Researchers studying cybersecurity are alerting people to a massive cryptocurrency scam that is sweeping through Asia, especially Japan, and combines long-term social engineering with abusive online advertising. The campaign combines the so-called "pig butchering" investment scam model with malicious online advertisements. After observing unusual DNS activity from Japanese internet users, investigators found thousands of suspicious domains.

What at first glance seemed to be a standard fraudulent trading platform was actually a hybrid scheme intended to draw in, deceive, and eventually deplete victims' finances. According to reports, individual losses have topped ¥10 million, or roughly $63,000. Social media platform ads are the first part of the attack. The advertisements either promote a cutting-edge "AI investment algorithm" or pose as well-known financial experts.

Users are taken to a polished website after clicking on the advertisement.

The website directs victims to participate in discussions on trustworthy messaging apps like LINE, WhatsApp, or KakaoTalk rather than requesting money right away. Victims engage with student organizations, assistants, and alleged investment mentors in these conversations. Researchers discovered that a large number of these accounts were probably chatbots with AI assistance.

To gain trust, they constantly interact with victims, post screenshots of fictitious profits, and fabricate success stories. Pig butchering combined with malvertising (Source: infoblox) Victims are convinced to make progressively larger investments over the course of weeks or months. Scammers eventually ask for a last "release fee" in order to unlock profits that never materialize. Over 23,000 domains were linked to the campaign, according to a technical analysis of the Scalable and Automated Fraud Ecosystem.

Many were produced using registered domain-generation algorithms, which made it possible for criminals to quickly create and rotate websites in order to evade takedowns. While some domains imitated reputable brands to look authentic, others used arbitrary characters. The lure websites' similar layouts and messaging point to a shared scam kit or "fraud-as-a-service" platform that is utilized by several criminal organizations.

Additionally, investigators saw messaging behavior, infrastructure patterns, and advertising trackers that overlapped between campaigns. The scam's structure is deliberately created to give victims the impression that their actions are voluntary. They lessen suspicion by clicking advertisements, starting conversations, and posing questions. To keep members engaged, chat groups offer rewards, points-based incentives, and ongoing engagement.

Conversations that flowed continuously across time zones and languages were observed by researchers who had direct contact with the scammers, clearly demonstrating automation. Clusters related to campaigns that are made up of domain nodes and infrastructure (Source: infoblox) The use of AI-driven messaging systems was further supported by repetitive dialogue and quick responses at all hours. Developing Outside of Asia The operation is growing internationally, with campaigns now taking place in English-, German-, and Spanish-speaking regions, despite its primary targets being South Korea and Japan.

Each month, analysts identify thousands of new scam domains. Efficiency is significantly increased by the hybrid approach. While messaging apps offer psychological manipulation and long-term trust building, malvertising offers scale and reach. Criminals can operate globally without large human teams by automating conversations.

Since January 2025, the second-level domain (SLD) registrations associated with these campaigns have been distributed monthly (Source: infoblox). This model, according to researchers, is the next step in the development of online financial fraud. Until the last payment request, victims frequently think they are taking part in legitimate investments, in contrast to traditional scams.

The money is lost by the time the fraud is exposed. Infoblox reports that security experts advise users to steer clear of social media investment offers, independently check financial advisors, and consider any request for private transfers or upfront fees to be a clear sign of fraud.