Connect with us


Sophos’ Two Year Investigation Finfs Criminals Leverage “As-a-Service” with Sha Zhu Pan Kits to Expand Cryptocurrency Fraud

By Sandra Ani



  • After a Two-Year Investigation, Sophos X-Ops Discovers Unprecedented Sophistication in Scams That Trick Victims into Fake Investments

Sophos, a global leader in innovating and delivering cybersecurity as a service, today revealed how sha zhu pan scammers—those conducting elaborate, romance-based cryptocurrency fraud—are leveraging a business model similar to cybercrime “as-a-service” by selling sha zhu pan kits on the dark web, globally expanding to new markets.

Sophos details these advanced sha zhu pan operations (also known as pig butchering) in the article, “Cryptocurrency Scams Metastasize into New Forms.”

Originating from organized crime gangs in China, the new kits provide the technical components needed to implement a specific pig butchering scheme called “DeFi savings.”

Criminals position DeFi savings scams as passive investment opportunities that are similar to money market accounts, often times to people who have no understanding of crypto. Victims only need to connect their crypto wallet to a “brokerage account,” with the expectation that they will earn significant interest from their investment.

Victims are adding their crypto wallets to a fraudulent cryptocurrency trading pool, which the fraudsters then empty.

“When pig butchering first appeared during the time of the COVID pandemic, the technical aspects of the scams were still relatively primitive and required a lot of effort and guidance to successfully scam victims. Now, as the scams have become more successful and the fraudsters have refined their techniques, we’re seeing a similar evolution to what we’ve seen with ransomware and other types of cybercrime in the past: the creation of an as-a-service model. Pig butchering rings are creating ready-made DeFi app kits, which other cybercriminals can purchase on the dark web. As a result, new pig butchering rings that are unaffiliated with Chinese organized crime groups are appearing in areas like Thailand, West Africa and even the U.S.

As with other types of commercialized cybercrime, these kits lower the entry barriers for cybercriminals interested in pig butchering and vastly expand the victim pool. Last year, pig butchering was already a multi-billion-dollar fraud phenomenon; sadly, the problem is likely only to grow exponentially this year,” said Sean Gallagher, principal threat researcher, Sophos.

Sophos X-Ops has been tracking the evolution of pig butchering schemes for two years. The earliest iterations—dubbed by Sophos as “CryptoRom” scams—involved connecting with potential victims on dating apps and then convincing them to download fraudulent crypto trading applications from third-party sources. For iOS users, these scams required victims to download an elaborate workaround that allowed scammers to bypass security on victims’ devices and gain access to their wallets.

In 2022, the scammers continued to refine their operations, this time finding ways to bypass app store review processes to sneak their fraudulent apps into the legitimate App Store and Google Play Store. This was also the year that a new scam pattern emerged: fake cryptocurrency trading pools (liquidity mining).  

In 2023, Sophos X-Ops uncovered two vast pig butchering rings—one based out of Hong Kong and one based out of Cambodia. These rings leveraged legitimate crypto trading apps and created elaborate fake personas to lure victims and steal millions from them. Further investigation revealed that pig butchering operators were adding AI to their arsenal.

At the end of 2023, Sophos X-Ops uncovered a vast liquidity mining operation involving three separate Chinese organized crime rings targeting nearly 100 victims. During the investigation into this operation, Sophos X-Ops first noticed the availability of pig butchering scam kits.

In the most recent pig butchering operations that Sophos X-Ops has investigated, the fraudsters have removed any previous technological impediments, as well as significantly lowered the amount of social engineering required to steal from victims. In the DeFi savings schemes, victims now engage in fraudulent crypto trading through legitimate, well-known cryptocurrency apps and give (albeit unknowingly) the scammers direct access to their wallets. In addition, the scammers can conceal the wallet network that launders stolen crypto, making the scams harder for law enforcement to track.

“The DeFi savings scams are the culmination of two years of pig butcherers refining their operations. Gone are the days when the scammers had to convince victims to download some strange app or transfer the crypto themselves into a soon-to-be-stolen digital wallet.

“The fraudsters have also learned how to better ‘market’ their schemes. They’re taking advantage of how liquidity mining pools operate to steal the funds by telling victims it’s a simple investment account. This is often an easier sell, especially since most people don’t understand the ins and outs of cryptocurrency trading and everything is done under the guise of trusted brands.

“In other words, it’s never been easier for people to fall victim to pig butchering, which means it’s never been more important to be aware that these scams exist—and know what to look out for,” said Gallagher.

