We have recently published a detailed article about a “pig butchering” cryptocurrency-related scam. This is a follow-up on what happens to victims after they lose significant amounts of money to a scam.

After publishing the blog post, I submitted it to Reddit to share my experience. Since then, multiple people have contacted me. Some shared their stories of losing a significant amount of their savings. Others, instead, tried to scam me further. This made me curious, so I started chatting with the scammers. They promised me that they could recover the funds I had lost.

Even though there are some true stories where stolen funds could be recovered, chances are that anyone telling you they can get your money back are scammers.

Contacting the Scammers

So, I got some DMs and Reddit replies from other users saying how sorry they were, that they had the same issue, and that “XYZ on Instagram” had helped them to recover the stolen funds. I could not see the replies on Reddit as its spam filter had removed the comments, but I still got the messages through Reddit e-mail.

The usual way to contact these scammers is to follow them on Instagram. Once they approve your follow, a DM chat starts. They ask you when the scam happened and how much you lost, and, based on the latter, you get a “custom” price you must pay to get your stolen funds back.

My immediate reaction was: how about you recover the funds, take your cut and send me back the remaining amount?

Unfortunately, in their words,  “We don’t operate like that sir”. They said they had to purchase custom software from the dark web for every new client because every case was unique.

It only got better from there. The service included a private FBI Agent!

The best part of my conversation with the scammers was when one of them sent me the following proof that they could recover the funds. I just had to send them $1,050.

 

These scammers are really unsophisticated. Sometimes they get confused and send a TRON address instead of an ETH address. Or they don’t know what an ERC-20 is. Some of them also use Zelle or PayPal.

Fun fact: I made a typo when I told them the name of a fraudulent website, but they were so good that they could recover the funds from a non-existent website 😀

Using ChatGPT on Scammers

After a while, I got bored chatting with the scammers, so I asked ChatGPT v4 to help come up with some responses. ChatGPT provided proper messages for 95% of the cases. The best part? I could ask it to write sentences using broken Indian English, and ChatGPT did a terrific job on that part 😀

I would also ask it to draw inspiration from Snoop Dogg.

The only thing missing was automation. To make this even more effective, one could also automate the creation of Instagram accounts, which is not very legal. Even though I am not a fan of FUD articles on how “ZOMG ChatGPT will make phishing more convincing,” or “it can create malware,” or “it can find 0days”, I believe that soon scammers could use free chatbots to scale their scam operations.

I had some issues with one of the scammers where I could not see any logs of them clicking the Grablify link I had sent them. So I set up my infrastructure with Python, Fingerprint.js, Cloudflare, and a new domain that looked like etherscan.io. All of this effort was futile, as none of the scammers would click any links. It seems that instead of improving their English, they are learning some OPSEC 🙁

We reported the accounts to Instagram as scammers. Unfortunately, social media platforms are not on top of their game when it comes to blocking malicious accounts.

What Is the Moral of the Story?

Blockchains are immutable. Once cryptocurrency is lost, it is lost forever. There is only hope when law enforcement can access a scammer’s private key or return the money from the scammer’s cryptocurrency exchange account. Clearly, this scam is not as profitable as pig butchering, but you can see that some people still fall for it, when you check the wallet addresses on etherscan.

Artifacts

bc1qd9va2vu0cv3syr2ns86pmayx9ltm6ytzetg6qs – BTC
TNGmh5xTRrhcrHT4hYkAhSTk6GceiAaZ2K – TRON
0x653616ff95FC8B874F2c5da530aB47A998a25424 – ETH
0x440DA30105680da58e326D90C61D6c438e56Ef74 – ETH

CUJO AI Sentry Works to Stop Phishing Attacks

Our cybersecurity data shows that 56% of households click at least a single phishing link every month. To protect people from falling for online scams, network service providers can use CUJO AI Sentry to automatically analyze and block threats with the help of our machine learning algorithms.