Pierluigi Paganini April 27, 2023

CyberNews analyzed a classic cryptocurrency romance scam, also known as CryptoRom, explaining how scammers hid the money

CryptoRom scammers hid the money with several layers of obfuscation, but the Cybernews research team discovered that the stolen funds ended up in Binance accounts.

A man from Florida in the US recently reached out to Cybernews for help. Scammers had lured him into parting with $480,000 after cultivating a long-term relationship, eventually coaxing him into making cryptocurrency investments.

Usually involving fake romantic interest, the scheme is known as “cryptocurrency romance” or “CryptoRom.” This increasingly popular scam is often run by criminal gangs in Southeast Asia, where the affair is called “Sha Zhu Pan,” a Chinese phrase that means “pig butchering.”

“CryptoRom scams are very sophisticated and indicate a vast criminal organization behind the curtain. This certainly necessitates a significant amount of social engineering. This type of scam has an enormous psychological toll on victims in addition to their financial loss,” the researchers said.

The Cybernews research team meticulously followed the money that the victim sent to scammers in seven installments. Even though the crooks attempted to hide the funds, moving money between several accounts, the team managed to locate the victim’s money in Binance, the world’s largest crypto exchange.

Here’s how we did it.

The scam

The victim first met the scammers via OkCupid, a popular online dating app. The crooks used a fake profile to develop a romantic relationship with the victim online, slowly gaining the trust of the Floridian.

This type of fraud is particularly vicious as scammers carefully cultivate long-term relationships with their victims. Not a single word about crypto investments or even money may be uttered for several months.

However, once the crooks deem that the act has gained an acceptable level of trust, the dance begins. The victim is gently persuaded to invest in cryptocurrency. The first investments are rarely audacious, as the crooks want there to be more. For example, the victim who contacted us started by “investing” $10,000.

The catch is where the supposed investment goes. In the Floridian’s case, the crooks set up a fake website (www.cmecryptopm.com) impersonating CME Group, the world’s largest financial derivatives exchange that also services cryptocurrencies. Using WhatsApp numbers, the crooks managed to imitate the exchange’s customer support, further legitimizing the service in the eyes of the victim.

The victim said he was persuaded to invest in e-wallet accounts on the fake website. The crooks inflated the victim’s balance to make him believe that his supposed investment was profitable, enticing him to ‘invest’ more.

Unfortunately, the Floridian realized it was all a scam only after he was asked to pay $200,000 in taxes to make a withdrawal from his ‘investment’ account. Between June and July of 2022, the victim claims to have completed seven transactions totaling $480,000.

“CryptoRom scams are very sophisticated and indicate a vast criminal organization behind the curtain. This certainly necessitates a significant amount of social engineering. This type of scam has an enormous psychological toll on victims in addition to their financial loss.”Cybernews researcher team said.

Money flows

From the transaction data victim provided to our team, we can confirm at least seven transactions made to two separate cryptocurrency addresses, 0xc7bB31a0396Be487BaA4731a2EFFaAfB80xxxxxx and 0xa9aaCadf346d33aC0329433D75a62ffDC7xxxxxx. The address is a unique identifier, akin to an email address, only in the crypto realm.

The addresses that the scammers gave to the victim were not the final destination for the funds. Since every crypto transaction is recorded, criminals use various techniques to obfuscate the money flow until finally cashing out the illicit profits.

According to Bitquery, a service that stores blockchain data, the people who scammed the Floridian used several layers of obfuscation, bouncing the funds between six and eight times between different crypto addresses before the money ended up in a Binance account.

Funds from both original addresses were later transferred through the same network of obfuscating addresses. The latter was used in an attempt to hide the true origin of the money.

The team looked at a time span ranging from the beginning of June until the end of August. This specific range was used because the victim’s transactions occurred between June and July, and the team gave additional time for the scammers to withdraw the money.

Since the crooks didn’t immediately use a crypto mixer, a service that blends the cryptocurrencies of many users, the whole process could be tracked to Binance.

If you want to know how to avoid such kind of scams give a look at the original post:

Original post at https://cybernews.com/security/okcupid-scam-florida-man-binance/

About the author: Vilius Petkauskas, Senior Journalist at CyberNews

Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections:

• The Teacher – Most Educational Blog
• The Entertainer – Most Entertaining Blog
• The Tech Whizz – Best Technical Blog
• Best Social Media Account to Follow (@securityaffairs)

Please nominate Security Affairs as your favorite blog.

Nominate here: https://docs.google.com/forms/d/e/1FAIpQLSfaFMkrMlrLhOBsRPKdv56Y4HgC88Bcji4V7OCxCm_OmyPoLw/viewform

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, OkCupid scam)