Pig Butchering Scam via Hillsu (www.hillsu.com)

dascraz

Recruit
Messages
8
I posted this on reddit before but thought I'd post it here as well to increase publicity for this scam.

Scam report: cryptocurrency hybrid romance-investment scam (also known as romance baiting), another example of the pig butchering scam (Sha Zhu Pan) that originated in China which is now gaining prominence in Western countries.

TL;DR - romance baiting investment scam, scammer forms an online relationship through a dating app over weeks-months, victim is persuaded of investing in an "initial coin offering/ICO" cryptocurrency promising significant profits which is only found on a fake cryptocurrency exchange (see below). Any money transferred cannot be recovered. If it sounds too good to be true, it usually is! Trust your instincts.

Modus operandi:

The perpetrator seeks out victims by pretending to be an attractive woman on a dating website/app. Often these scammers masquerade as attractive Chinese girls, using pseudonyms and photos that are likely from a database/collection of photos (either stolen from social media/internet or taken locally). The "girl" is often located overseas, typically in an Asian country such as Hong Kong (or seemingly from Hong Kong based on their mobile number - though it is not clear that they actually are), and quickly seeks to continue communication through an off-site method such as WhatsApp where their illegal conduct cannot be traced. To use WhatsApp you do not need to even have the original SIM card installed and so phone numbers can be exported from different countries to spoof the perpetrator's location). The scam usually takes place over 1 to 3 months during which the victim's trust in the perpetrator is slowly built up. Daily photos of food and occasionally selfies are common. Often these photos appear to be old or different to the previous (e.g. different hair colour or style/length, an older or more youthful appearance in some but not others). In other words, there are inconsistencies in the photos.

The conversation starts off by asking the victim what they do for a living (whether they're a student or working) and sometimes they will mention concepts of financial independence and ask what the victim thinks of that. This is merely a tactic to pre-select targets who are likely to be the most "profitable". You will often notice that messages appear to come in batches rather than being typed out live and sequentially (due to perpetrators meticulously crafting a tailored response behind the scenes to your replies to "indoctrinate you" or "employ psychological manipulation tactics", as you will almost never get instantaneous responses). If messages are live, it tends to be in broken English or English that was clearly Google translated.

After communicating for many weeks, they will start giving praise and seemingly move the "relationship" quickly by using intimate terms or suddenly saying that the victim is their partner after many years of searching. This is to further gain rapport with the victim and lower their defenses through fostering feelings of romance. Eventually, they tell a story about how they made significant profits from cryptocurrency by investing early, often under the guidance of a so-called uncle (who is guaranteed to be another member of the crime syndicate) who is claimed to be a mastermind at trading cryptocurrencies. And often this uncle is said to be based in the same city as the victim in a wealthy suburb (which is a tactic used to generate familiarity and the appearance of success). A variation on the theme could be a brother/aunt. Remember, everything is a lie and everything has been carefully crafted to deceive you.

After a while, the perpetrator then tells of an amazing "investment opportunity" considered the chance of a lifetime based on an "initial coin offering" that can only be found on a non-mainstream cryptocurrency exchange (that is fraudulent). Often there is very little information that can be Googled about this exchange and a reverse IP search usually reveals a domain that was only recently created (despite the website stating the exchange has been running for years). This new cryptocurrency is recommended on the basis of "insider knowledge" provided by the so-called uncle. The victim is then persuaded to access this exchange which requires downloading an application on their mobile phone not found on Google Play or the Apple store. The perpetrator then sends falsified/photoshopped screenshots (usually very large sums) of them depositing money into the cryptocurrency address (e.g. through Binance) associated with the exchange (when in reality, no such transaction occurred when looking at the blockchain). This is done to convince the victim to put in large sums of money to invest in the "ICO" coin. The coin will seemingly gain value every single week with very little volatility and volume (which does not change when you make a transaction on the exchange). The perpetrators will continue to reiterate a sense of urgency and encourage the deposition of large sums of money in order to "maximise gains".

