I was scammed

Case Study: Cryptocurrency Investment Scam via Social Media

1. How It All Started

It all began on September 18, 2024, when I, the victim, a 73-year-old retiree, received a message on Facebook Messenger from someone we’ll call “Helena Jason.” It started off with the message:

Good morning Bob, not sure if I can call you that, I see a lot of interesting photos on your Facebook, can I ask what car this is?

The image was of a AI generated car that I had posted to Facebook. Helena seemed friendly, engaging, and genuinely interested in getting to know me. She quickly built rapport by asking about my personal life, sharing her own stories, and, before long, suggested moving the conversation to WhatsApp for a more private chat.

I was skeptical from the start, but decided to play along. Even with my skepticism I was scammed, but only out of a small amount of money.

Helena presented herself as the CEO of a successful Chinese cosmetics company, claiming to have built the business from the ground up. She described her journey as one of hard work and perseverance, sharing stories of expanding the company into international markets. This professional identity added an air of credibility and success, making her seem like a reliable and accomplished businesswoman.

To further build trust, Helena also shared details about her personal life, including the emotional trauma of a recent divorce. She spoke about the challenges of balancing her career with her personal life, emphasizing how lonely and difficult the experience had been. This vulnerability created a sense of shared understanding and emotional connection with me, making it easier for me to relate to her and lowering my defenses.

Adding to the illusion of authenticity, Helena shared timely and seemingly genuine photos, including images of a parade in New York and candid shots of her at home. Also images from her past. These personal touches made her appear more real and relatable.

Interactions via WhatsApp occurred every evening with real-time, back-and-forth conversation, further reinforcing the sense of legitimacy. The scammers invested a total of 62 days in building trust and guiding me through the investment scheme.

One notable red flag was Helena’s reluctance to provide her home address. When I requested it, she instead provided an alternative address that, while legitimate, could not be verified as her residence. She claimed that her mailbox was frequently targeted by theft, using this as an excuse to avoid disclosing her actual home address.

I was suspicious—why would a stranger be so interested? But curiosity got the better of me, and I decided to play along to see where things were going.

One aspect that surprised me was how elaborate Helena’s back story was. She presents herself as a 38-year-old Chinese businesswoman whose narrative weaves privilege with tragedy. Born in Chengdu to wealthy parents – her father a construction company owner, her mother an economics professor – she claims an idyllic childhood raised by her grandmother before achieving success through a Columbia MBA and establishing a beauty business in Manhattan.

Her story pivots on a failed marriage to Li Jingxuan, a Shanghai real estate president, in 2015. After a three-month courtship, they married despite his family’s resistance. The marriage deteriorated when she refused to abandon her career for a traditional housewife role. After her husband’s business failed in 2018, he allegedly turned to gambling, drinking, and abuse, culminating in sexual assault. Following their 2019 divorce and loss of significant assets, she claims to have fled to America with her aunt’s help.

Now she portrays herself as a successful Manhattan businesswoman with a Brooklyn home and Pasadena vacation property. Her carefully curated image includes regular yoga practice, luxury shopping, and exclusive wine collecting. Her inner circle consists of her assistant Shanshan, business partner Zhang Yuanyuan in China, and friend Erin, a Cambridge graduate.

Because of the length of time that passes while her story is developing in the conversation it is easy to miss the classic romance scam patterns. She methodically builds rapport through shared interests while probing for financial information via discussions of cryptocurrency and business ventures. She combines status markers (Columbia MBA, Manhattan lifestyle) with strategic vulnerability (failed marriage, limited U.S. family) to create opportunities for emotional and financial manipulation. Her story contains inconsistencies, particularly around COVID-19 timing and improbable luxury claims, suggesting an elaborate scheme designed to build trust for eventual exploitation.

2. Moving to WhatsApp and the Investment Pitch

On September 21, 2024, Helena introduced the idea of cryptocurrency investments. She talked about how she’d been successful with crypto and suggested that I try it too. According to her, the “HTX-Web3” platform was a great way to earn passive income. She shared supposed success stories and screenshots of impressive returns to build credibility.

Throughout their chats, Helena cleverly used emotional triggers—talking about financial security, the fear of missing out, and how investing now could mean a brighter future. She also subtly introduced elements of romance, expressing admiration for my life experiences and suggesting that they could meet in person in the future. This added an emotional layer that made it harder for me to remain objective.

To create a greater sense of legitimacy, Helena guided me through purchasing cryptocurrency using well-known platforms like Coinbase.com. I bought crypto coins through Coinbase and transferred them to Coinbase Wallet—both legitimate and trusted apps. However, the HTX-Web3 platform was then linked to my wallet as an “app,” giving the illusion of authenticity while actually leading me into a fraudulent scheme. The HTX-Web3 web site was a very professional looking site:

HTXweb3 Homepage

Because of my skepticism, I was only willing to invest a small amount of money, enough to enter the 1-minute options market.

