Sha Zhu Pan Frauds: Tracing Cryptocurrency from Nose to Tail
This is an Insight article, written by a selected partner as part of GIR's co-published content. Read more on Insight
- Sha Zhu Pan frauds, or Pig Butchering frauds, are a specific fraud typology that involves the building of trust with a victim over an extended period before exploiting them for cash, often via a sham investment scheme. Such frauds have grown explosively in recent years.
- Victims of such frauds will often be walked through the acquisition of cryptocurrency before being instructed to transfer it to the fraudster. To seek recovery, a necessary step will be to trace the movement of funds to identify an entity or individual that can provide further information about the fraudster or to freeze funds.
- Tracing cryptocurrency through the blockchain is possible, but fraudsters continue to employ sophisticated techniques to obfuscate transaction flows. Such techniques include layering, chain-hopping and, most effectively, the use of tumblers.
- If a tracing exercise is successful, a victim may pursue both criminal and civil routes to recover stolen assets.
- Pig Butchering scams are on the rise
- Crypto-tracing techniques are needed to effect recovery
Referenced in this article
- Fangzhou Wang and Xiaoli Zhou, Persuasive Schemes for Financial Exploitation in Online Romance Scam: An Anatomy on Sha Zhu Pan in China, Victims & Offenders
What is a Sha Zhu Pan fraud?
Sha Zhu Pan frauds are increasing in prevalence across the globe, and are leaving thousands of unfortunate victims counting the cost of this very well-organised criminal enterprise. The phrase Sha Zhu Pan (‘杀猪盘’) literally translates from Mandarin to English as ‘Pig Butchering’. This rather colourful term is used to describe a fraud typology whereby a fraudster (or often a syndicate of fraudsters) builds trust with a victim over weeks and months before executing the fraud to exploit the trust and extract money or other valuable assets from the victim.
It is called a pig butchering scam because the fraudster needs to invest in the scamming process. Building trust with a victim can take significant time and money — likened to the cost of raising a pig. Subsequently, once a victim has been sufficiently groomed (and in the parlance of this fraud, the pig has been sufficiently ‘fattened’), then the fraud is executed, that is, cash or an equivalent is extracted from the unwitting victim.
This particular scam purportedly has its origins in mainland China, and many of the earlier incidences of this scam occurred domestically. A recent study claims that, to date, nearly 60 per cent of total fraud cases reported to Chinese authorities relate to Sha Zhu Pan frauds, and the total associated loss exceeds 25 per cent of all reported fraud cases. In more recent years, however, the scam appears to be far more global, with victims being targeted internationally, including in North America and Europe. In terms of the losses per victim, it is understandably hard to quantify the dollar value. However, an online consumer rights group named Global Anti-Scam Organisation has been in contact with 1,483 Sha Zhu Pan victims worldwide and has identified US$256 million in losses, an average of US$173,000 lost per victim.
The methodology used to operate and execute a Sha Zhu Pan fraud is concisely noted in a recent study: ‘The anatomy of the Sha Zhu Pan operation is very much like the traditional online romance scam, involving the stage of initial searching, the stage of grooming/trust-building, and the stage of financial exploitation.’ The study also notes that the scammers themselves are often highly organised; much like how a business might be run; there are various departments and individuals that are responsible for performing a specific function, be that hosting the victim (ie, responsible for the day-to-day interaction), creating and maintaining the fictitious trading sites or facilitating the laundering of stolen funds.
In the fraud’s most recent iteration, the use of the internet, messaging apps and social media to perpetrate the criminal activity has increased both the reach of the fraud and the value that can be extracted from the targets.
The first stage of a Sha Zhu Pan fraud is the identification of a target. There are many ways in which the fraudsters seek to gain a connection with an individual. Some of the more common methods include the following.
Dating apps such as Tinder, Bumble, Hinge, etc, can prove to be fertile hunting grounds for fraudsters. They will use fake pictures and profiles, and typically will try to move conversations from the app to other messaging platforms as soon as possible to avoid detection.
Social media sites give would-be fraudsters access to huge pools of individuals and often access to their personal data. Websites such as Facebook, Instagram and Twitter allow fraudsters to message targets directly, which, if successful, can be the starting point of the fraud. In particular, the professional social media network LinkedIn has recently been highlighted as receiving substantial attention from would-be scammers. This appears to be because fraudsters can see an individual’s career history and educational background, both of which can be informative as to the likely relative affluence of the individual and therefore allow scammers to be more targeted in their approach. The risk is compounded by the fact that LinkedIn is perceived as a safe, professional networking site and that users may expect legitimate business leads to be generated through this online network. As such, inbound messages may not be treated with as much scepticism as they may otherwise be if received through a different channel. Given this, an FBI spokesperson noted in a recent interview that fraudsters who exploit LinkedIn connections for such frauds pose a ‘significant threat’ to the platform and consumers.
