Case #3
Romantic Scam

Online romance scams are becoming increasingly sophisticated, with one of the most prevalent schemes today being the "romantic scam" combined with investment fraud.
This type of scam is particularly relevant in the digital age, especially on platforms like Tinder, where users seek not only romantic partners but also support, trust, and sincerity. However, instead of genuine connections, many fall victim to well-crafted frauds based on artificial emotions and manipulations.
The essence of the scheme is simple: scammers pose as attractive and kind individuals, building a trusting relationship with the victim. Over time, through conversations and interactions, they lure the victim into allegedly "profitable" investments, encouraging them to register on fake platforms designed to look like legitimate exchanges or financial services.
Initially, the victim sees their "capital" grow, reinforcing their trust. However, when they attempt to withdraw funds, the reality unfolds—the money disappears, and the scammers cut off all contact. The popularity of this scheme is explained by the combination of human desires to earn easy money and the tendency to trust someone with whom an emotional connection has been established.
Interviewing the Victim

AML Crypto was approached by another victim (identity withheld for privacy) of a fraudulent scheme involving romantic connections and fake investments. AML Crypto specialists assisted the victim in recounting their story, gathering as much information as possible about the scammer’s contacts and the platform used for "trading." As with most such cases, the perpetrators meticulously concealed their true identities, using fake profiles and anonymous communication platforms.


It all started with an ordinary acquaintance on a popular dating app

The scammer appeared to be sincere, attentive, and caring. They communicated for a long time, found common interests, and seemed like an ideal match. At some point, the scammer mentioned their financial struggles and, to demonstrate their ingenuity, shared that they sometimes made money trading on a "special platform" that supposedly provided stable income.

Initially, the victim was merely curious and asked questions about how the system worked. Soon, the scammer offered to demonstrate it firsthand. They sent a link to a platform where the victim could open a "personal account" and start trading. The website looked convincing: a colorful interface, asset growth data, charts, and forecasts that inspired confidence.

Succumbing to manipulation, the victim decided to invest a small amount to test the platform. To their surprise, the balance in their account started growing almost immediately, which reinforced their trust in both the "new partner" and the scheme itself. Encouraged by this, the victim invested more, expecting a significant profit. However, when it came time to withdraw funds, problems arose: withdrawals were "temporarily unavailable due to a technical error."

Soon, the victim received an email from the platform’s support team requesting a 15% tax payment before withdrawal. The email emphasized that this was a standard procedure necessary to complete the transaction. Trusting the information and failing to verify its legitimacy, the victim complied and sent the requested sum. However, after doing so, the platform stopped responding, and the "partner" disappeared, deleting their account.

Realizing they had been scammed, the victim turned to AML Crypto for assistance. Our specialists conducted a detailed interview and initiated an investigation, analyzing the provided data, including the platform’s web address, scammer contacts, and the victim’s transactions.


Our objectives were to trace the financial flow, identify where the stolen funds were transferred, assist in their recovery, and find ways to de-anonymize the fraudsters while warning others about similar scams.

OSINT Investigation

All information presented in this material is for informational purposes only and does not encourage independent investigations. The data has been anonymized but is based on a real incident to highlight the importance of vigilance and awareness in fraud prevention.

As part of the OSINT (Open-Source Intelligence) analysis, we conducted an in-depth investigation to gather as much information as possible based on the victim’s data about the scammers. The victim provided details about the fraudulent website used for fictitious trading, as well as contact information linked to the scammers' Telegram accounts.


Since the focus of this phase was gathering evidence from open internet sources (Web 2.0), blockchain wallet analysis was handled separately. This approach enabled the collection of crucial digital traces that could later be used for tracking cryptocurrency transactions.

OSINT Findings Related to the Fraudulent Website
The IP server hosting the fraudulent site was identified:
This server was registered to a citizen of country A, but after 2 years of existence, another citizen of country B became the owner.
Before 2020, there was much more information about the owner of the server:
With the 2020 data, a company that was involved in illegal activity was identified. Articles that were written about the company dated from 2017 to 2023, thus supporting the theory that all of the data could be correlated. The service registrar of this site was also identified. When contacting it, it is possible to obtain contact and payment details of the persons who own the attackers' website.
OSINT Findings Related to Contact Data
Two Telegram accounts linked to the scammers were identified. The individual assisting with trading on the fraudulent site deleted all chat history and blocked the victim, making it impossible to retrieve prior messages.

Social media analysis linked these accounts to crypto trading forums, suggesting a broader fraud network.
Blockchain Investigation

To analyze how the fraudsters laundered stolen funds, we examined a multi-step transaction scheme using AML Crypto’s Bholder tool:

Key Findings
1
Funds were transferred to scammer-controlled addresses and split among multiple wallets.
2
The scammer used blockchain bridges to move funds between networks, obscuring the trail.
3
Some stolen funds were deposited into centralized exchanges, making it possible to request fund freezes.
4
A portion of funds was laundered through Tornado Cash, a crypto mixer, before reaching another centralized exchange.
Based on the evidence, the victim can file a law enforcement report. Transactions to a centralized exchange serve as a basis for legal asset freezes and recovery efforts.
What to do if you suspect fraud
Verify information independently
Use services like WHOIS to check websites and research company reputations.
Consult experts
Qualified specialists can assess the situation and recommend appropriate actions.
Preserve all evidence
Keep records of messages, screenshots, and payment proofs for potential investigations.
What to do if you’ve been scammed
Seek professional help
Crypto forensic experts can analyze transactions and guide recovery efforts.
Report to authorities
Prepare a comprehensive report, including all available evidence, and submit it to law enforcement.
Incident results
positive
A significant portion of the stolen funds was successfully recovered
This case highlights how scammers leverage social engineering, fake platforms, and advanced laundering techniques to deceive victims.
THE COST OF PREPARING A REPORT DEPENDS ON THE COMPLEXITY OF THE PARTICULAR CASE AND THE WORKLOAD OF OUR COMPLIANCE OFFICER.
Leave an application and we'll do a quick scoping of the situation and give you estimate cost.
Calculate the cost
We also recommend