Security
Headlines
HeadlinesLatestCVEs

Headline

The $11 Billion Marketplace Enabling the Crypto Scam Economy

Deepfake scam services. Victim data. Electrified shackles for human trafficking. Crypto tracing firm Elliptic found all were available for sale on an online marketplace linked to Cambodia’s ruling family.

Wired
#web#intel

As the crypto scam commonly known as “pig butchering” has exploded into a full-blown criminal industry that steals tens of billions of dollars a year, an entire ecosystem has formed around it. That sub-industry offers tools and data for finding and tricking targets, money laundering services to help liquidate stolen funds—even detention tools to imprison and coerce the human trafficking victims enslaved to work in scam operations.

New research now shows how all of those secondary services enabling the global scourge of pig butchering can be found on a single Cambodian online platform—part of a company linked to the Cambodian ruling family—known as Huione Guarantee.

On Wednesday, crypto-tracing firm Elliptic published a report that delves into crypto scammers’ extensive use of Huione Guarantee, a deposit and escrow service for peer-to-peer transactions that lets users buy and sell over the Telegram messaging service with the cryptocurrency Tether while preventing them from defrauding each other. By analyzing listings on the platform, engaging with sellers—sometimes undercover—and following funds across Tether’s blockchain sent to those sellers’ addresses, Elliptic was able to trace $11 billion in total transactions in just the three years since Huione Guarantee launched, including $3.4 billion so far this year.

Total transactions in the cryptocurrency Tether made via Huione Guarantee’s platform since its founding.

Courtesy of Elliptic

Elliptic estimates, based largely on public Chinese-language advertisements for the products and services available on Huione Guarantee, that the majority of those transactions were in service of pig butchering. “I’m not sure whether Huione Guarantee was originally established with this in mind, but it’s certainly become primarily a marketplace for online scammers,” says Tom Robinson, Elliptic’s cofounder and chief scientist. Robinson says Elliptic knows of around 10 platforms like Huione Guarantee that are used by crypto scammers, but none that are nearly so big. “This is the largest public guarantee platform for illicit crypto transactions that we’re aware of,” he says.

By some estimates, pig butchering scams have netted a whopping $75 billion from the start of 2020 to February of this year. The FBI said in April that reported crypto-investment fraud losses for the US hit $3.94 billion in 2023. In addition to scam victims, who are tricked into buying cryptocurrency and transferring it to criminals, the scammers on the other end are often victims of elaborate forced-labor schemes. Compounds where people are forced to live and work generating content to target scam victims have been reported in Myanmar, the Philippines, Cambodia, and other countries in Southeast Asia.

A listing on Huione Guaranteed for a scam-focused deepfake face-alteration tool.

Courtesy of Elliptic

Huione Guarantee’s crypto scam offerings span the entire food chain of the pig butchering industry: The researchers found shock-enabled GPS tracking shackles and electric batons for sale, used in the human trafficking operations that force enslaved victims to work on scam operations day in and day out in compounds across Southeast Asia. Other listings offered data on potential scam targets, fake investment websites to persuade targets to transfer funds, and deepfake face-altering services advertised for tricking scam victims. Finally, money laundering services advertised on Huione Guarantee offered to liquidate and obfuscate the source of the scammers’ stolen Tether, which accounted for the majority of the platform’s money flows.

“I would hypothesize that this is one of the drivers behind the increasing scale of these scams,” says Robinson. “Scammers no longer need to acquire victims’ contact details, build telecoms infrastructure, or launder the scam proceeds themselves. They can outsource each of these to this community of service providers.”

WIRED reached out to the public email address listed on Huione Group’s website and several of its executives for comment but didn’t yet receive a response.

A listing on Huione Guaranteed for an electric baton, intended to be used to coerce enslaved laborers inside scam compounds.

Courtesy of Elliptic

Beyond Huione Guarantee, crypto scamming researchers say they’ve seen signs of code and toolkits being circulated and re-used between pig butchering operations. For example, Sean Gallagher, a senior threat researcher at Sophos, says he’s recognized the same code underlying multiple fake crypto investment platforms and exchanges meant to trick victims into depositing their funds. “There are a number of identical kits I was seeing being run on different infrastructure with different domain names,” Gallagher says

Robinson notes that Elliptic wasn’t able to penetrate some “VIP” Telegram channels that appeared to be selling scam-related offerings on Huione Guarantee’s platform. That means, in fact, that the $11 billion in total revenue since 2021 is a lower bound for the marketplace’s total business, since Elliptic couldn’t identify some sellers’ Tether addresses. But otherwise, the platform’s bustling business in crypto scam products and services is largely conducted in public, albeit using Chinese-language jargon that can be difficult to penetrate: a “quick kill,” for instance, refers to a financial scam, while “runaway dogs” refers to trafficked prisoners who might try to escape, and “dog pushers” refers to those working in the scammer compounds.

That public nature of the criminal transactions is all the more shocking given that Huione Guarantee is operated by Huione Group, a Cambodian financial conglomerate that includes a company linked to the family of Cambodia’s prime minister, Hun Manet. One of the companies’ directors, in fact, is Hun To, the prime minister’s cousin, who has been linked in an Al Jazeera investigation to an alleged scam compound reportedly owned by Heng He, a Cambodian conglomerate owned by two Chinese nationals.

Crypto scam researchers say that Huione Guarantee, despite its size, is just one of many money laundering methods that pig butcherers use. Given that much of the pig butchering ecosystem has ties to Chinese organized crime, pig butchering revenue is often laundered in a decentralized way by convincing individual Chinese citizens to accept and hand off cryptocurrency through their personal Alipay accounts for a small fee, notes Gary Warner, director of intelligence at cybersecurity firm DarkTower. Markets like Huione Guarantee, however, offer a path for scammers who don’t already have a laundering network they can rely on or who need to diversify their options for liquidating funds.

A listing on Huione Guaranteed for electrified GPS-tracking shackles for detaining enslaved scam laborers.

Courtesy of Elliptic

It’s perhaps no surprise that Huione Guarantee began operating in 2021, given that crypto scams surged during the Covid-19 pandemic. Sophos’ Gallagher notes that in Cambodia, pig butchering operations are largely run out of hotels and resorts that struggled with plummeting tourism in 2020 and 2021. “They were financed heavily or outright owned by Chinese companies in connection with special economic zones and other development tied to Belt and Road,” he says. Gallagher’s research indicates that laborers working on pig butchering in Cambodia—often against their will—are typically not citizens but have come from the surrounding region. “These facilities follow the same playbook as far as taking people’s passports and then using electrical shocks, cattle prods, and other physical punishment for not following the rules.”

As disturbing as it may be that a service enabling billions of dollars annually in crypto scam industry transactions is being run in the open—and with links to one of Cambodia’s most powerful families—Elliptic’s Robinson suggests that brazenness offers an opportunity to disrupt a keystone of that criminal industry: He proposes international sanctions targeting Huione’s leadership.

“This has the hallmarks of a darknet marketplace, but it’s run by a large Cambodian conglomerate, which has documented links to the ruling family there,” Robinson argues. “There is surely scope to impose sanctions on a business such as this, to hinder this type of marketplace from operating.”

Wired: Latest News

Russia Is Going All Out on Election Day Interference