Tips to Avoid Falling Prey to Pig Butchering

To avoid falling victim to a pig butchering scam, Sophos recommends the following:

  • Be skeptical of strangers that reach out via social networking sites like Facebook or texts, especially if they want to quickly move the conversation to a private messenger like WhatsApp
    • This also applies for new matches on dating applications—especially if the stranger begins talking about trading in crypto
  • Always be weary of any “get rich quick” scheme or cryptocurrency investment opportunity that promises large returns in a short amount of time
  • Be familiar with the lures and tactics of romance scams and investment scams. Non-profits like the Cybercrime Support Network have resources that can help
  • Anyone who believes they have fallen victim to a pig butchering scam should immediately withdraw any funds from any affected wallet and contact law enforcement. is on a critical mission; to objectively and honestly represent the voice of ‘grassrooters’ in International, Federal, State and Local Government fora; heralding the achievements of political and other leaders and investors alike, without discrimination. This daily, digital news publication platform serves as the leading source of up-to-date information on how people and events reflect on the global community. The pragmatic articles reflect on the life of the community people, covering news/current affairs, business, technology, culture and fashion, entertainment, sports, State, National and International issues that directly impact the locals.


Anambra School Emerges Winner In National Girls In ICT Competition With Groundbreaking VR Technology



St. John Vianney Science College, Igbariam, used their virtual reality project to conquer the National Girls in ICT Competition 2024, claiming the national championship title yesterday!

The National Girls in ICT Competition, organized by the Federal Ministry of Communication, Innovation and Digital Economy, is a technology innovation competition for all girls in secondary schools across Nigeria.

Their innovative project, M-Tag VR, allows users to explore iconic landmarks like Zuma Rock and learn about fascinating cultural aspects of Nigerian tribes. The girls, Immaculate Ebube Ikegwuonu, Camilla Anyadike, and Nweke-Nonso Oluchi, mentored by their coach, John Onuigbo, triumphed over teams from all 36 states.

The girls’ talent shone brightly throughout the competition. They started at the state level where they aced the Anambra state competition, then proceeded to conquer the Southeastern regional championship, defeating teams from Ebonyi, Imo, Abia, and Enugu, to make it to the national finals.

Rivers and Lagos states secured the second and third-place positions, respectively.

Continue Reading


Google To Delete Billions Of Browser Records To Settle ‘Incognito’ Lawsuit



CNN reported that Google will delete billions of data records as part of a settlement for a lawsuit that accused the tech giant of improperly tracking the web-browsing habits of users who thought they were browsing the internet privately.

The suit was originally filed in 2020 and accused Google of misrepresenting the kind of data it collects from users who browsed the internet via “Incognito” private browsing mode in Chrome. Google agreed to settle the suit late last year, but the terms of the settlement were first disclosed in a filing on Monday.

As part of the settlement, Google must delete “billions of data records” that reflect the private browsing activities of users in the class action suit, according to court documents filed Monday in San Francisco federal court.

Google will also update its disclosure to inform users about what data it collects each time a user initiates a private browsing session. Google has already started implementing these changes.

For the next five years, Google will also let private browsing users block third-party cookies as part of the settlement. Google also will no longer track people’s choices to browse the internet privately.

Continue Reading


NIN-SIM Linkage: NCC Directs Telecommunication Operators To Bar Non-Compliant Subscribers



The Nigerian Communications Commission (NCC) has confirmed that it would not be reviewing its deadline to bar owners of more than four SIM cards whose SIM registration data failed to match their National Identity Number (NIN) data.

A source within the Commission explained that the Commission’s position was hinged on its objective to clean the country’s SIM ownership database, and ensure that criminals could not take advantage of having multiple unlinked SIMs to carry out their nefarious activities.

“We are not standing back on our decision. March 29th is sacrosanct. Our resolve is hinged on the need to close in on the chaos of untoward ownership of multiple SIM cards with unverified NIN details. We have instances where a single individual has over 10,000 lines linked to his NIN. In some cases, we have seen a single person with 1,000 lines, some 3,000 plus lines. What are they doing with these lines?

“From our interim findings, the owners of these lines did not purchase them for decent purposes or to undertake legitimate activities.

“We have given them enough time to make the decision of which of their lines they want to keep, and discard the others. They did not. All lines in this category with unverified NINs will be barred. They will be then expected to go to their operators and decide which of the lines they want to keep, as well as submit correct NIN details.

“Some people would say they want to use it for car trackers, or for IoTs, but provision has been made for these services already. They are not under the ‘Max-4 Rule.’

“Across the world, no country allows you to have 1,000 SIM cards to make calls or texts.”

The Max-4 Rule announced by the Federal Government in April 2021 provides that telecom subscribers cannot have more than four lines per mobile network operator.

The NCC has also provided Mobile Network Operators (MNOs) an extension till July 31st 2024 within which they are expected to verify all NINs submitted by subscribers with four (4) or less SIMs, as well as bar those whose NIN fail verification with NIMC.

An authoritative source within the Commission who is familiar with the matter stated that the Commission’s management arrived at the decision at a crucial meeting it held today to review requests from the major Mobile Network Operators requesting for extension for the verification of NINs submitted.

The source also stated that the Commission is mulling the idea to approve an online application solution for MNOs where their subscribers whose NIN verification failed due to biometric mismatch can update their records on the app, while existing subscribers can register additional lines.

Continue Reading