On September 8, 2023, the Financial Crimes Enforcement Network (“FinCEN”) released an alert regarding a notorious virtual currency scam called “pig butchering,” because, unfortunately, it resembles the “fattening a hog before slaughter.” These scams are primarily perpetrated by criminal organizations in Southeast Asia where these scams are also called “Sha Zhu Pan.”

The unwitting victims are the so-called “pigs,” who, according to various U.S. law enforcement sources, have lost billions of dollars to this scam. Unfortunately, some victims have liquidated tax-advantaged accounts or taken out home equity lines of credit or second mortgages to purchase virtual currency, as part of falling victim to these scams. The alert highlights that pig butchering is linked to fraud and cybercrime, two of FinCEN’s stated national priorities.

As we discuss, FinCEN’s alert provides 15 “red flags” for financial institutions (“FIs”) to consider when attempting to detect, prevent and report potential suspicious activity relating to such scams.  These “red flags” may serve not only to put FIs on guard for potential Suspicious Activity Report (“SAR”) filings under the Bank Secrecy Act (“BSA”), but they also may serve as considerations for FIs to try to detect and stop such activity, in order to cut off potential related civil suits by victim customers who may blame a FI for purportedly “allowing” the scam to occur.

At a high level, the scam work as follows: scammer leverages fictitious identifies, relationships, and storylines to enable the victim to trust the scammer; the scammer convinces the victim to invest in virtual currency or in an over-the counter foreign exchange scheme; and the scammer will introduce the victims to virtual currency websites and applications that are fraudulent and may be under the scammer’s control.  Once the victim acquires virtual currency, the scammer “assists” the victim in investing the funds, which are sent to virtual currency addresses and accounts controlled by the scammers.

Pig butchering scams have included various types of virtual currency including cyptocurrency and stablecoins (e.g., Bitcoin, Ether, U.S. dollar tether, and TRX). Even though the alert focuses on the use of cryptocurrency, it is important to note that there have been instances of this scam involving electronic fund transfers, wire transfers, and foreign currency and dollar-gold contracts (i.e., Forex).

Another unfortunate aspect of these scams: in addition to victimizing persons financially, the criminal organizations pursuing these scams “use victims of labor trafficking to conduct outreach to millions of unsuspecting individuals around the world.”  Stated otherwise, the criminal organizations behind these scams essentially employ slave labor to execute the scams.

Comparison to Romance Scams

The alert notes the similarity to romance scams or confidence scams, as the scammer must gain the victim’s confidence to induce them into making the fraudulent investment. Although pig butchering resembles that of a romance scam, because both require a level of trust and relationship, often times in pig butchering the scammer claims to be an investor or money manager – further legitimizing the individual and the fraudulent operation. Scammers are using other outlets to initiate communication, including professional networking sites.  They typically contact the victim under the guise of accidently reaching a wrong number or trying to re-establish a connection with an old friend. Scammers direct the victims to fraudulent websites showing investment opportunities. Despite the similarities, pig butchering seems more like an “old fashioned” investment scam.

Possible Elder Abuse/Elder Financial Exploitation

The alert indicates that in the case of an elder victim, a FI should refer the victim to the Department of Justice’s National Elder Fraud hotline. Elder abuse and financial exploitation is more likely to occur where there is lack of familiarity with technology.

Given the rapidly changing landscape of virtual currency, it is easy for an older customer to be unfamiliar and trust an individual holding themselves out as a money manager or investor. Last year, FinCEN released an advisory regarding elder financial exploitation and warned of fraudulent investment schemes. We blogged about this advisory here.

Red Flags

Some of the red flags referenced by the alert to detect, prevent, and report pig butchering scams include:

  • A customer with no history or background of using, exchanging, or otherwise interacting with virtual currency attempts to exchange a high amount of fiat currency for virtual currency or attempts to initiate high-value transfers to a virtual asset service provider (“VASP”);
  • A customer mentions or expresses interest in an investment opportunity leveraging virtual currency with significant returns that they were told about from a new contact who reached out to them unsolicited online or through text message;
  • A customer mentions that they were instructed by an individual who recently contacted them to exchange fiat currency for virtual currency at a virtual currency kiosk and deposit the virtual currency at an address supplied by the individual;
  • A customer takes out a HELOC or second mortgage and uses the proceeds to purchase virtual currency or wires the proceeds to a VASP for the purchase of virtual currency;
  • A customer receives a deposit of virtual currency at or slightly above the amount the customer previously transferred out of the virtual currency account, and the deposit is followed by outgoing transfers of substantially larger amounts;
  • A customer’s accounts is accessed by unique IP addresses, device IDs, or geographies inconsistent with prior access patterns. In addition, logins to a customer’s online account at a VASP come from a variety of different device IDs and names inconsistent with the customer’s typical logins.

The alert encourages FIs to refer victims of pig butchering to the FBI’s IC3 website as well as the Securities Exchange Commission’s Tips, Complaints, and Referrals (“TCR”) website. When filing a SAR, the alert asks FIs to include any relevant technical cyber indicators including: the type of virtual currency and digital assets involved, the virtual currency or digital asset addresses and transaction hashes native to the blockchain(s) involved, any applicants used, and the URL, domain and IP address of the service the victim was instructed to send the virtual currency to.

Finally, and very generally, we note that the number of civil suits against FIs by their customers are growing, appropriately or not, based on alleged failures to detect and stop such schemes.  This topic, which involves civil litigation concepts and defenses under the Uniform Commercial Code, is beyond the scope of this blog post.  Suffice to say, it is conceivable that future would-be plaintiffs will use this alert, as well as other publications by FinCEN, to buttress civil litigation complaints and arguments in support of claims against financial institutions.