Another target identification method that has been observed is the use of direct contact via messaging applications such as WhatsApp. The fraudster will send a message to the victim ‘by mistake’, purportedly as a result of a numerical transposition or other error. From there, the fraudster will initiate and seek to build a relationship with the victim before the next stage of the fraud. An example of this type of introductory exchange can be seen in Figure 1.
Building the relationship
After contact has been made by the scammer, the next step the scammer takes is to continue to develop the relationship with the individual. This is the grooming stage, where the fraudster will send messages to victims, often daily, that are based on a predefined script. Such scripts are elaborate and convincing, intending to draw the victim further into the deception. The conversation will initially focus on building a sincere relationship before turning towards a discussion of investment opportunities and, in recent examples, investment in cryptocurrency.
Executing the fraud
Once the fraudster believes they have established enough trust, they will increase the frequency and pressure on the victim to engage in a particular investment scheme. To encourage the victim to part with cash, the fraudster may offer to loan money to the individual and may even pay small amounts in ‘investment profits’ to build further confidence in the legitimacy of the investment.
The culmination of the fraud will be for the fraudster to extract the maximum value they can from the victim by inducing larger and larger payments into the fictitious investment scheme that will ultimately never be returned to the victim. In addition to the ‘investment’ sums that are solicited, the fraudster may seek to extract other payments for fictitious taxes or fines.
Sha Zhu Pan and cryptocurrency
More generally, cryptocurrency has emerged as a further alternative conduit for fraud; the US-based Federal Trade Commission has recently estimated that the value of cryptocurrency thefts from US citizens topped US$1 billion between January 2021 and March 2022. Cryptocurrency is an attractive medium for fraud due to its perceived complexity and the pseudo-anonymity that it offers. This, coupled with the explosive growth in value, growing mainstream adoption and general public curiosity, has contributed to the exponential rise of its use.
Sha Zhu Pan frauds are no different in their adoption of cryptocurrency and have moved away from forex, gold and other investments as fictitiously traded assets. In recent Sha Zhu Pan frauds, the victims are induced to invest in cryptocurrency with the promise of double-digit returns on their investment. Unfortunately, these investments are typically channelled through puppet exchange platforms controlled by the scammers and, without intervention and investigation (as described below), the victims will likely not see their cryptocurrency again.
Cryptocurrency transaction tracing
Why do we need to trace cryptocurrency?
In the unfortunate event that an individual has fallen victim to such a Sha Zhu Pan scam involving cryptocurrency, one of the starting points for recovery efforts will be to undertake a cryptocurrency tracing and investigation exercise. Such an exercise will seek to identify at a minimum:
- how the funds have moved since they left control of the victim’s wallet;
- where the funds appear to have been moved to and the associated wallet addresses; and
- any transactions between the wallet addresses moving the stolen funds and identifiable wallet addresses that may hold information on the fraudster (if not the assets themselves) — for example, wallet addresses that are known to be associated with centralised exchanges.
This exercise is possible as many cryptocurrencies exist on public blockchains, which allow anyone with access to the internet to view the transactions undertaken within the network as well as see balances held by a particular wallet address. This is in significant contrast to a traditional fund tracing exercise where court orders would typically be needed requiring banks to provide bank statements.
How do we start to trace cryptocurrency?
The starting point for any tracing exercise will be to identify a wallet address that is held or was funded by the victim of the fraud. In Sha Zhu Pan frauds, the fraudsters will often walk the victim through the process of acquiring cryptocurrency, and this is frequently done via a centralised exchange (eg, Coinbase or Binance). After the cryptocurrency is acquired, the funds will then typically be transferred to the first layer cryptocurrency wallet of the fraudster.
This initial on-chain transaction, moving funds from the centralised exchange to another cryptocurrency wallet outside of the exchange, can be followed on the public blockchain and would be the starting point for the investigation. To view this type of straight forward on-chain transfer, an investigator can undertake a simple transaction tracing exercise using blockchain explorer tools such as blockchain.com for Bitcoin or Etherscan.com for Ether or other ERC-20 tokens.
