$1bn in “Pig-Butchering”Scams and Counting
In a follow-up piece from our work with Bitrace, connecting scam victims in the US and China, we can now show the same scams also claimed victims in 10 more countries, with flows are exceeding $1 billion.
Our previous work showed that the same scammers and scam-related service providers are active in both China and the United States. Here we will connect that work to a broader collection of scams — specifically, the scam addresses frozen by Tether in November 2023 in their largest-ever blacklisting of funds.
This was covered in detail by Newsweek, including the U.S. Department of Justice announcement and U.S. Secret Service’s long and detailed affidavit supporting those seizures.
Those documents connect victims of the RiotX and BCG Group scams in 11 countries (USA, Germany, India, Turkey, Canada, Taiwan, Thailand, UK, Romania, Sweden, Bahrain).
We are now going to connect that batch of scams and scam service providers to our prior work and document over US$1 billion of funds sent to a range of service providers.
Connecting Deposits
The frozen RiotX address 0xe0fe2b4c9f7d58a05b4a16b71ef8afb42557aef2 deposited about US$ 1.3 million to Binance via the 0x8459dd488c507b20331e0f6ac481f75ee9f4ae97 deposit address, also identified as part of the “California” case in our prior work and shared both entry and exit points with a victim from China.
This links service providers between the US$635 million of off-ramping we previously found with these new cases.
Expanding The Net
The identified RiotX addresses deposited about US$270 million to Binance and US$19.5 million to JPEX.
Our prior work identified 9 large service providers that received funds downstream of these connected scams. Now we can expand that to add:
Cumberland DRW
- 0x140cd327ba382c0e1c6011ab627b894eebc0c596
- 0x6c34d085bc23f5f1a2796b4122de2e6a449b6af6
for US$89 million and US$15 million.
Btse
- 0xdb99fd1daaecb83afaada8b805e52f0471551b90
for US$775k.
Bitfinex
- 0xa70d9a20e0db44b694748f828895ee69780c6efa
for small amounts.
Aax
- 0xff6FD62DdB5F19Df8ea2A89385bc4d0486dA0CC3
for small amounts.
OSL
- 0x1d69b4dc3e3e2eb9a77b3488c99cc1537b0392b5
for small amounts.
Crypto.com
- 0xb121f6d75a018d0ab7f660be54473ef002d3b10a
for small amounts.
Gate.io
- 0xb043ba3e9235bd2f45c26cea3bb05a14ac4a9e6a
for small amounts.
So far, 7 more large service providers from our earlier work have been linked, bringing the total to 16, receiving over US$1 billion.
We include service providers with only small flows for completeness.
Please note that within a single service provider we see individual deposit address total flows which vary by several orders of magnitude.
The size of a single wallet’s flow says nothing about a service provider’s overall level of interaction with these sorts of scams.
Further note that Cumberland and JPEX did not appear in our earlier work at all and are now the 3rd and 6th largest totals out of 16 providers.
Without better data regarding the overall amount of such activity, it is not possible to assess if we are closer to 1% or 99% coverage of these illicit transactions.
Overall
We’ve managed to connect victims of related scams in 12 countries and identify 16 involved service providers who received over US$1 billion in total.
This analysis, by way of our collaboration with Chinese blockchain intelligence firm Bitrace, also allows us to connect widely-reported scams within China, to large multi-national scam networks reported on elsewhere.
We have not traced the source of all these deposits and are not suggesting 100% of these deposits are the proceeds of crime.
But consider that each step of our recent work adds hundreds of millions in total downstream deposits by connecting just a handful of additional addresses.
We’ve gone from around US$400 million (Foundrypro alone) to US$600 million (adding a second US case and 2 Chinese ones) and now to over $1 billion with a single incremental US court document.
The FBI’s Internet Crime Report for 2022 suggests this is but a small slice of what is happening overall.
As an order of magnitude estimate — as a bottom-up foundation to map the topography of crime here —these numbers feel like a reasonable place to start.
Experience suggests they will only get much larger.
