The ringing of the alarm clock pulls Jordan out of his dream. He had just made a profit of $100'000 with a meme coin that he bought early on and sold on the day of the Binance listing. A normal day in the life of a crypto trader – but unfortunately only a dream. It's 5:00 a.m., and it's time for a coffee before a long and exhausting day at work. During a bull market, there's only one way for him to live: 15-hour days, milking the market for as long and as hard as possible.

In the office, he is greeted by his colleague Marco, who is grinning from ear to ear. “You won't believe what happened last night...”, Marco begins. He has been working throughout the night.

“Do you remember the guy we promised to help find his lost Solana? He was hacked six months ago, and the hackers stole about 5'000 SOL from him,” Marco says. 'We offered to retrieve the remaining coins at a cost of 10 percent, or 500 SOL. Jordan nods.

“So? Are you telling me that he's already transferred the 10 percent?”

“Yes, he was so happy to have someone come to his rescue.”

500 Solana – at today's prices, that's more than $100'000 US dollars. Of course, the poor guy will never hear from them again. Delete the chat, block him, move on.

Jordan and Marco have various tricks up their sleeves. They call the strategy they just used “A ray of hope”. They pretend to want to help the victims, only to then run off with the advance payment and leave the already robbed victim with yet another nightmare.

A glimmer of hope

In Telegram groups, they look for victims of fraudulent platforms, phishing links or hacks, because desperate people are often easy to convince – and trick.

They contact the victims directly, pretending to be professional employees of an international association that fights fraudsters and hackers in the crypto sector.

A conversation often ensues in which the victim describes all the details of their unfortunate situation. They listen carefully, show understanding and emphasize their willingness to help. They refer to their official website – the site appears professional and reputable, with numerous success stories from supposedly happy customers.

Of course, the service is not free, but the victims usually understand that. After all, what is ten percent of the total when you have already considered the money lost? And in such a desperate situation, even the advance payment can be justified.

A simple message, nothing major – and yet so effective. The reactions are often the same: hope, and the faint thought that the lost money might not be gone forever after all.

Trust is everything

The next phase of their daily routine takes them across Twitter, Telegram, LinkedIn, and even dating apps and online chat rooms. Over the years, Jordan and Marco have built up an international network: a few “friends” here and there, contacts with fake profiles that they maintain regularly and sometimes for months. They know that trust is not built in one day. It is gained in small steps – through seemingly meaningless messages, friendly small talk and long-term interaction.

One of their favorite tricks is the “pig butchering strategy”. It starts with nice words, deep conversations, showing understanding, small talk and advice on the crypto market. And then, when the time is right, a gentle hint is dropped: they tell the victim about a great platform for investing and trading – it won't hurt to give it a try, will it?

The victim has come to trust them by now, after all, they have been in contact for several days or even weeks. The victim deposits money on the alleged platform. There, it is pretended that the victim's money is being traded by “artificial intelligence” or a “professional trader”. The trick: the platform shows the victim fake profits in real time. Euphoric about the apparent success, the victim continues to deposit more and more. With each “success” comes the growing conviction that an even larger investment could pay off. And so the game continues until the victim tries to withdraw some of the money.

End of story. Jordan and Marco are happy, while the victim is left stunned.

Sometimes it's even easier. Jordan occasionally uses a strategy he calls “the donkey is left standing”. He asks his victims to wire him $500, promising to pay them back $500 plus 10 percent. The story behind this? He promises to trade it and share the guaranteed profit with them.

When someone takes the gamble, Jordan raises the stakes and pays his victims the entire sum plus profit each time. This apparent reliability convinces many to continue. Jordan accepts the risk that someone might jump ship prematurely and settle for the winnings, but should someone respond to his last request and send him $50,000... Well, then they'll never hear from him again. And while the victim is left speechless, he laughs up his sleeve.

The false identity

They have big plans for the afternoon - it could be one of their biggest coups yet. For several weeks they have had access to the Gmail account of their potential next victim, a creditor of Genesis, whom they found on the public creditor list. They now know the identity of their victim, know where he lives, have his phone number and, as mentioned, have access to his Gmail account. They obtained access by pretending to be a Google support employee in a phone call with a spoofed number. They found out that the victim was using his Gmail account for the two-factor authentication of his Coinbase account. They suspect that the person holds large amounts of bitcoin on Coinbase and plan to steal them from him.

Jordan the Coinbase employee

After a nap, the time has come. Jordan makes the call, this time pretending to be a Coinbase support employee, again with a spoofed phone number. “Hello, Mr. Fink, I'm calling you because we've noticed suspicious activity on your Coinbase account, customer number ERFTC137. Have you recently logged into your account from Mumbai, India?” Mr. Fink immediately gets nervous, but first asks if Jordan can identify himself and prove to him that he is indeed a Coinbase employee.

“Yes, of course, I can prove that to you briefly. The last time you logged into your Coinbase account before today was at 5:00 p.m. the day before yesterday from Portland, Oregon. Is that correct?” Jordan knows this because they saw on the Gmail account that Mr. Fink received a 2-FA code for logging in at that time.

“That's right, thank you very much. So, hackers from India have access to my account! What should I do?” asks Mr. Fink.

From this moment on, Jordan has him hooked. He shifts the conversation to Zoom so that he can quickly help Mr. Fink resolve the situation via Anydesk, a program for remote access to computers, because time is of the essence - the hackers could withdraw the bitcoin at any time. First, they set up two-factor authentication again, create a new password and log out all accounts that are already logged in. Jordan advises Mr. Fink to temporarily save the new password in a blank Word document so that he doesn't forget it. In the heat of the moment, Mr. Fink acts as advised - it happens, right?

Jordan and Mr. Fink briefly make sure that all the bitcoin is still there, log in again to check that everything is working, and verify that no one else is logged in and has access to the account.

“Everything's fine, I think we've made it!” says Jordan and Mr. Fink can hardly put his joy into words - he is so grateful for the quick help and is happy that his account is now safe again.

And they are gone

10 minutes later, Jordan logs into Mr. Fink's Coinbase account using the password. He receives the 2-FA code via the Gmail account and has free access to the account. It contains 15 BTC - he sends them to a new wallet and is already looking forward to going home. Poor Mr. Fink.

It can happen to anyone

In bed at night, Jordan's girlfriend asks him about his day, she knows nothing about his business - no one around him knows anything about it. Marco and Jordan do their own thing - they lead a normal life and frequently talk to each other about the moral aspects of their job. They justify their scams by saying that they are after the big fish - people who have a lot of money. They do not prey on the poor but try to take money from the rich. This often means that they are dealing with people who have a lot of experience in the crypto sector and are therefore cautious and not easy to defraud. But their success speaks volumes - it can happen to anyone, no matter how much experience they have.

How can you protect yourself?

• Don't Trust, Verify
• Use secure passwords, 2-FA and secure password management
• Never share private information such as passwords, private keys, 2-FA codes or similar with anyone
• Never open links from strangers
• Be wary of phishing scams
• Check every link before clicking on it; check every website URL
• Avoid public WLAN networks
• Just because someone claims to be an employee of an exchange or similar does not mean that they actually are
• Regularly check accounts, passwords and 2-FA settings
• If possible, do not disclose any information about crypto assets
• Keep your software updated
• Be extremely cautious with sharing information