Cryptocurrency investment scams: Victims are fattened up, butchered and discarded

“Susan” is a pseudonym for the primary victim of an elaborate investment fraud.

After retiring from being a school teacher, Susan set out to find a way to invest her retirement money. Searching the internet for a place to invest her savings, she came across an online ad for a cryptocurrency investment, so she left her details through the ad.

She thought she was buying cryptocurrency. 

The criminals got her to set up Binance and ExchangePoint accounts, but later she realised the cryptocurrency she was buying did not appear in her accounts. Additionally, the criminals sent her the cryptocurrency addresses to deposit to, but it was all a sham.

The misdirection was elaborate. 

It was all found out later on that the transactions she made were all in cash and did not make any cryptocurrency investments at all. Now, instead of having the rest of her life to enjoy the fruits of her labour, she is suffering from the negative effects the incident has brought to her life.

Susan is a victim of a common cryptocurrency investment fraud. 

Investment fraud syndicates will often target retirees who are not computer literate and mislead them in countless ways. These complex networks pose as a legitimate investment entity or firm and offer to guide you throughout the investment process including depositing money, but behind this accommodating facade hides an odious scheme with extremely intricate systems.

The victim was tasked with opening Binance and ExchangePoint accounts to buy cryptocurrency. 

The criminals gave Susan wallet addresses to receive the transfers, which she assumed were her own wallet addresses. Upon inspecting her blockchain accounts, there were no records of any cryptocurrency coming in. 

The syndicate created an ongoing stream of deception in order to make unauthorised transfers to their banks without raising any suspicion.

With credit card payments, victims don’t know the destination of their transfers — blurring out the transparency of the transactions. Though Susan claimed that she was emailed “receipts” of the deposits, they were fabricated to deceive both the investor and subsequent investigators.

Turning to the police; getting turned away

After the incident, Susan went to the Canadian police to report the crime to which they gave no assurance that the case would be worked on soon, as the money was overseas and beyond their jurisdiction. 

The victim was presented with a standard proforma template, to completed by hand, to describe the crime. As much space was given to the preamble describing the person reporting the crime as was available to describing the crime. 

This situation is equivalent to requiring a victim to ‘explain the Enron collapse in 30 words or less”. 

The proformas are designed for simple crimes that occur on one day and in one place, not for protracted crimes of complex deception. Furthermore police will interpret the involvement of other jurisdictions as a reason to refer the victim to those jurisdictions, because international communication by law enforcement is so difficult and cannot be conducted by junior officers. 

Ideally the police would have spent hours debriefing her and recording the details, in sessions over several days, however they don’t have the training and resources to do this.

Although it is a fact that the Canadian police are obliged to accommodate victims of such cases, the reality is that our law enforcement is often overworked and underpaid. An average policeman — not only in Canada but in every country — will have at least 50 different crimes filed on their desks, working only in teams of five. 

In the UK, for example, the number of police officers assigned to a white-collar crime is 0.8%. The actual number of white-collar crimes makes up about 40-60% of the crime rate in the UK, and a large portion of those reports have all elements of the crime within their jurisdiction, yet, even when the details are served on a plate, progress is made at a glacial pace.

There are three important locations that relate to every case: 

  • Where the victim is.  
  • Where the stolen assets are. 
  • Where the criminals are. 

The fewer factors of the crime that are within jurisdiction, the harder it is to move forward with an investigation. 

The priority of police will always be cases where violence or threats to life are involved. If someone is being assaulted or threatened, police must intervene immediately to protect them. 

White-collar crimes such as frauds are strangely given lower priority than simpler crimes, therefore resources are not assigned and as a result resources are not assigned to such complex scams and frauds.

The truth is that local police lack the resources and manpower to pursue fraud investigations. For a police unit to investigate these types of crimes, they need to devote a lot of time in order to piece together these puzzles: conducting research to connect the dots, and not to mention having to debrief the victim to help them consolidate their thoughts. They need to connect to authorities overseas as well if the crime is transnational. For the extensive work required for such complexities, law enforcement isn’t compensated nearly enough; there is no reward for them.

Manipulating transactions using AnyDesk

One of the first steps taken by Pacific Risk was to trace back the transactions made by the victim. Susan was requested to log onto her account on ExchangePoint, which was the first time she logged on by herself. She noticed that everything was different. Particularly, the Interac payment option that she would usually select was gone. 

When Susan made her deposits, she allowed the perpetrators to control her computer. This was done using Anydesk, a software that allows independent remote access to personal computers and other devices. Whenever the criminals were connected to her computer, she was unaware that they redirected her to a fake website that had an Interac “frame” overlaid onto it that made it look like it was part of ExchangePoint.

