Cambodia-Linked 'Sour Grapes' Pig-Butchering Ring Stole Over $3 Million
Sophos detailed a Cambodia-linked cryptocurrency fraud operation dubbed Sour Grapes that used misdirected SMS messages and long-running Telegram chats to lure victims into a classic pig-butchering scam. Operators posed as a fabricated woman named "Harley" and directed targets to fake crypto trading and liquidity-mining platforms that impersonated legitimate financial and cryptocurrency brands, steering deposits through Crypto.com-funded transactions before moving funds across rapidly changing wallets and domains.
Investigators tied the infrastructure to Chinese-speaking operators and identified evidence pointing to Phnom Penh and Sihanoukville, alongside more than 500 related domains built from nearly identical scam kits. Blockchain analysis found the operation collected more than $3 million in cryptocurrency over roughly five months, with some funds traced to Tokenlon according to Chainalysis, underscoring how industrialized scam compounds in Southeast Asia continue to scale social-engineering fraud through reusable infrastructure and fast-moving payment channels.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
1 event from the most recent confirmed update back to the earliest known activity.
Sophos documents Cambodia-linked 'Sour Grapes' pig-butchering scam
Sophos published research on a cryptocurrency pig-butchering operation dubbed 'Sour Grapes,' linking it to Chinese-speaking scam infrastructure and operators in Cambodia, including evidence pointing to Phnom Penh and Sihanoukville. The report said the operation used misdirected SMS, Telegram conversations, a fabricated persona, and fake crypto trading apps, and identified more than 500 related domains.
Sources
1 reference tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Sophos Disrupts Cambodia-Based Pig-Butchering Scam Infrastructure
Sophos reported on a Cambodia-based **pig-butchering** operation that used fraudulent online relationships and investment lures to steal money from victims. The campaign relied on scam infrastructure designed to build trust over time, then direct targets into fake cryptocurrency or investment platforms where deposits were ultimately controlled by the operators. The report highlights how the operation functioned as an organized criminal enterprise, with infrastructure, social-engineering workflows, and financial fraud mechanisms supporting the scheme. The activity underscores the continued threat from transnational scam networks that blend romance fraud, fake trading services, and cryptocurrency payment channels to extract large sums from victims while obscuring the actors behind the operation.
May 26, 2026
Southeast Asian “Pig Butchering” Scam Compounds and a US Money-Laundering Sentencing
US authorities sentenced Chinese national **Jingliang Su** to **46 months** in federal prison for laundering proceeds from a Cambodia-based “**pig butchering**” fraud operation that stole **~$36.9M** from **174** US victims, according to reporting on the Justice Department case. Court filings described a three-stage playbook—social engineering outreach via social media/dating/texts, steering victims to **fraudulent crypto investment platforms**, and then blocking withdrawals or demanding additional “fees”—with Su acting as a financial conduit; the court also ordered **~$26.9M** in restitution. Separate reporting detailed the operational reality behind similar “pig butchering” scam centers in the **Golden Triangle** region of **northern Laos**, including the **Boshang compound**, where leaked internal chats and a whistleblower account described industrialized fraud run like a sales organization with quotas and scripted victim engagement. The material also described **forced labor and debt bondage** conditions—confiscated passports, coercion, and violence for rule-breaking or escape attempts—highlighting that many scam operators are themselves trafficking victims compelled to conduct online romance/crypto-investment scams at scale.
Mar 21, 2026
DOJ-led crackdown disrupted Southeast Asia pig butchering networks
The U.S. Department of Justice said a coordinated **"Disruption Week"** operation under its Scam Center Strike Force disrupted cyber-enabled fraud and cryptocurrency investment scam networks targeting Americans, including so-called **pig butchering** operations tied to compounds in Cambodia, Laos, and Burma near the Thailand border. Working with U.S. agencies, foreign law enforcement, major technology firms, and blockchain companies, the effort disrupted more than **1.4 million** social media and email accounts, interrupted malicious network activity, decommissioned scam infrastructure, and froze more than **$3.8 million** in cryptocurrency allegedly used to launder victim funds. Authorities said the networks are linked to transnational organized crime, including Chinese syndicates, and often rely on trafficked workers forced to run fraud schemes under threat of violence. The operation also led to the arrest of **seven** suspected scammers in Thailand, additional cases opened by the Royal Thai Police Anti Cyber Scam Center, and referrals for further U.S. investigation. DOJ said reported U.S. losses from cryptocurrency investment fraud continued to surge, rising from **$3.96 billion** in 2023 to **$5.8 billion** in 2024 and more than **$7.2 billion** in 2025.
Jun 5, 2026