For example, an extract from Etherscan can be seen at Figure 2, which shows a transaction wherein USDC26,313.66 is moved from wallet 0xc2d059d44f8e0e0db2264d7e886307adbe6ba18xe to wallet 0x2d299a04196cd8335cca5711d45f5b1bc19daa0f. This basic information allows investigators and tracing experts to follow the movement of tokens from wallet to wallet.
Why perform the tracing exercise?
The purpose of the tracing exercise is to try to identify information that could lead to the identification of the fraudster or the recovery of assets. To achieve this, an investigator will typically be looking for an exit point or off-ramp. Exit points/off-ramps are where the fraudster seeks to move the digital asset into the traditional finance world and is where they are most likely to leave a digital fingerprint that could lead to a progression of the investigation. When looking to off-ramp, there are many options available to a fraudster, but one of the most common and accessible is the use of a centralised exchange that allows digital assets to be exchanged for fiat currency.
If the digital assets can be traced to a centralised exchange, the victim and their advisers may be able to seek to freeze assets with that exchange via relevant injunctive relief, or else seek to receive further identifying information linked to the account holder that received the funds.
Obfuscating fund flows
In the case of cryptocurrency frauds, the fraudster will rarely have a simple linear transaction flow through to an exit point, and fraudsters are all too aware of the traceability of their transactions on public blockchains. As a result, they will go to great lengths to frustrate transaction tracing efforts to make the process more difficult or even impossible. Some examples of deliberate obfuscation techniques are set out below.
Layering is not a new concept and exists in the fiat currency world; it is associated with traditional frauds and money laundering. At its core, layering is the process of undertaking a series of transactions to separate the stolen funds from their illicit beginnings. Within the world of cryptocurrency, fraudsters will often move funds from wallet to wallet and comingle funds with already existing funds to obscure transaction flows.
One of the more infamous layering-type transactions within the cryptocurrency space is called a peel chain. A peel chain takes an initially large value in a cryptocurrency and undertakes numerous lower-value transactions to ‘peel away’ the value from the main pot. Both the smaller-valued ‘peeled transaction’ and the larger-valued onward transaction would typically utilise a new wallet address each time.
The peeled transactions may also be sent directly to a centralised exchange in the hope that, as the values are relatively small, they will not raise red flags. Notwithstanding, as this is a relatively common method that money launderers will employ, blockchain analytic tool providers will often seek to highlight this pattern of behaviour if it is observed, enabling the centralised exchange to react and review the transactions accordingly.
An illustration of a peel chain is provided at Figure 3 below. This diagram shows a situation where an initial wallet holding 5 BTC sends 0.4 BTC to a clean wallet, and the 4.6 BTC would also be sent to a separate clean wallet. The onward transaction flows continue to peel off relatively small amounts of bitcoin until almost all of the original wallet value has been dissipated. This type of layering was famously used in the 2016 hack of BitFinex (a major centralised cryptocurrency exchange) where nearly 120,000 BTC was stolen.
Figure 3: Example bitcoin peel chain
Not all blockchains are openly accessible, and certain cryptocurrencies have ‘privacy-enhancing’ features making the tracing of them considerably more difficult or even impossible. These privacy features include the use of encrypted transaction metadata, ring signatures that prevent users from identifying the true sender of a transaction and native one-time use addresses. Such cryptocurrencies are called privacy coins, and popular examples of these include Monero and Zcash.
It therefore necessarily follows that such privacy coins are particularly attractive to fraudsters who are looking to hide transaction fund flows. While certain blockchain forensic tools claim to be able to visualise and trace certain privacy coins, if an investigation and tracing exercise leads to a privacy coin, it will be substantially more difficult to perform the tracing exercise.
Chain hopping and use of decentralised exchanges
The use of decentralised exchanges (DEXs) to layer the proceeds from Sha Zhu Pan frauds is particularly common and provides unique challenges to an investigator.
A DEX is a cryptocurrency exchange that operates without any centralised authority managing the exchange process. It allows users to swap cryptocurrencies token for token and functions in a fully autonomous way using smart contracts to enable the exchange. Importantly, very often DEXs have little to no know-your-customer policies and procedures, allowing tokens to be exchanged anonymously.
