For the first quarter of 2025, the NJCCIC received reports of increased cryptocurrency scams, primarily pig butchering schemes. In these fraudulent investment schemes, threat actors impersonate legitimate individuals or organizations to steal personally identifiable information (PII), private keys, wallet addresses, and funds. They impersonate prominent public figures, claiming to give away free cryptocurrency if they invest in specified websites or platforms. They also pose as experienced investment advisors or registered professionals as part of an investment group. They may send unsolicited or solicited requests, invite potential victims to private or group chats, provide general market advice, direct trades, and promise high-yield investments.

Threat actors use various methods to contact their target, typically through social media platforms or dating apps. WhatsApp, LinkedIn, Facebook, Telegram, and TikTok are popular communications platforms. They also attempt to compromise accounts to solicit the victim’s connections, friends, or family. The threat actors may request that the conversation be taken offline to other platforms. They communicate regularly to establish a relationship (e.g., social, romantic, or business) to gain their confidence and trust and then introduce them to their fraudulent schemes.

Threat actors develop fraudulent websites or applications to convince their target to deposit funds on these platforms as part of their fraudulent investment scheme. They offer training to set up accounts on the exchange and provide guidance on purchasing cryptocurrency. These platforms may appear legitimate, sometimes replicating price movements and producing artificial gains to keep their target engaged and potentially convince them to deposit additional funds.

However, unbeknownst to the target, weeks or months later, they cannot withdraw the funds from the platform. Instead, the threat actors lock the funds on the platform and steal the invested funds behind the scenes. When the target questions the inability to withdraw funds, the threat actors make excuses such as technical issues, withdrawals requiring 24 hours to review, or service fees. Threat actors set service fees to withdraw the funds as low as $50 or as high as double or 10x the amount deposited. If the target pays the service fee, the threat actors also claim that it is incorrect and that the target must pay the correct amount. Once the threat actors shut down the platform, all communications cease, and funds invested are lost. The cryptocurrency types invested in these scams include BTC, ETH, USDT, XRP, SOL, and DOGECOIN, with losses typically ranging from several hundred dollars to several hundred thousand dollars.

Other cryptocurrency scams include impersonating cryptocurrency platforms, such as Coinbase, in emails and text messages. These scams create urgency and claim that the target requested a password reset or that there was a recent login attempt from an unrecognized device. If incorrect, the communication instructs the target to call customer support. If called, the threat actors confirm the target’s PII and advise them that their account has been compromised. They will then need to set up a new payment method to transfer funds to a new digital cryptocurrency wallet. The threat actors provide a wallet address or a QR code linked to a wallet address controlled by the threat actors in the background. The funds can also be transferred via a cryptocurrency kiosk, or Bitcoin ATM (BTM).

Threat actors use similar tactics when impersonating bank fraud department representatives or government agents, claiming the target’s bank account is associated with illegal activity, such as money laundering or drug smuggling, and is under investigation. The threat actors instruct the target to “temporarily” convert funds to cryptocurrency and deposit them later in a different bank account to avoid their funds being frozen or seized. Additionally, they impersonate technical support for a reputable organization to extort funds. The threat actors falsely claim a virus has been detected on their device and need to gain remote access to fix it. They then convince their target that their device has been compromised or corrupted and that they need to transfer funds to safeguard their money.

Threat actors also create fake profiles, posing as friendly connections or potential love interests in romance scams on social media platforms and dating apps. They gain trust and socially engineer their target’s heartstrings to extort funds through cryptocurrency platforms or kiosks. They allege they would like to meet in person but cannot due to financial reasons, living in another country, or caring for a sick loved one. In some cases, they use military lures and themes of being an only child with deceased parents, stationed out of the country, and undergoing financial hardship. Other extortion cases include sextortion, in which threat actors threaten the target with the release of compromising or sexually explicit photos or videos to family, friends, and coworkers in their contacts or social media platforms if payment is not made. These threats are typically not credible unless the threat actors gain their target’s trust to record them or the target sends such photos or videos to them.