On November 6, 2024, Helena introduced the concept of investing in the 3-minute options market. She explained that shorter time-frames offered higher returns but required larger deposits. She initially mentioned different options, including the 1-minute and 5-minute markets, presenting the 3-minute market as a balanced choice. I was informed that a significant investment would be necessary to participate effectively. On November 8, 2024, Linda reinforced the idea by suggesting that my current balance was insufficient, emphasizing the need for additional funds to maximize profits and avoid potential losses.

Also in November, Helena showed me how I could withdraw money from the web site. She had me withdraw $520, which was an ingenious scam tactic. First it was a small amount of my money that I had deposited. Second the number 520 has significance in Chinese culture, it means “I love you”, so it reinforces the romance part of the scam.

In December, I offered to fly to New York to see Helena and to meet her parents, whom she claimed were visiting from China. Helena at first encouraged this trip. But she explained that I would have to purchase an expensive dress suit for the meeting, and also gifts for the parents. She pushed that the value of the gifts would have to be around $35,000. This was a tactic to discourage the trip, which worked.

I played along with her. I questioned how much money I needed to trade in the 3 minute market, and how much to trade in the 1 minute market. The 3 minute market required an additional $47,000 to bring my deposit to $50,000. The 1 minute market required $300,000.

In January, when I told Helena that I would have to withdraw funds from my stock portfolio her reply was:

You can share with me when you make progress in talking with your broker.

But one thing you need to remember is that you don't need to tell your broker that you will invest this small amount of money in cryptocurrencies, because as I told you before, all banks and brokers don't want their clients' funds to flow to other investment areas. Because it will harm their interests and they can't earn commissions from you. This is your personally managed account.

This was a major red flag. I ignored her request, and did talk with my financial advisors who warned me that this was likely a scam.

At this time I withdrew $1000 from the account. This was still less than I had “invested”, but I wanted to see if I could get any money out. I figured if I couldn’t then that would definitely confirm the scam. I was surprised that I was able.

So my next step was to try to get the remaining money out, and some profit. That is when the scam ended. I got the following message for the “support” people of the scam site:

Dear user: Hello, your current account is under investigation by the SEC. Your withdrawal function and your trading function are temporarily unable to perform any operations.

And on the next day:

Dear user: Hello, the smart contract automatically detected that you and the 10016 account were suspected of insider trading, with a total of 4 market transactions, namely: 2025-01-20 18:25:59, 2025-01-20 18:35:00, 2025-01-20 18:44:00, 2025-01-20 18:55:00, a total of 4 transactions, cumulative profit: 116767.8575USDT.

As a result, some functions of your account are temporarily restricted. As a user of HTX-web3, you must accept the requirements of the regulatory authorities and abide by market trading rules. The SEC requires accounts suspected of violations to pay a margin of 30% of profits, which is 35030.35725 USDT, to prove that the transactions are personal behaviors and do not involve insider trading.

You must complete the full payment of the margin before January 31, 2025, otherwise your account will face re-examination by the SEC's joint enforcement agencies. In order to avoid additional financial losses to you, all functions of your account will be restored to normal after you pay the deposit and prove that you have not participated in any insider trading. Your deposit will be returned to your account within 7 days and will not have any negative impact on your account credit.

That finally confirmed the scam. Then Helena started becoming increasingly distant. I told her I knew it was a scam and she would not admit it, which did not surprise me. I was surprised with how much longer I could keep her occupied on WhatsApp before she stopped responding.

3. Investigating her

Being skeptical I tried to find more information about her. Of course, her back story could explain why it was difficult. I tried reverse image searches on the photos she sent me but could not find any matches. Her name was common enough so that searching social media profiles returned matches, but none for her, other that her Facebook page. Her Facebook page had very little content. She had no friends, other that one friend in common with me. That friend told me that she did not know Helena.

Helena also sent me gifts. The first was a tea set. We had been discussing tea and how it was important to the Chinese culture. She sent me the set so she could teach me how to make tea. I did an reverse image search and found similar sets for between $25 and $30.

Later, towards the end of the scam she sent me a Chinese amulet, which a reverse image search found on Ali Express for about $60.

For someone who claimed to have bought Rolex watches for her parents, when the visited her in N.Y., these seemed to be low end. But a small price to pay to set a hook on a scam that was intended to net between $300,000 to $700,000.

These reverse image searches, while not conclusive, contributed to the growing sense of skepticism.

4. Investigating the Website

I conducted my own research and performed a WHOIS lookup of the HTX-Web3 website. I discovered several red flags, including:

  • The site was only 121 days old and registered through NameSilo, a registrar commonly used by individuals for setting up sites for fraudulent activity.
  • The domain extension used was .top instead of a more common .com.
  • The HTX corporate website had no mention of HTX-Web3, despite the scam site claiming affiliation.
  • The site had no user documentation
  • Content on the site was blocked from being copied, making it difficult to verify claims and search for scam reports.
  • The hyphen in the domain name made it difficult to search using search engines, as the “-” character functions as a logical NOT operator, filtering out relevant results.

