A Look Inside the Pig Butchering Crypto Scam Exchanges

Let's take a look at what goes on behind the scenes of a pig butchering crypto scam website, both from the user's perspective and the scammer's admin side on the platform.

By Marco Rizal - Editor, Journalist 8 Min Read
Share this post?
Share this post?

Let's take a look at what goes on behind the scenes of a pig butchering crypto scam website, both from the user's perspective and the scammer's admin side on the platform.

Pig butchering crypto scams deceive victims into making increasing contributions to fraudulent schemes often involves cryptocurrency. Scammers pretend to be attractive individuals in order to establish fake relationships with their targets online.

They then manipulate them into investing in a fraudulent cryptocurrency exchange or investment platform. Believe it or not, these scams can actually take quite a long time to unfold, sometimes stretching out over months or even years.

As a result, victims end up investing large amounts of money due to the trust that has been gradually built.

How do these crypto scams work?

It’s become quite a problem with scammers taking advantage of the increasing popularity of cryptocurrency by setting up fraudulent crypto exchanges.

These exchanges attract victims by enticing them to trade and invest, persuading them of their legitimacy with fake profits at the beginning.

The scam starts when the scammer poses as an attractive individual and establishes an online relationship with the target.

Romance Scam Attempt
Figure 1.1 Scammer’s attempt at pig butchering scam via WhatsApp

Gradually, the scammer builds a rapport with the victim, engaging in conversations about potential investments in cryptocurrency.

The scammer presents the alleged profitability of the investment, frequently employing fabricated testimonials and manipulated success stories.

From a victim’s perspective

After successfully convincing the victim, they are then introduced to a fake cryptocurrency exchange.

image 61
Figure 1.2 Fake cryptocurrency exchange Stellarcoin[.]com

These exchanges are created to imitate real platforms, including common security features like Know Your Customer (KYC) verifications and Two-Factor Authentication (2FA) to make them seem more trustworthy.

image 48
Figure 1.3 Fake 2FA and KYC pages for added trust

When users create an account, they go through standard procedures that give the platform a sense of security.

The platform retrieves data from reputable exchanges through APIs to present accurate market activities, including buyer and seller actions and dynamic graphs. This gives the feeling of a lively, genuine interaction.

The wallet functionality can be very tricky to explain, but these are fake numbers. Since the platform needs to presents precise cryptocurrency prices it simply uses a dynamic calculating system to trick users into believing their account balances are authentic.

image 55
Figure 1.4 Fake crypto account balance (Dynamically changing based on real prices)

To put it in a very explainable way, these balances are simply virtual and function similar to a testnet or paper trading account, where no actual money is involved.

When a user’s money is deposited, it goes straight to the scammer’s wallet and what’s left is a balance that works like a paper account, making it seem like real funds are being traded.

From the scammer’s perspective

From the scammer’s point of view, the platform is a highly adaptable tool that can be effortlessly tailored to their fraudulent needs.

The admin panel offers the convenience of using multiple templates, which scammers can exploit to alter the platform’s appearance to suit different victims. This adaptability allows the scam to go unnoticed in different domains.

image 63
Figure 1.5 Domain design feature can reskin the whole site

Admins have the ability to easily customize the theme to suit various purposes and styles, making sure that the platform looks distinct for each user.

The admin panel provides a variety of template options, including default, template_2, template_3, and template_4.

Template 1:

image 64
Figure 1.6 Fake crypto exchange template in green

Template 2:

image 65
Figure 1.7 Fake crypto exchange template in black and yellow

Template 3:

image 72
Figure 1.8 Fake crypto exchange template similar to Binance

Each template offers unique designs for all pages. This flexibility allows for the scam to remain undetected.

Admins also have the ability to generate fabricated transactions and add imaginary funds to user accounts.

These balances may seem real, but they only exist within the platform. The image below shows the ease with which scammers can manipulate account balances, showcasing fake amounts such as $570 million in Bitcoin.

image 75
Figure 1.9 Fake $570 million balance (9995 Bitcoins)

The platform also has a feature called crypto drainer, which has the ability to drain a user’s wallet if it is connected to the platform.

What is a crypto drainer?

A crypto drainer is created for effectively deplete crypto wallets by automatically transferring either all or only the most valuable assets they hold into the wallets of the drainer operators.

image 82
Figure 2.0 Cryptocurrency drainer feature disabled

This function can be easily understood as being set to default, automatically withdrawing funds upon connection, which guarantees that once the scammer decides to take action, the victim’s funds will be permanently lost.

The platform’s staking feature can also be explained as completely fake. Scammers often use enticingly high returns, like 1000%, to lure in unsuspecting users.

image 88
Figure 2.1 Staking rewards can be modified by scammers

Nevertheless, these returns are falsified, intended to entice victims into investing further. This staking function is nothing more than a scam, where the returns are determined by the scammer without any clear justification.

Fake crypto exchange full functionality

The platform is designed with a wide range of advanced features that make it incredibly easy for cybercriminals to trick users into giving them their money.

As previously mentioned, we had access to this one type of exchange from a threat actor who is selling their fake crypto exchange PHP script on a dark web forum marketplace.

image 94
Figure 2.2 Threat actor selling the fake crypto exchange source code

The post made by the threat actor does not mention the exact price of the source code.

In addition to the functionalities we have previously mentioned, generating addresses for users and verifying deposits, even if they are fake, is a breeze.

The platform also offers pre-made outputs that are tailored to each user, giving the appearance of legitimacy. These outputs include options like “verification,” “pending,” and “confirmed.”

A fake support page is also created to lure users into depositing additional funds. The platform enables real transfers at first to establish trust, but the admin can later disable withdrawals after a sufficient amount of funds have been deposited, completing the final stage of the scam.

Bottom line

The structure and system used by scammers to trick users into giving them money is complex, with custom-made functionalities designed solely for this purpose.

In our honest opinion, these source code could be compared to legitimate crypto exchanges if they were not intended for illegal activities.

Leave a comment