Federal authorities recovered about $3.44 million in Tether tied to an investment scam that began with something as ordinary as a “wrong number” message. The case shows how social engineering is increasingly being used to turn routine crypto purchases into stablecoin laundering flows that move quickly beyond regulated platforms.
The investigation began in late 2024 and led to law-enforcement action in early 2025, with prosecutors now pursuing civil forfeiture to try to return some of the seized funds to victims. The recovery effort also highlights how difficult it remains to trace and freeze crypto once funds are routed through multiple wallets and, in some cases, across different blockchain networks.
How the scheme moved victims from chat to crypto transfers
The fraud began with unsolicited messages sent through chat and messaging apps, where scammers posed as people who had contacted the wrong number. That seemingly harmless opening was used to build trust over time before the conversation shifted toward a fraudulent investment opportunity. Once that trust was in place, victims were instructed to buy Ether on legitimate exchanges and then send the ETH to wallet addresses controlled by the scammers.
The pitch blended crypto familiarity with the appearance of traditional asset backing. The perpetrators promoted the investment as an Ethereum opportunity supposedly backed by physical gold and paired that claim with promises of unusually high, guaranteed returns. To make the offer look credible, they used fake websites, fabricated performance dashboards and staged early withdrawals that encouraged victims to commit more funds.
From Ethereum purchases to laundered stablecoins
After the Ether reached scam-controlled wallets, the operators converted the funds into USDT and then sent the stablecoins through multiple intermediary addresses. That shift from ETH into a liquid stablecoin was a key step in obscuring the money trail and making recovery more difficult. In some instances, the transfers also moved across blockchain networks, adding another layer of complexity for investigators.
Federal investigators used blockchain tracing tools and cross-jurisdiction cooperation to follow those transactions and identify the recoverable funds. The seized amount, about $3.44 million in USDT, reflects both the value of on-chain analytics and the limits of recovery in cases where funds are quickly moved into self-custodied wallets. Reported victims were located in several U.S. states, including Massachusetts, Utah and South Carolina.
The broader lesson is that these scams rely on a repeatable operational pattern: trusted exchanges for the initial purchase, rapid conversion into stablecoins and movement into unhosted wallets that complicate restraint and restitution. Even when authorities are able to recover part of the proceeds, the speed of transfers and the international footprint of these schemes continue to keep recovery rates low for many victims.
