After two months, Tho Vu was infatuated. The 33-year-old customer service agent, living in Maryland, had met “Ze Zhao” through a dating app, and says she quickly began exchanging messages with him all day on WhatsApp. He seemed like someone she could rely on—he called her “little princess” and sent her reminders to drink enough water. By October 2021, despite never having met in person, they were talking about where to buy a house, how many kids to have, even how he hoped she’d do a home birth. “I want to take you with me when I do anything,” he said, in messages seen by TIME. “You are as important [to me] as my mother.”
To fund their life together, Zhao pushed Vu to invest in Bitcoin. Vu was impressed by the cryptocurrency’s massive price gains. She was also reassured by Zhao’s suggestion that she buy her Bitcoin through Coinbase, an established U.S. cryptocurrency exchange, before transferring it to Zhao’s favored site. “Every time we did the trades he would repeat why we were doing it,” says Vu now. “It was always, ‘babe, we’re doing this for our future’.”
Only when Vu tried to withdraw her gains did she realise that Zhao was a fiction—and so was that trading site. She’d been sending those tokens straight to a team of professional crooks. It was a so-called pig-butchering scam—also known as a crypto-romance—in which criminals spend weeks or months gaining victims’ trust. Vu says she lost about $306,000, including her investment and additional payments she was told were fees and taxes by the fake exchange. “That was one of the most traumatic events in my life,” says Vu. “Not only had I lost all my savings, but this future that I thought would be a new adventure—it was all a lie.”
Cryptocurrency scams, like the one that Vu fell for, are driving an online crime boom right now. Romance scams, investment scams, digital wallet hacks, pyramid schemes, ransomware attacks, and even digital art thefts—the methods may be different, but wherever you find a cybercrime victim, odds are good that crypto was involved.
According to a report from the research firm Chainalysis, which tracks the movement of cryptocurrency across the internet, $14 billion worth of cryptocurrencies was sent to “illicit” wallet addresses last year, triple the amount for 2017. Those digital wallets may have been used for fraud, terrorism, or payments for child abuse material. There are so many crypto-romance victims that they have formed an advocacy group, the Global Anti-Scam Organization (GASO), which counts Vu as a member. Last year alone, GASO’s fraud reports added up to $73 million in losses.
And when it comes to things like ransomware attacks, the damages add up quickly. In February, the Chicago financial firm Jump Trading sunk $320 million into bailing out its Wormhole crypto platform after a massive hack. Meanwhile, the rush of everyday investors into crypto has created a wealth of new targets.
The challenges of recovering money in crypto scams
Many people assume that cryptocurrency is so popular with criminals because tokens move anonymously. In practice, major digital currencies such as Bitcoin and Ether are actually very trackable. Every transaction is permanently recorded on a public blockchain—essentially a decentralized database. Although real names aren’t attached, criminals become vulnerable when they try to cash out their crypto into dollars, euros, or another traditional fiat currency.
That’s because swapping crypto for fiat money requires an exchange such as Coinbase or Binance. These exchanges are regulated in many countries, including the U.S., and are required to collect information about their users. A warrant or court order could compel those exchanges to reveal those wallets’ owners.
“I think there is a false sense of security among crypto-criminals about the difficulty of being traced,” says Ben Hamilton, a forensic investigator who tracks down financial crooks for the risk management firm Kroll.
Indeed, the U.S. Department of Justice recently charged two people with laundering $4.5 billion worth of Bitcoin from a 2016 Bitfinex hack, having traced the coins through a complex web of transaction records. Investigators such as Chainalysis are monitoring the wallet addresses holding stolen funds from the Wormhole hack, meaning the culprits may struggle to cash out.
The bigger problem is actually recovering the money. With fiat currency, international transfers often don’t actually move any funds—banks can simply adjust their records of who owns what, so transactions can be blocked or reversed.
Blockchain transfers, on the other hand, are automated and almost impossible to tamper with. Tokens can be transferred across borders without any outside permission, and all transfers are totally irrevocable: if a scammer tricks a victim into sending them crypto, or gains control of someone’s wallet and sends their money elsewhere, there is no central institution to reverse the transfer. “My scammer just kept pushing me to buy Bitcoin,” says Vu. “With cryptocurrency he could be anywhere in the world and still get the money. With banking, it has an institution, it has a location.”
Authorities—generally restricted by regional and national borders—struggle to keep up. Jan Santiago, deputy director of GASO, says police forces will often refuse to follow crimes outside their geographic area, and many barely understand what cryptocurrency is. “You have to go to the FBI level, but everyone’s going to the FBI, and the FBI is overwhelmed,” he says. (An FBI spokesperson declined to comment.)
Chainalysis’ data suggests that crypto money laundering is highly centralized in a few lightly regulated countries, especially Russia, or in exchanges that obscure their location.
That points to a need for international cooperation, says Mark Turner, a managing director in Kroll’s financial regulation unit. Turner argues that nations must agree on international standards for managing the flow of illicit crypto. Governments could regulate crypto wallets as they do bank accounts, allowing exchanges to blacklist specific wallets based on their compliance status, while banks could block transfers to and from questionable exchanges.
Avoiding crypto scams
In the meantime, crypto users will have to protect—and educate—themselves. “The naivety and ignorance of many people diving head-first in the crypto world is the biggest attraction to these scammers,” says one moderator of Reddit’s CryptoScams message board, which has seen an “exponential” rise in traffic over the past year. Con artists exploit the lack of safeguards in crypto infrastructure, often coaching victims through the process of giving away the so-called seed phrases that unlock their wallets. Many popular wallet services and crypto art marketplaces also do not offer multi-factor authentication, a common way of making digital accounts more secure.
Another CryptoScams moderator, Luis Garcia, says a “culture of instant gratification” and feverish hype around new crypto projects leads to “irrational decisions.” He advises crypto users to never give out their seed phrases to anyone, and to never Google search the name of a legitimate service instead of typing in its URL directly (scammers sometimes buy ads at the top of search results for popular crypto sites in order to to lure you onto a dangerous fake site).
Be careful who you trust, says Garcia, whether buying a wallet or using an exchange—and never let anyone else manage your money, especially if you met the way Vu met her scammer. “Beware of direct messages [DMs],” he says. “Being tricked in DM can cost you everything you own.”
More Must-Read Stories From TIME