“Pig-butchering” scams are gaining increasing attention from cybersecurity experts, law enforcement and the media, due to their growing complexity, profitability and geopolitical footprint. Fueled by easy access to generative AI and a vast underground marketplace of tools and services, these scams have evolved into sophisticated operations that scale rapidly, as demonstrated in a recent report from Intel 471. In this blog post, Intel 471 takes a look at the rise of these scams, how they operate, and why the terminology used to describe them is sparking debate within the cybersecurity community.
Understanding “Pig-Butchering” Scams
These scams rely on prolonged, highly sophisticated social engineering techniques designed to deceive victims into parting with substantial amounts of money. The term "pig-butchering" is derived from the Chinese phrase “杀猪盘” (sha zhu pan), which translates to "butchering plate" in English. This vivid metaphor underscores how fraudsters view their targets, likening them to livestock, carefully nurtured before being led to market. In a typical “pig-butchering” scam, the fraudsters carefully cultivate a relationship with the victim, often pretending to be a friend, romantic partner, or business opportunity and use various online platforms to communicate. Over time, they "fatten up" the victim, gaining their trust through fake friendships, business ties or romantic involvement. Once this bond is well established, the scammer entices the victim to invest in what seems like a legitimate cryptocurrency trading platform or investment app. After the victim has invested significant funds, the fraudster pulls the ultimate betrayal: they "butcher" the victim by stealing the money and vanishing, leaving the victim with nothing.
Once the fraudsters have drained their victims' accounts, the stolen funds are typically funneled through a series of transactions designed to obscure its origin. The threat actors often use cryptocurrency exchanges, shell companies and online payment platforms. From there, the funds are dispersed across multiple accounts, jurisdictions, and assets to further evade detection. This multi-layered approach allows the criminals to move vast sums of money. The scale of these operations is staggering, with some reports suggesting millions of dollars laundered daily. These criminals are highly skilled at what they do, expertly manipulating victims across the globe, regardless of age or background.
Behind the scenes, “pig-butchering” scams are often orchestrated by highly organized crime groups based in Southeast Asia. Factors such as weak governance and systematic corruption in countries like Myanmar, Cambodia and Laos allow these operations to thrive. These scams typically operate out of large compounds, where trafficked individuals, lured by fake job offers, are forced into scamming others. The operations are efficient, highly profitable, and so well-established that some criminal groups have shifted focus from traditional activities like drug smuggling to concentrate almost entirely on these fraudulent schemes. Research from WIRED revealed that while “pig-butchering” scams have expanded into regions like the Middle East, Eastern Europe, Latin America, and West Africa, they are still largely offshoots of Southeast Asian operations, often with links to Chinese-speaking criminal networks. In 2025, blockchain analysis firm Chainalysis reported that the geographic reach of “pig-butchering” has grown even further, with revenue from the scams surging by nearly 40% year-on-year.
Why the Term “Pig-Butchering” Sparks Debate
As it currently stands, “pig-butchering” continues to serve as the main term for these complex cryptocurrency fraud operations in the public sphere. The term’s immediacy and sensationalist nature make for attention-grabbing headlines, which some argue helps to promote reporting on these types of scams, thereby raising awareness and potentially preventing people from falling victim to these schemes.
Despite the widespread harm these sophisticated scams cause, some victims struggle with a sense of shame and hesitate to come forward or seek help. This is not uncommon among scam victims, but it has led some to question if the terminology itself could be contributing to this reluctance. The International Criminal Police Organization (INTERPOL) and other agencies have voiced concerns that such language could prevent victims from seeking help, proposing terms such as “romance baiting” in an attempt to emphasize the emotional manipulation employed by the threat actors against their targets. Amongst the cyber threat intelligence community, several alternative terms have also been suggested, including “romance investment scams,” “crypto-romance scams” and “virtual currency investment scams.”
However, these alternatives often fall short in capturing the full scope of the long-term manipulation involved, nor the variety of interpersonal relationships threat actors manipulate to gain victims' trust. As Intel 471’s analysts highlight in the report, these deceptive relationships don’t always take the form of romantic interest; for example, friendships and business propositions are also commonly used to lure victims in. Additionally, while cryptocurrency platforms are a frequent method for transferring stolen funds, they are by no means the only channel through which these scammers operate.
Intel 471’s approach
At Intel 471, we recognize the widespread use of the term "pig-butchering" in the cybersecurity industry and its role in raising public awareness about these scams. While the term was coined by the fraudsters themselves, it has been widely adopted by law enforcement and regulatory bodies, including the Financial Crimes Enforcement Network (FinCEN) and the U.S. government, for consistency in Suspicious Activity Reports (SARs). However, we also acknowledge the sensitivity around the use of the term. As such, we aim to limit its use where possible, choosing alternatives such as "interpersonal fraud" or "social engineering scams" where possible to avoid over sensationalizing the crime and stigmatizing victims. We will continue to use "pig-butchering" when necessary but will consistently place the phrase in quotation marks to make clear that it is the language of the perpetrators, not our own. Our choices reflect our support for ongoing efforts within the cybersecurity community to combat scams and help prevent further harm to victims.
If you’re interested in learning more about Intel 471’s insights from the underground, you can read our library of resources here or sign up to our threat intelligence updates today.