As a seasoned cybersecurity professional with over a decade of experience in ethical hacking, penetration testing, and cyber threat analysis, I, Mir Ali Shahidi, never imagined I would become a victim of the very crimes I dedicate my career to fighting. Yet, I recently fell prey to a sophisticated international "pig butchering" scam, an insidious form of cyber-enabled investment fraud that preys on human connection and financial aspirations. This article aims to lay bare the intricate mechanics of this scam, provide a detailed account of my experience, and serve as an urgent warning to the global online community. My case highlights the critical vulnerabilities within global digital infrastructure and the pressing need for international collaboration to combat these transnational criminal enterprises.
The ordeal began approximately three weeks ago, in late October 2024, when I received an unexpected message via WhatsApp. The sender was a woman, seemingly 29 years old, claiming to be an Australian national who had immigrated to Frankfurt, Germany. She expressed her intention to travel to Iran for 25 days during the upcoming year-end holidays. Intriguingly, she claimed to have been introduced to me as a trustworthy contact by a cousin, explicitly referring to "she" as the referrer. Her request was simple: to be her trusted companion and guide during her stay in Iran.
During our initial conversations, she spoke openly about her profession and income. Crucially, she then introduced me to the world of cryptocurrency trading, specifically recommending a website: devanholo.com. To help me understand the platform, she temporarily and securely shared her personal account, guiding me through the intricacies of e-commerce and online trading over several days. She even expertly introduced AI-powered trading software and promoted "Tabdil Exchange," an Iranian cryptocurrency exchange, as a secure platform for transactions. Despite some initial challenges, I, being currently unemployed and with a deep understanding of computer networks, network security, and information security management, saw this as a promising opportunity to leverage my skills in a new venture. All documentation related to these initial interactions remains available.
The website, devanholo.com, was presented as a platform for buying and selling goods, ostensibly utilizing reputable online stores like Amazon, Alibaba, and AliExpress for order fulfillment. The core mechanism involved completing 25 company-assigned orders by paying with Tether (USDT) cryptocurrency. Upon completion of these orders, the company promised a commission, and the funds would become withdrawable. The critical condition was that all 25 stages of the order process had to be completed for any withdrawal to be possible. Adding to the complexity, some orders were "combined" orders, meaning they merged 1 to 3 sub-orders, significantly increasing the payment required for that particular step.
I successfully navigated this process three times without issue. However, during the fourth round, I was assigned four combined orders, exceeding the stated maximum of three. Despite this discrepancy, I completed all orders and paid the required amount in Tether. Yet, upon attempting to withdraw my funds, the system locked the withdrawal function. The company then demanded a "tax" payment equivalent to 25% of my total principal investment and accrued commission, stating that no withdrawals would be possible until this "tax" was fully paid.
The total amount I invested was approximately $30,000 USD in Tether. The scam operators are now demanding an additional 19,300 USDT (equivalent to $19,300 USD) as "tax." The approximate total of my invested capital and claimed commissions amounts to around $50,000 USD. This demand for "tax" is a classic hallmark of "pig butchering" scams, designed to extort further funds from victims before ultimately cutting off all access.
Given these circumstances, it is overwhelmingly clear that I have fallen victim to a sophisticated international cybercrime. The highly organized nature of this operation, coupled with the scammers' technical prowess, suggests potential involvement of individuals from within expert circles, even possibly within my own country, making local recourse virtually impossible. I maintain screenshots and all relevant documentation as evidence. Remarkably, despite their fraudulent actions, the perpetrators and their associated factors continue to maintain communication with me.
Recognizing the international scope of this crime and the compromised nature of local law enforcement in Iran, I immediately took decisive action to seek justice through international channels. My background as an information security specialist allowed me to gather extensive technical intelligence, which I have meticulously compiled and submitted to relevant U.S. authorities.
A critical element that ties this transnational crime directly to U.S. jurisdiction is its heavy reliance on U.S.-based internet infrastructure. My investigations have unequivocally revealed that the perpetrators extensively utilized:
Furthermore, infrastructure from Alibaba Cloud, a prominent Chinese technology corporation, was also utilized. This extensive exploitation of digital services from both the U.S. and China creates a clear jurisdictional nexus for international cooperation and highlights the systemic nature of this fraud. While these companies operate under applicable legal frameworks, the pervasive misuse of their platforms by criminals reveals a systemic issue that U.S. authorities are uniquely positioned to address in collaboration with international partners.
As an Officer of Information Security Management, Computer Network Administration, and Cyber Defense Operations, I hereby issue this Formal Cybercrime Warning and Legal Notice to the perpetrators of this "pig butchering" scam and any entities knowingly or unknowingly facilitating their operations:
All activities and digital footprints of the individuals and infrastructure associated with this scam have been — and continue to be — actively monitored, recorded, and preserved for law enforcement and legal action. This includes DNS activity, domain registration patterns, CDN usage, traffic behavior, blockchain wallet transactions, communication metadata (Telegram, WhatsApp, phone lines), server-side logs, and IP resolutions across multiple jurisdictions.
This operation constitutes serious federal crimes, including wire fraud, money laundering, computer intrusion, and violations under the Computer Fraud and Abuse Act (CFAA). Due to the clear involvement of U.S.-based infrastructure and services, U.S. federal jurisdiction applies. This report has been escalated to numerous U.S. interagency partners, including the FBI, DOJ, IC3, USSS, FTC, SEC, CFTC, FinCEN, DHS, HSI, IRS-CI, OFAC, and others.
Failure to cease operations or the continued facilitation of these criminal activities by hosting, CDN, or domain providers may lead to complicity under applicable laws. All associated domains, infrastructure, wallet addresses, and communication identifiers are now considered evidence in an international cybercrime investigation. All technical and operational data tied to these entities must be retained and made available for investigation.
This is an enforceable cybercrime warning under active investigation. Further criminal behavior, obstruction, or technical facilitation will be escalated to the highest prosecutorial levels.
My identity and professional background are now known to this international criminal syndicate, placing me at significant personal risk. Due to systemic corruption and potential complicity within local law enforcement and judicial authorities, I lack effective legal recourse or protection within Iran. Despite existing sanctions affecting Iran, I maintain that international judicial and security cooperation in combating cybercrime—particularly when U.S. infrastructure is exploited—should not be hindered.
As a direct victim possessing substantial evidence linking this criminal activity to U.S. jurisdiction and digital services, and lacking the financial means to retain private legal counsel, I urgently seek guidance and direct engagement from the Department of Justice’s criminal prosecution division and victim advocacy groups. I believe the detailed technical intelligence I hold can significantly aid ongoing or future investigations into these criminal networks.
My experience is a stark reminder that "pig butchering" scams are not just financial crimes; they are sophisticated attacks on trust, exploiting human psychology and leveraging global digital infrastructure with devastating effects. As cybercriminals continue to evolve their tactics, leveraging everything from fake e-commerce platforms to AI-powered narratives, it is imperative for international law enforcement, technology companies, and the global community to unite. Only through collaborative investigation, information sharing, and robust enforcement can we dismantle these criminal networks and protect future victims from falling prey to these insidious schemes.
I stand ready to provide any additional details, documentation, or technical explanations necessary to support these critical efforts.