After depositing funds, a screenshot of the transaction needs to be submitted and the funds are then registered on the app (which is never instant and usually takes a few hours, indicating manual processing of deposits). Funds/profits displayed on the app are bogus as any attempt at withdrawing funds from the exchange/app is unsuccessful and often met with a "tax" that must be paid in order to withdraw further funds. This is simply another tactic to swindle more money from the victim. If the amount is small, they may return some funds in order to convince you of the legitimacy of their exchange. They will also actively discourage any ideas of withdrawal from the account, telling you to "stay the course" until the target price is reached. This is a strategy to get the victim to put in increasingly large amounts of money and delaying the inevitable discovery that funds only go in a single direction before it is too late and substantial losses were made. The perpetrator will also attempt to persuade the victim to take out loans or sell assets to deposit even more money into this scheme and will frequently bring this up as a topic of conversation. They will attempt to bleed out every cent possible from you. Eventually, the victim is not only left financially broken but also heartbroken. By the time they realise they were conned, the funds they sent have moved around many different crypto wallets already, making it extremely difficult to trace.

Examples of websites involved in this specific scam include "www.hillsu.com" and "www.chainlity.com" (now called www.grafiexchange.com). It is guaranteed that new websites will sprout once the perpetrators discover that their ruse has been exposed, but the modus operandi remains the same. The specific "ICO" coin involved in the above is called "encrypted coin" or "ECPC". The nature of these two websites can be confirmed here https://www.globalantiscam.org/list-of-scam-websites-and-links. Falsified news include: finance.yahoo.com/news/hillsu-debuts-public-crypto-exchange-134100112.html and finance.yahoo.com/news/encrypt-coin-went-price-listing-122300249.html.

The scammers here used the following two cryptocurrency wallets: 0xe2f0C3C45F30B2370bE8022aAD580281F2268Ba3 and 0xa4f8d8C77696c580e5dFf3dAc8d9480372046609 on the Ethereum network (ERC-2).

See also https://www.globalantiscam.org/about and .
 
Last edited by a moderator:
I posted this on reddit before but thought I'd post it here as well to increase publicity for this scam.

Scam report: cryptocurrency hybrid romance-investment scam (also known as romance baiting), another example of the pig butchering scam (Sha Zhu Pan) that originated in China which is now gaining prominence in Western countries.

TL;DR - romance baiting investment scam, scammer forms an online relationship through a dating app over weeks-months, victim is persuaded of investing in an "initial coin offering/ICO" cryptocurrency promising significant profits which is only found on a fake cryptocurrency exchange (see below). Any money transferred cannot be recovered. If it sounds too good to be true, it usually is! Trust your instincts.

Modus operandi:

The perpetrator seeks out victims by pretending to be an attractive woman on a dating website/app. Often these scammers masquerade as attractive Chinese girls, using pseudonyms and photos that are likely from a database/collection of photos (either stolen from social media/internet or taken locally). The "girl" is often located overseas, typically in an Asian country such as Hong Kong (or seemingly from Hong Kong based on their mobile number - though it is not clear that they actually are), and quickly seeks to continue communication through an off-site method such as WhatsApp where their illegal conduct cannot be traced. To use WhatsApp you do not need to even have the original SIM card installed and so phone numbers can be exported from different countries to spoof the perpetrator's location). The scam usually takes place over 1 to 3 months during which the victim's trust in the perpetrator is slowly built up. Daily photos of food and occasionally selfies are common. Often these photos appear to be old or different to the previous (e.g. different hair colour or style/length, an older or more youthful appearance in some but not others). In other words, there are inconsistencies in the photos.

The conversation starts off by asking the victim what they do for a living (whether they're a student or working) and sometimes they will mention concepts of financial independence and ask what the victim thinks of that. This is merely a tactic to pre-select targets who are likely to be the most "profitable". You will often notice that messages appear to come in batches rather than being typed out live and sequentially (due to perpetrators meticulously crafting a tailored response behind the scenes to your replies to "indoctrinate you" or "employ psychological manipulation tactics", as you will almost never get instantaneous responses). If messages are live, it tends to be in broken English or English that was clearly Google translated.

