Cryptocurrency Fraud , Finance & Banking , Fraud Management & Cybercrime
Operation Spincaster Targets Crypto Pig-Butchering Scams
Public-Private Effort Based on Intelligence Tied to $162 Million in Crypto LossesA public-private effort aimed at disrupting cryptocurrency-powered approval phishing scams has identified more than 230 victims in the U.K. Police said they've been able to close many of the attacker-controlled accounts involved, recover some of the 33 million pounds collectively lost by those victims and take more proactive efforts to battle this type of crime.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
Such efforts are happening under the banner of Operation Spincaster. Launched earlier this year by blockchain intelligence firm Chainalysis, the initiative has involved a series of "operational sprints" so far tied to 7,000 leads it's identified pertaining to compromised wallets and $162 million in losses.
"These leads were used to close accounts, seize funds and build intelligence to prevent future scams," Chainalysis said in a Thursday blog post. "In one of the sprints, participants were able to contact a victim directly to warn them of an ongoing scam, prompting the victim to take preventative action on-chain by revoking the approval before the scammer was able to steal a six-figure sum."
The approval phishing scams being targeted, also known as pig butchering, involve tricking an individual "into signing a malicious blockchain transaction that gives the scammer's address approval to spend specific tokens inside the victim's wallet, allowing the scammer to then drain the victim's address of those tokens at will," Chainalysis said.
Participants in Operation Spincaster include law enforcement and other government agencies across six countries - the U.K., U.S., Canada, Spain, the Netherlands and Australia - as well as 17 crypto exchanges, including Binance and NDAX.
"This work has protected victims here in the U.K. and provided opportunities for us to pursue organized crime groups causing significant harm," said Celestino Calabrese, acting head of illicit finance threat at Britain's National Crime Agency, which has been working with the U.K. National Police Chiefs' Council, a national law enforcement coordination body.
Tracking this type of translational crime can be difficult, Calabrese said, adding that "many of these groups are based overseas, and utilize sophisticated methods to gain the trust of unsuspecting investors."
Police said the sprints in which they've participated have led to some immediate results. "By the end of the sprint, we were able to set up detection methods and freeze several wallets to prevent further loss of funds for victims," said Ruben van Well, head of public-private partnerships at the Dutch National Police, which brought seven crypto exchanges into the initiative.
Operation Spincaster is the international extension of an operational sprint with the codename Operation Disruption, which Chainalysis conducted in March with Canada's Calgary Police Service. Chainalysis called it a hopeful "global blueprint for public and private sector partnerships" aimed at combating crypto crime.
Intelligence reviewed during that sprint helped identify 770 individuals, including 119 Canadians, who appeared to be victims of crypto fraud collectively amounting to $59 million in losses, said Sgt. Danny Leong of the Calgary Police Service's blockchain investigations team, which is part of its Cyber Forensics Unit.
"Through this workshop, the participating organizations took swift action in notifying the impacted individuals to prevent further victimization," he said.
Multiple efforts are underway to combat pig butchering. One such initiative, dubbed Operation Shamrock, is being organized by Erin West, a deputy district attorney for California's Santa Clara County who's a specialist in prosecuting SIM-swapping crime and cryptocurrency theft cases (see: Combating Pig-Butchering Scams With a Unified Approach).
$2.7 Billion in Known Losses
Globally, over $2.7 billion has been lost to approval phishing scams since May 2021, Chainalysis said.
Earlier this year, the U.S. Department of Justice reported that it seized $112 million amassed via cryptocurrency investment scams by attackers and laundered via six crypto wallets. But losses appear to far outpace recovery.
One type of approval phishing is the cryptocurrency confidence scam, in which scammers trick victims into funding supposedly legitimate cryptocurrency investment opportunities. They're sometimes referred to as romance or pig-butchering scams, so-called "for the way bad actors say they 'fatten up' their victims to extract the most possible value," Chainalysis said.
Experts say such scams often begin on dating apps via direct messages or when attackers cold-call targets and pretend they've dialed the wrong number.
Such scams tend to be "heavily scripted and contact-intensive," the FBI said. "After a period of building trust and rapport, the scammer will convince the victim to make investments in cryptocurrency to take advantage of the potential for high-yield returns."
Many times, attackers bolster their claims by directing victims to informational websites designed to look independent, but which are really attacker-controlled.
"After the victim has made several cryptocurrency investments through these fake sites, which purport significant returns, requests by victims to withdraw or cash out their investments are denied for one reason or another," the FBI said. "The scammer then vanishes, cutting off contact with the victim and taking the invested sums with them."
One challenge to combating pig butchering and other types of approval phishing is that each individual scam may involve serious losses and occur in a relatively short time frame.
The CEO of a Kansas bank has been indicted for embezzling nearly $50 million after falling victim to such a scam, leading to the failure of his bank. He's facing up to 30 years in prison (see: Apparent Pig-Butchering Crypto Scam Took Down a US Bank).
A lawsuit filed earlier this year claims JPMorgan Chase failed to protect two elderly women against pig-butchering scams. One lost $720,000 and the other, after just two months, lost $1.8 million - leaving her in severe financial insecurity.
The FBI last year said individuals between the ages of 30 and 49 report the highest number of pig-butchering scams.