It is extremely common for syndicates to target victims whose technical proficiency is low, especially the elderly, so that they can offer to help them using remote-control programs like AnyDesk which are commonly used by tech support professionals to gain access to another individual’s computer to directly help them sort out their desktop issues. Applications like this are introduced to victims as “screen-sharing” software when in fact they give other people complete access to your computer.

So close, yet so far

Pacific Risk reached out to the cryptocurrency exchange ExchangePoint, asking if they accepted transfers from Canada to which they declined and said that they do not service Canadian clients nor do they accept Interac as a payment option. Interac is a Canadian interbank network whose fund transfer services only work for Canadian banks, which only means that the banks she had transferred money to are actually local accounts. Only then was it understood that she was transacting with local bank accounts which would have made a stronger case to present to the police, who wrongly assumed that there were no perpetrators in Canada.

Susan owned three bank accounts which she would use alternately in her transactions with the criminals. To figure out the whereabouts of the missing funds, the investigation firm backtracked and analysed the reference codes linked to Susan’s previous transactions and only one of the three banks, CFCU, obliged to give out the recipient information from the transaction, which led them to the Digital Commerce Bank of Canada.

Investment syndicates have networks spanning the entire globe. In this case, it became evident that the criminals had operations in Canada, among other locations. These syndicates will have money mules from different countries to help them move the money out Canada. The criminals will soon have another set of new mule accounts opened.

In a similar event, on October 24, 2023, 84 people were arrested in Hong Kong for opening mule bank accounts for a criminal operation involving nearly HK$100 million. The account holders had allegedly earned sums between HK$2,000 and HK$2 million for a variety of fraudulent activities including investment scams, romance scams, employment frauds, and many more. These individuals will be charged with the crime of money laundering for aiding the theft.

Generally speaking, not all money mules in frauds like this are knowingly part of the operations — they are merely a cog in the machine. Individuals and companies alike can participate in money laundering. 

Some money mules will be clueless about how their bank information is being used. In some instances, visiting tourists will be enticed to open a bank account in a foreign country, exchanging their bank details for a sum of money. 

By doing so, they are oblivious to the risk of being prosecuted for these crimes.

Another example of money mules is Filipino domestic workers in Hong Kong, who are often targeted to open bank accounts based in the Philippines without any idea of what they are getting into and, unfortunately, end up being charged with money laundering.

Fraudsters and their factory of websites

TudoFX is one of the many fraudulent trading websites set up by the syndicate. It is controlled by the criminals, so the numbers are completely manipulated to mislead the victims on their trading progress when in reality, there is no investment occurring. When the victims deposit money through Interac, the details and confirmation are fabricated by the criminals to deceive the depositors into thinking that they are making a profit.

However, the site is just text on a page without any substance or functionality at all. TudoFX is an illusion — merely a webpage where criminals can type in anything they want. Websites like these are used all the time by investment fraud syndicates. Thousands of these fraudulent web pages will ask for your personal details. What is dangerous is that they are designed to look like regular advertising pages that any person would respond to when they are interested in a product or service.

Unfortunately, once these sites are taken down, a new one will always arise with a different name and domain to continue the cycle. Scammers are registering hundreds of domain names per day to use in their operations. In addition to that, they will deceptively write good reviews about their own websites on Trustpilot, WikiFX, or other similar review sites to build a facade of credibility.

A greedy attempt at a second fraud

Susan never let the perpetrators know that she was finally aware of the scam, but once they noticed that she had stopped responding or making new deposits, they understood the picture. This time around the criminals took the initiative to reach her again using a different tactic, claiming to be recovery agencies that could help her retrieve her lost funds. These two groups went under the names TradeControl and Blockchain Investigation Agency.

This is another common scheme by fraudsters to make a second attempt at stealing money from their victims. Although frustrated, thankfully, the victim did not take the bait and instead went straight to the authorities.

Representing the case to the Canadian police

After having no luck with the police force, Susan was referred to Pacific Risk to help her put together a compelling case. As of writing, the case is being represented to the Canadian police with a more refined documentation of events and details involved in the crime, pieced together primarily by Pacific Risk.

The Pacific Risk team specialises in fraud investigations. Their detailed and comprehensive reports enable law enforcement to understand complex frauds and also inform legal counsel when preparing civil cases for court.

Have you or someone you know fallen victim to a scam? Contact Pacific Risk to book a free, exploratory call so we can understand your situation and see if we can help.

Please enable JavaScript in your browser to complete this form.