A DEX can facilitate chain-hopping, which is a method that fraudsters can use to try to cover their tracks after having stolen illicit funds. It allows the exchange of a cryptocurrency that could fall under the control of its issuer to a cryptocurrency that cannot be restricted in the same way, or, can be ‘tumbled’ as described below. For example, if the fraudster receives USDT, they may want to convert that to Ether as soon as possible. This is because the issuer of the USDT may seek to freeze these tokens in a particular wallet (likely at the request of law enforcement). The conversion from USDT to Ether will also allow the fraudster to use popular tumbling protocols such as Tornado Cash, also discussed below.
The additional layering notwithstanding, if stolen tokens are moved through a DEX, it is often still possible for investigators to follow the fund flows on the blockchain, which may not otherwise be possible if they were moved to a centralised exchange (compliant or otherwise).
Use of tumblers
Probably the most popular and effective tactic that can be used by scammers to make the tracing of the cryptocurrency flows more challenging is the use of cryptocurrency tumblers.
What is a tumbler?
A tumbler is an online cryptocurrency service that is used to obscure a transaction trail from a sender (S) to the receiver (R) by mixing cryptocurrencies from other senders into a pool before then distributing the cryptocurrencies to the designated receiver(s).
For example, in a simple transaction as shown at Figure 4, it is clear that R1 received one unit of cryptocurrency from S1.
However, when a tumbler is used, it is much harder to establish linkages between the incoming and outgoing funds with a high degree of confidence, Figure 5.
As the tokens being moved through a tumbler are necessarily fungible, without knowing the instructions provided by the user, an investigator will not be able to identify exactly which input token (Sender) relates to which output tokens (Receiver).
Centralised and decentralised tumblers
There are two types of tumblers; centralised and decentralised. As with centralised and decentralised exchanges, the primary difference between the two is that centralised tumblers are owned and controlled by individual parties, while decentralised tumblers are autonomous and are controlled only by the code of the smart contracts and protocols by which they interact.
Although a centralised tumbler is easier to set up and administer, the level of anonymity it provides is limited by the fact that law enforcement agencies can seize the transaction records. Such record seizure would allow the matching of inputs and outputs and, therefore, a continuation of the transaction graph.
An example of such a seizure occurred in May 2019 when European authorities seized BestMixer.io, a centralised Tumbler. Law enforcement successfully secured information, including IP address, transaction logs, wallet addresses and chat messages from the seized servers. This occurred even though BestMixer.io claimed that the order history was automatically and permanently destroyed 24 hours after the execution of the order.
Decentralised tumblers offer a trustless tumbling service by using smart contracts, which are programmes that will run automatically according to the defined rules when predetermined conditions are met. Such tumblers may be preferred by those looking to use tumbler services, as they do not need to trust individuals or entities; rather, they need only trust the code on which the tumbling protocol is based.
Example of a decentralised tumbler – Tornado Cash
Tornado Cash is one of the most popular decentralised tumblers on the Ethereum network. It allows users to deposit cryptocurrency to a smart contract that gives them an encrypted note (similar to a private key). Using the encrypted note, the user can subsequently withdraw the funds to a specified Ethereum wallet address.
The Tornado Cash smart contracts also limit each deposit and withdrawal to a fixed amount of cryptocurrency (eg, 0.1 Eth, 1 Eth, 10 Eth and 100 Eth), which further anonymises the transaction flow. By doing so, for example, all deposits and withdrawals interacting with Tornado Cash: 1 Eth smart contract are all either depositing or withdrawing 1 Eth.
At the time of the deposit, the user is not required to specify the destination address for withdrawal, and there is no time limit to withdraw the funds that will be held in a liquidity pool within Tornado Cash. It is at the discretion of the holder of the encrypted note to decide when to withdraw the cryptocurrency. In general, the deeper the pool, and the longer the time the users wait to withdraw the funds, the higher the level of anonymity.
In addition to the high level of anonymity that the tumbler already affords, upon withdrawal from Tornado Cash, the option of using a relayer is also provided. When Ethereum is withdrawn from the tumbler, a transaction fee is required to be paid from the wallet receiving the Ethereum. If the wallet is a new clean wallet, it needs to be funded to pay these transaction fees. This therefore would require the wallet to be funded by the tumbler user, which in turn may cause some level of de-anonymisation. To fix this, Tornado Cash implemented the concept of a relayer that acts as a third party to manage the entire withdrawal.
Tracing cryptocurrency through Tornado Cash
When looking to perform an investigation and tracing exercise when Tornado Cash is used, the encrypted note would be the most important key to the transaction trail. Tornado Cash allows people to use the encrypted note to generate a compliance report showing the deposit and withdrawal records, including the transaction time and the wallet addresses. However, in the context of a Sha Zhu Pan fraud, it is very unlikely that an investigator will have access to this key, so other investigation options must be considered.
