Advertisement

Online scam cycles are getting shorter and more effective, Chainalysis finds 

As enforcement and attribution have improved, scammers are ditching static infrastructure and drawn-out schemes for shorter campaigns that use disposable assets. 
A huge chunk of all scam revenues being tracked by Chainalysis on the blockchain (43%) were sent to wallets that only became active over the past year — something Chainalysis said suggests a surge of newly created scamming campaigns (Credit: Getty Images)

Online scam cycles have gotten significantly shorter and more effective over the past four years, as cybercriminals increasingly favor smaller, simpler, faster and more targeted campaigns that can yield higher revenues over the long term.

The findings, from a mid-year cybercrime report released Thursday by Chainalysis, show that scammers are refreshing their online and blockchain-based infrastructure faster than ever before.

For instance, a huge chunk of all scam revenues being tracked by Chainalysis on the blockchain (43%) were sent to wallets that only became active over the past year — something the company said suggests a surge of newly created scamming campaigns.

That’s significantly larger than any other observed year — the previous high was 29.9% in 2022 — and it has coincided with what Chainalysis described as a concerted effort by criminals to dramatically shrink the time they spend on one spam campaign before moving onto another.

Advertisement

“Between 2020 and 2024 YTD, the average number of days scams were active has significantly decreased, starting at 271 days for scams that began in 2020, and ending at 42 days so far for scams beginning in 2024,” the company wrote.

Source: Chainalysis

Eric Jardine, cybercrimes research lead at Chainalysis, told CyberScoop that this trend has coincided with a parallel shift: online infrastructure used for scamming — such as social media personas, social engineering websites and lures — is being discarded and replaced more quickly, as months or yearslong schemes targeting broad audiences give way to smaller, more targeted efforts that leverage pig butchering and other tactics.

Pig butchering refers to the practice of using online personas to build trust with victims before requesting a large sum of money, akin to “fattening” a hog before slaughter for the greatest possible yield.

The FBI has warned about the rising prevalence of pig butchering, noting that the bureau received more than 12,000 complaints from victims during the 2022 holiday shopping season, resulting in the loss of more than $73 million.

Advertisement

Jardine attributes the shift in scammer behavior to improved attribution of online and on-chain infrastructure, reducing the time scammers can operate before being detected. That has led to  shorter campaigns, with Chainalysis observing an uptick in the on-chain purchase of “seasoned” social media handles for  targeted romance schemes.

Source: Chainalysis

“There’s no reason to recycle your on-chain infrastructure unless you’re worried about it being tagged, tracked and having that affect your ability to cash out, for example, or having it be traced back to a real-world identity, which is then going to result in arrests,” he said.

Another reason is that it’s likely more profitable and less risky for cybercriminals over the long term. Large, Ponzi-like schemes  may offer bigger theoretical paydays at the end, but come with high risks  that Jardine described as “lots of revenue, really high probability of failure, really high probability that you’re going to get caught and really low probability you’re going to be able to off ream into fiat currency and get away with it.”

By contrast, conducting smaller, rapid operations with disposable infrastructure allows cybercriminals to more easily launder stolen cryptocurrency into fiat dollars and evade law enforcement by swiftly moving on.

Derek B. Johnson

Written by Derek B. Johnson

Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor’s degree in print journalism from Hofstra University in New York and a master’s degree in public policy from George Mason University in Virginia.

Latest Podcasts