The Pig Butchering Scam We Intercepted
Written by: Will Lawson
Timeline of Events
July 2025 (Exact Time Unknown) : Victim is first contacted on Facebook by a scammer posing as a woman. Friendly messages escalate into talk of a “lucrative investment opportunity.”
July 25, 2025 (1:52 PM UTC) : Victim opens an account on NewEraWeb.com and receives 500,000 fake USDT into his wallet. This is a counterfeit token designed to spoof gains.
August 24, 2025 (10:23 PM CST) : I get a late-night call from Bryan, worried his friend is caught in a scam. Initial review confirms a classic pig butchering setup.
August 26, 2025 (12:23 PM CST) : Three-way call between Bryan, the victim, and me. Victim defends the site and the “relationship.” I collect the wallet address, screenshots, and details of the exchange site.
August 26, 2025 (11:06 PM CST) : We spot that the supposed “USDT” being transacted in the victim’s wallet is a fake token.
August 26, 2025 (11:20 PM CST) : Our investigations team runs analysis. Findings: fake USDT with 281 holders and $3.26 liquidity, spoof dashboard, and a parallel fake BTC token. Case confirmed as fraudulent.
August 27, 2025 (12:23 PM CST) : Conclusive evidence is presented. Victim acknowledges the scam and prevents further loss, including a potential $1.5M deposit the scammer was pressuring him to send.
The Situation
On Sunday night, 10:23 pm, I get a call from a mutual friend (we’ll call him Bryan). He’s worried his friend, an extremely high net worth individual, is caught in a scam.
The story is familiar:
• a random facebook message from an “attractive” woman with ~50 friends
• a pitch for a lucrative “investment opportunity”
• the victim deposits $10k, immediately sees “returns”
• she urges him to deposit more so they can “both win bigger”
Within minutes of hearing this, I knew what we were looking at: a textbook pig butchering scam.
The Situation
I share resources with Bryan and the victim. Bryan instantly sees the writing on the wall. The victim, however, still wasn’t convinced.
After figuring out what site the victim had been using to deposit funds (neweraweb.com), it took me two seconds to find this review.
Still he defended it. (See screen recording)
A few days later, at 12:23 pm on August 27th, we hop on a three-way call.
The victim explains the situation from his perspective. He defends his stance with arguments like:
-
“We’ve been talking for months. She even FaceTimed me with her 16-year-old son.”
-
“I can see the gains in the NewEraWeb dashboard.”
-
“I’ve even been able to withdraw $5k.”
From his perspective, his risks were hedged, and more than that, a relationship had formed. That’s when I realized logic alone wouldn’t break through.
So I ask to dig deeper. He shares his wallet address, more exchange sites, and message screenshots.
Victim’s wallet address: GoYpKBDjfWeznMzYVoJH5dcxTGUt4bp81qYixvxnmytb (Solscan link)
Here are some of the messages he showed us:
In my preliminary research, I uncover more signals that point to this being a fraudulent site.
I also find another site with a nearly identical name reporting an almost identical scam.
The Proof
The breakthrough came from the blockchain itself. After looking into the wallet address the victim gave me, Bryan and I recognized that all the supposed “gains” being shown on the victim’s dashboard were being spoofed by pulling from a fake USDT token.
Fake USDT token: (Solscan link)
-
281 holders
-
$3.26 in liquidity
Real USDT contract: (Explorer link)
-
Millions of holders
-
Millions in liquidity
We also found a fake Bitcoin contract tied to the same scam network. (Solscan link)
Conclusion
After some time, the victim realized the proof was undeniable.
Instead of depositing another $1.5M as the scammer requested him to do, Resolv and friends were able to prevent the heartache of loss.
Lessons & Takeaways
What stood out to me wasn’t just the narrow escape. It was how deep the scammer’s hooks already ran. His trust was being actively engineered, and if it wasn’t $1.5M through neweraweb, it could have been a malicious signature request draining his wallet in seconds.
The Tactics (How the scam worked)
-
Education hook : early “lessons” on how to invest, framed as doing him a favor
-
Relationship building : daily chats, family photos, even live facetime calls to deepen trust
-
Love bombing : fake deposits into his wallet to overwhelm him with apparent generosity
-
Dashboard spoofing : fake sites that display fabricated gains (easy to build, convincing to newcomers)
-
Small withdrawal : letting him cash out $5k to prove legitimacy, knowing he’d be hooked for more
Each step lowered defenses and made the next ask more believable.
What You Can Do To Protect Yourself
For newer crypto users especially, who don’t yet have the technical knowledge or network to conduct an investigation like this, it’s critical to have tools that prevent losing crypto in the first place. God forbid a mistake is made, there needs to be a solution that can recoup losses if they occur.
That’s where (Resolv) comes in. We’re building software that puts stolen crypto back in your wallet. Our solution is not retroactive. If the funds are already gone before protecting them, unfortunately we can’t do much. That’s exactly why taking the proactive step (which takes less than a minute) to protect your assets can save your entire portfolio even when mistakes are made.
Sign up to get access here: (resolv.finance)