In the absence of other information, blockchain heuristics can be used to seek to link inputs to a tumbler with outputs from a tumbler.
Blockchain heuristics are essentially shortcuts/problem-solving techniques that use other information within the blockchain to deduce insights. It is important to note that such heuristics cannot be exclusively relied upon and do have significant limitations; however, when augmented with other investigation techniques, blockchain heuristics can be a useful tool.
For example, if an investigator was performing a transaction-tracing exercise that led to a tumbler, they may look to employ heuristics to continue their transaction tracing efforts, identifying the tumbler outputs that correspond with the inputs. The investigator would first look to identify all of the outputs from the tumbler as recorded in the blockchain — If the funds have been moved out of the tumbler, then this group of transactions will include those funds that the investigator is looking to trace.
In this scenario, a very basic heuristic that could be used to identify the onward fund flow is to disregard all output transactions that have timestamps occurring before the input timestamps. Other more advanced heuristics that may enhance an investigator’s understanding of the output include:
- Total value of outputs v inputs – output addresses that receive greater amounts than the input addresses deposited are less likely to be related.
- Commonality in receipt of tumbler outputs – if two addresses receive an output from a tumbler, and then the first address subsequently sends funds to the second, we can assume that these two addresses are under common control.
- Common neighbouring addresses – if two addresses receive an output from a tumbler, and both subsequently move funds to a common third address, we can assume that all three of these addresses are under common control.
- Detour errors – transactional links between any of the tumbler input addresses and subsequent output addresses would demonstrate links between input and output addresses.
This list is not exhaustive, and other heuristics may be used or developed based on the specific information available and bespoke to the tracing scenario.
After the tracing exercise
If the investigator of the Sha Zhu Pan fund flow has successfully managed to identify a wallet address that appears to be linked to an exit point as defined above, the next steps can be assessed.
The options available to the victim will typically include:
- working with law enforcement to advance seizure efforts as well as pursue the fraud’s perpetrators;
- consider with counsel potential targets for civil proceedings to freeze funds or pursue those services or entities that have facilitated the movement of the stolen funds; and
- consider with counsel potential targets to obtain information on the real identity of the fraudster.
What happens if you or your clients have been scammed?
If, unfortunately, an individual does become the victim of a scam, there are certain initial steps that should be taken. Such steps are also recommended by the team at the consumer awareness site, Global Anti Scam:
- report the scam to the relevant local authorities, law enforcement or regulator in the jurisdiction that you are in;
- contact the bank or cryptocurrency exchange that facilitated the transfer so they are made aware;
- undertake a wallet and transaction tracing exercise to identify the movement of the stolen funds; and
- speak with specialist counsel or investigators to understand what the next steps in a potential recovery may be, given the circumstances specific to your case.
 Fangzhou Wang and Xiaoli Zhou (2022): Persuasive Schemes for Financial Exploitation in Online Romance Scam: An Anatomy on Sha Zhu Pan (杀猪盘) in China, Victims & Offenders, DOI: 10.1080/15564886.2022.2051109.
 See Footnote 1.
 ERC-20 stands for Ethereum Request for Comment 20. This is a token standard that sets out certain parameters that allow for interoperability across the Ethereum network. Well known examples of ERC-20 tokens include USDC, USDT, BNB and DAI.
 USDC is a digital stablecoin that is pegged to the USD and managed by a consortium called Centre.
 Other information that is included in this extract shows whether the transaction has been successfully recorded on the blockchain, the transaction (gas) fees and the smart contract that the token transaction has been conducted pursuant to.
 A clean wallet address is an address that has not previously entered into any transactions. Such peel transactions may also be sent directly to an exchange.
 The Bitcoin protocol works on an ‘unspent transaction output’ (UTXO) basis. Depending on the software wallet used, UTXO not peeled from the chain would typically be transferred to a newly created wallet address.
 Note that since the drafting of this article, Tornado Cash has been added to the OFAC Sanctions list and may no longer be as popular a choice for token tumbling.
 By having standardised smart contracts, deposit and withdrawal amounts cannot be matched by virtue of their value (eg, If we saw 1.233522 ETH being deposited and then exactly the same amount being withdrawn, we would have much greater confidence in linking this input and output).
 This is a significant assumption, and it is possible that the fraudster may keep funds within a tumbler’s liquidity pool.