, airdrop site, or investment opportunity found through a Telegram group, WhatsApp chat, or Twitter DM should treat the polish of the website as evidence of nothing at all. Check whether the company is registered anywhere real, whether withdrawals actually work for small amounts before sending large ones, and whether the domain was registered in the last few months. If the answer to any of those raises a flag, walk away. The Hacker News has additional technical detail for anyone who wants to dig deeper.

The takeaway from this count is uncomfortable but useful. The crypto scam economy is no longer a scattered collection of one-off sites built by individual scammers working in their basements. It is an industrial production line running on shared tooling, mainstream hosting, and proven playbooks, and 236,000 storefronts is just what was visible enough to count. Treat every unfamiliar exchange link the way you would treat an unsolicited email asking for your password, because at this scale, the odds are not in your favor.

---------------

Author: Ren Nakamura
Asia Newsroom
Breaking Crypto News

FBI's $8 Billion Bitcoin Bust Just Set the Record for the Largest Crypto Forfeiture in U.S. History

The biggest cryptocurrency forfeiture in U.S. history just happened, and it has a name: Operation Blackout.

Federal officials this week confirmed the FBI has seized roughly $8 billion in cryptocurrency tied to a sprawling network of overseas "scam compounds" that funneled stolen funds out of American bank accounts. The figure breaks every previous record for a single coordinated crypto enforcement action, and it puts a hard number on something that until recently was treated like background noise in the industry. The bureau says the operation also resulted in nearly 300 arrests and the rescue of close to 2,000 people who were allegedly trafficked into forced labor inside the compounds. For the average crypto holder, this is the rare federal headline that has nothing to do with regulating exchanges or stablecoin issuers. It is about where a meaningful chunk of stolen retail money has actually been going.

The centerpiece of the seizure is roughly 127,000 bitcoin pulled from wallets connected to Chen Zhi, the chairman of Cambodia-based Prince Holding Group. Chen has been charged with wire fraud conspiracy and money laundering conspiracy in a federal indictment unsealed out of the Eastern District of New York. Officials value the haul at $8 billion at current prices, with some estimates pegging the peak value closer to $15 billion. Chen himself is not in custody and is currently listed as at large. If he is ever brought back to the United States and convicted on every count, he faces a maximum of 40 years in prison.

Inside the so-called "pig butchering" pipeline

The schemes underneath all of this are the ones most crypto users already know by reputation, even if they have not been targeted directly. They are the long-running romance and friendship scams that start with a wrong-number text or a too-friendly LinkedIn message, drift into months of conversation, and end with the victim being walked through a fake trading platform and told to wire crypto into it. The industry term, borrowed from Mandarin, is "pig butchering" - the victim is fattened up emotionally before being financially slaughtered. The Justice Department alleges the Prince Group ran exactly this playbook at industrial scale, operating compounds across Cambodia where trafficked workers were forced to run the scripts under threat of violence. Prosecutors say the compounds were ringed with high walls and barbed wire and functioned less like offices than like prisons.

Operation Blackout is actually an umbrella that covers at least four separate investigations. The Prince Group case is the one labeled Operation Zephyr Exodus. A second strand, Operation Sand Dollar, targeted scam compounds in the United Arab Emirates and led to the arrest of 275 people in Dubai with the help of local police, six of whom are now lined up for extradition to face federal charges in San Diego. The DOJ alleges each of the nine Dubai compounds raided was pulling in around $6 million a year in fraud proceeds. The other operations folded into Blackout cover related cells across Southeast Asia, with cooperation from law enforcement in the UK and other partner countries.

Wider implications...

The number to sit with is not really the $8 billion. It is the figure the FBI's own Internet Crime Complaint Center put out earlier this month: nearly 72,000 complaints last year tied to cryptocurrency investment fraud, with reported losses of more than $7.5 billion. That is bigger than the headline value of most exchange hacks combined, and almost all of it is alleged to have come from individual victims, not institutions. The bureau also says its Operation Level Up program, which proactively warns people who appear to be mid-scam, has flagged nearly 9,000 victims so far and that 77 percent of them had no idea they were being scammed. That program is credited with stopping more than $560 million in losses before the money moved.

For traders and long-term holders, the practical takeaway is uncomfortable but useful. The biggest threat to most retail crypto users right now is not a smart contract exploit or a centralized exchange going under. It is a stranger who will spend three months pretending to care about your weekend before pointing you at a wallet address. Anything that arrives unsolicited, especially anything that ends with a link to an "investment platform" you have never heard of, deserves the same suspicion you would give a check from a Nigerian prince. The fact that the federal government just clawed back $8 billion of this money does not mean the pipeline is gone. It means we finally know how big the pipeline is.

What happens to the seized coins next is its own open question. The DOJ has signaled the bitcoin will move through formal forfeiture proceedings, which can take years, and that the government will try to return funds to identifiable victims where possible. In practice, those recoveries are usually partial and slow. The rest could end up in the U.S. Marshals Service's auction pipeline or, depending on policy choices made in Washington, the country's strategic bitcoin reserve. Either way, this is the largest single transfer of bitcoin from criminal hands to the U.S. government on record. For an asset class that spent its first decade arguing it could not be touched by traditional law enforcement, that is a notable moment.

---------------

Author: Cedric Holloway
New York Newsroom
Breaking Crypto News