After communicating for many weeks, they will start giving praise and seemingly move the "relationship" quickly by using intimate terms or suddenly saying that the victim is their partner after many years of searching. This is to further gain rapport with the victim and lower their defenses through fostering feelings of romance. Eventually, they tell a story about how they made significant profits from cryptocurrency by investing early, often under the guidance of a so-called uncle (who is guaranteed to be another member of the crime syndicate) who is claimed to be a mastermind at trading cryptocurrencies. And often this uncle is said to be based in the same city as the victim in a wealthy suburb (which is a tactic used to generate familiarity and the appearance of success). A variation on the theme could be a brother/aunt. Remember, everything is a lie and everything has been carefully crafted to deceive you.

After a while, the perpetrator then tells of an amazing "investment opportunity" considered the chance of a lifetime based on an "initial coin offering" that can only be found on a non-mainstream cryptocurrency exchange (that is fraudulent). Often there is very little information that can be Googled about this exchange and a reverse IP search usually reveals a domain that was only recently created (despite the website stating the exchange has been running for years). This new cryptocurrency is recommended on the basis of "insider knowledge" provided by the so-called uncle. The victim is then persuaded to access this exchange which requires downloading an application on their mobile phone not found on Google Play or the Apple store. The perpetrator then sends falsified/photoshopped screenshots (usually very large sums) of them depositing money into the cryptocurrency address (e.g. through Binance) associated with the exchange (when in reality, no such transaction occurred when looking at the blockchain). This is done to convince the victim to put in large sums of money to invest in the "ICO" coin. The coin will seemingly gain value every single week with very little volatility and volume (which does not change when you make a transaction on the exchange). The perpetrators will continue to reiterate a sense of urgency and encourage the deposition of large sums of money in order to "maximise gains".

After depositing funds, a screenshot of the transaction needs to be submitted and the funds are then registered on the app (which is never instant and usually takes a few hours, indicating manual processing of deposits). Funds/profits displayed on the app are bogus as any attempt at withdrawing funds from the exchange/app is unsuccessful and often met with a "tax" that must be paid in order to withdraw further funds. This is simply another tactic to swindle more money from the victim. If the amount is small, they may return some funds in order to convince you of the legitimacy of their exchange. They will also actively discourage any ideas of withdrawal from the account, telling you to "stay the course" until the target price is reached. This is a strategy to get the victim to put in increasingly large amounts of money and delaying the inevitable discovery that funds only go in a single direction before it is too late and substantial losses were made. The perpetrator will also attempt to persuade the victim to take out loans or sell assets to deposit even more money into this scheme and will frequently bring this up as a topic of conversation. They will attempt to bleed out every cent possible from you. Eventually, the victim is not only left financially broken but also heartbroken. By the time they realise they were conned, the funds they sent have moved around many different crypto wallets already, making it extremely difficult to trace.

Examples of websites involved in this specific scam include "www.hillsu.com" and "www.chainlity.com" (now called www.grafiexchange.com). It is guaranteed that new websites will sprout once the perpetrators discover that their ruse has been exposed, but the modus operandi remains the same. The specific "ICO" coin involved in the above is called "encrypted coin" or "ECPC". The nature of these two websites can be confirmed here https://www.globalantiscam.org/list-of-scam-websites-and-links. Falsified news include: finance.yahoo.com/news/hillsu-debuts-public-crypto-exchange-134100112.html and finance.yahoo.com/news/encrypt-coin-went-price-listing-122300249.html.

The scammers here used the following two cryptocurrency wallets: 0xe2f0C3C45F30B2370bE8022aAD580281F2268Ba3 and 0xa4f8d8C77696c580e5dFf3dAc8d9480372046609 on the Ethereum network (ERC-2).

See also https://www.globalantiscam.org/about and .

Below are some more details about these scammers. The website is only around five months old.

www.hillsu.com

1645630658476.png

1645630337769.png

Website IP
1645630416878.png

1645630528677.png


More details below about the Pig Butchering Scam

 
I have managed to trace the funds entering the two crypto wallets I have mentioned above and have established that the funds were eventually deposited to an account on Binance who Binance have positively identified. This is likely a money mule. I am unable to obtain the identity of the account holder from then on without the help of law enforcement.
 
I have managed to trace the funds entering the two crypto wallets I have mentioned above and have established that the funds were eventually deposited to an account on Binance who Binance have positively identified. This is likely a money mule. I am unable to obtain the identity of the account holder from then on without the help of law enforcement.
Have you filed a police report locally and an IC3 with the FBI?
 
Back
Top