Online scam cycles are getting shorter and more effective, Chainalysis finds
Online scam cycles have gotten significantly shorter and more effective over the past four years, as cybercriminals increasingly favor smaller, simpler, faster and more targeted campaigns that can yield higher revenues over the long term.
The findings, from a mid-year cybercrime report released Thursday by Chainalysis, show that scammers are refreshing their online and blockchain-based infrastructure faster than ever before.
For instance, a huge chunk of all scam revenues being tracked by Chainalysis on the blockchain (43%) were sent to wallets that only became active over the past year — something the company said suggests a surge of newly created scamming campaigns.
That’s significantly larger than any other observed year — the previous high was 29.9% in 2022 — and it has coincided with what Chainalysis described as a concerted effort by criminals to dramatically shrink the time they spend on one spam campaign before moving onto another.
“Between 2020 and 2024 YTD, the average number of days scams were active has significantly decreased, starting at 271 days for scams that began in 2020, and ending at 42 days so far for scams beginning in 2024,” the company wrote.
Eric Jardine, cybercrimes research lead at Chainalysis, told CyberScoop that this trend has coincided with a parallel shift: online infrastructure used for scamming — such as social media personas, social engineering websites and lures — is being discarded and replaced more quickly, as months or yearslong schemes targeting broad audiences give way to smaller, more targeted efforts that leverage pig butchering and other tactics.
Pig butchering refers to the practice of using online personas to build trust with victims before requesting a large sum of money, akin to “fattening” a hog before slaughter for the greatest possible yield.
The FBI has warned about the rising prevalence of pig butchering, noting that the bureau received more than 12,000 complaints from victims during the 2022 holiday shopping season, resulting in the loss of more than $73 million.
Jardine attributes the shift in scammer behavior to improved attribution of online and on-chain infrastructure, reducing the time scammers can operate before being detected. That has led to shorter campaigns, with Chainalysis observing an uptick in the on-chain purchase of “seasoned” social media handles for targeted romance schemes.
“There’s no reason to recycle your on-chain infrastructure unless you’re worried about it being tagged, tracked and having that affect your ability to cash out, for example, or having it be traced back to a real-world identity, which is then going to result in arrests,” he said.
Another reason is that it’s likely more profitable and less risky for cybercriminals over the long term. Large, Ponzi-like schemes may offer bigger theoretical paydays at the end, but come with high risks that Jardine described as “lots of revenue, really high probability of failure, really high probability that you’re going to get caught and really low probability you’re going to be able to off ream into fiat currency and get away with it.”
By contrast, conducting smaller, rapid operations with disposable infrastructure allows cybercriminals to more easily launder stolen cryptocurrency into fiat dollars and evade law enforcement by swiftly moving on.