Eventually, one search uncovered an article in a Pennsylvania newspaper about a man who lost $700,000 to the same scam. The report detailed the elaborate tactics used by scammers, similar to those experienced by me (Delco News Report ).

Another report from CBS News highlighted the sophistication of these scams and their devastating financial impact on victims (CBS News Report )

5. Lessons Learned

My experience highlights several important lessons that can help others avoid falling victim to similar scams:

  • Be Skeptical of Online Relationships: Scammers often use emotional manipulation to create a false sense of trust and connection.
  • Verify Personal Information: If someone is hesitant to provide verifiable personal details, consider it a major red flag.
  • Poor grammar/spelling in communications: “Helena” claimed she was from mainline China. The conversation was obviously from a translation app, and in some cases the actual Chinese characters where “accidentally” sent. Her back story explained this.
  • Claims of “insider information” or guaranteed profits: In this case, “Helena” claimed that she was able to trade so effectively because her aunt was a senior financial analysis with Goldman Sachs.
  • Beware of unrealistic returns: After one round of investing, the scheme showed a return on investment of over 350%. This is not realistic.
  • Test Withdrawals Early: If you are going to fall for the scheme, invest a small amount initially. Look for pressure tactics pushing you to invest more. Do not invest more that you are willing to lose. Withdraw small amounts to verify the legitimacy of an investment platform before committing significant funds, and, as in this case, being able to withdraw from the funds you invested is not a true test.
  • Watch for Pressure Tactics: Scammers frequently push urgency and encourage reinvestment without allowing for due diligence.
  • Investigate Websites Thoroughly: Use WHOIS lookups and other tools to check domain registration details and avoid recently created or suspicious sites.
  • Save all communications and data: Export and save the output of the messenger apps, in this case WhatsApp. Be suspicious of any investment app that doesn’t give you the opportunity to save the record of transactions. In this case, the app displayed the transactions, but there was not way to Export the data.
  • Use AI tools to help identify scam patterns. In this case I fed the transcript of the conversation into several different AI’s, including ChatGPT, all of which said this was a likely romance scam.
  • Report Suspicious Activity: If you suspect a scam, report it to financial authorities and relevant online platforms to help prevent others from being victimized.

5. Summary

A sophisticated Cryptocurrency Investment Scam social engineering scheme targeted a 73-year-old retiree through Facebook Messenger, culminating in a cryptocurrency investment fraud. The 62-day operation combined social manipulation, technical deception, and emotional exploitation.

Key Timeline:

  • Sept 18: Initial contact via Facebook Messenger
  • Sept 21: Introduction of “HTX-Web3” cryptocurrency investment platform
  • Nov 6: Escalation to “3-minute options market” trading
  • Nov 8: Pressure for increased investment

Perpetrator Methodology:

  • Created credible persona as Chinese cosmetics CEO
  • Maintained consistent evening communication
  • Leveraged legitimate platforms (Coinbase, WhatsApp) to build trust
  • Provided verifiable location photos and time sensitive content
  • Guided victim through legitimate cryptocurrency purchases before introducing fraudulent platform
  • Combined romance based manipulation with investment pressure

Technical Execution:

  • Utilized legitimate cryptocurrency platforms as stepping stones
  • Connected fraudulent “HTX-Web3” platform to victim’s legitimate wallet
  • Presented sophisticated options trading schemes with artificial time pressure

Cryptocurrency Investment Scam Fraud Prevention Guidelines

  • Exercise skepticism toward unsolicited online relationships
  • Verify claimed identities through independent channels
  • Note inconsistencies in language patterns and communication style
  • Scrutinize claims of privileged market access or guaranteed returns
  • Seek guidance from financial advisors, your bank manager or investment advisors for example.
  • Seek help from technical experts for analysis of any websites. At a minimum use tools like these to analyze a website’s trustworthiness based on user reviews, security analysis, and online reputation:
  • ScamAdviser – Checks a site’s trust score based on various data points.
  • URLVoid – Scans the website for potential fraud and malware.
  • VirusTotal – Checks the URL against multiple security databases.
  • Whois Lookup – Provides details about the website’s registration (owner, location, date created).

Financial Due Diligence

  • Question returns exceeding market norms (e.g., 350%+ ROI)
  • Document inability to export transaction records
  • Verify platform legitimacy through WHOIS and regulatory databases

Risk Mitigation

  • Maintain comprehensive communication records
  • Export messaging app data when available
  • Limit initial investment to acceptable loss threshold
  • Report suspicious activity to financial authorities and platforms
  • Resist urgency-based investment pressure
  • Validate withdrawal functionality independently of displayed balances

This case exhibited classic fraud indicators: exceptional claimed returns, artificial time pressure, restricted transaction documentation, and unverifiable insider credentials.

This case demonstrates the evolution of investment fraud through social media, combining traditional confidence schemes with modern cryptocurrency technology and social engineering techniques.