Online criminals responsible for “pig butchering” scams are increasingly using fraudulent decentralized finance (DeFi) applications to steal from victims, a report from antivirus firm Sophos suggests.

As Cointelegraph previously explored, pig butchering scams have become lucrative for online criminals. In November 2023 , the United States Justice Department seized $9 million from a scheme that preyed on more than 70 U.S. citizens.

Pig-butchering scams involve criminals methodically building an online relationship with a victim, romantic or platonic, before convincing them to invest in a business or scheme. These schemes typically end in “rug pull” fashion, with the criminals stealing funds and cutting communication with victims.

Sophos’ report notes that pig butchering is becoming one of the fastest-growing segments of online fraud, with U.S. victims losing billions of dollars to fraudulent cryptocurrency-related investment schemes.

Related: How the IRS seized $10B worth of crypto using blockchain analytics

Sophos threat researcher Sean Gallagher notes that with the “ease with which cryptocurrency ignores borders and enables multinational crime rings to quickly obtain and launder funds,” criminals have turned to internet-based scams to convince victims to convert savings to cryptocurrency to steal funds.

Gallagher suggests that pig-butchering perpetrators are now moving away from social engineering and online grooming efforts to dupe victims in favour of using fake DeFi platforms to fleece funds from users’ Web3 wallets.

“These new scams, using fraudulent decentralized finance (DeFi) applications, are an evolution of the ‘liquidity mining’ scams we uncovered in 2022, marrying the script for fake romance and friendship perfected by past pig butchering operations with smart contracts and mobile crypto wallets,” Gallagher explained.

The report notes that DeFi savings scams allow criminals to bypass the technical “stumbling blocks” of early pig-butchering scams.

Related: MailerLite confirms hack that led to $3.3M crypto-phishing email attacks

Newer methods do not require victims to install customized mobile apps, which typically hinged on convincing victims to install a specific application and also needed to bypass Apple and Google application store reviews. DeFi scams use trusted applications, requiring victims to load web pages within the app.

Secondly, DeFi scams do not involve victims having to deposit or send funds away from personal wallets, which maintains the illusion of user control:

“Until the trap is sprung, the victims’ cryptocurrency deposits are visible in their wallets’ balances, and the scammers even add cryptocurrency tokens to their accounts to create the illusion of profit.”

Victims are typically lured into connecting Web3 wallets to a DeFi “savings” or liquidity pool controlled by scammers. Attackers can then drain funds from wallets and launder the stolen cryptocurrency.

Pig-butchering scams morph into DeFi threats image 0 A “DeFi Savings” scam that Sophos identified operating across 300 different domains.

Wallet-draining software was used in a recent phishing email scam that drained an estimated $3.3 million from subscribers after email marketing firm MailerLite’s system was compromised in Janua 2024 .

Magazine: Blockchain detectives: Mt. Gox collapse saw birth of Chainalysis