Serena Hill Family Swap Verified -
| Metric | Value | |--------|-------| | Total crypto lost | ≈ 2.4 M USD (500 ETH + 1.2 M USDC) | | Number of victims (publicly known) | 3 (Alex + two other traders who were later contacted) | | Geographic spread | Victims: United States (NY, CA). Attacker: believed to be operating from Eastern Europe (IP traces via VPN) | | Recovery | ~ 15 % of funds frozen after court order; the rest remain in mixers or on exchanges under investigation | | Legal outcome (as of April 2024) | Civil lawsuit filed; DOJ opened a criminal probe (case pending) |
| Step | Action | Tools / Resources |
|------|--------|-------------------|
| 1. Identify the suspicious DEX UI | Compare the URL, contract address, and UI elements with the official Uniswap site. | Browser dev tools, etherscan.io “Contract Verify” feature |
| 2. Trace the transaction | Pull the transaction hash from your wallet, view the “Internal Transactions” tab. | Etherscan, Blockchair |
| 3. Check the contract’s source | If the contract is not verified on Etherscan, treat it as suspicious. | Etherscan “Contract Source” tab |
| 4. Run the address through a blockchain‑analytics API | Look up the address on Chainalysis, Blocksec, or free services like RugDoc. | API keys, https://www.blocksec.com/ |
| 5. Search the domain | Use WHOIS lookup and check for recent registration. | whois.domaintools.com |
| 6. Verify the messenger identity | Request a secondary verification channel (e.g., video call) from the family member. | Signal “Safety number” verification |
| 7. Report | Submit a ticket to the platform (if any) and to local law‑enforcement. | DOJ’s Internet Crime Complaint Center (IC3) form | serena hill family swap verified
The victim performed all of the above steps after the fact, which allowed investigators to reconstruct the full attack chain. | Metric | Value | |--------|-------| | Total
| Feature | Typical Family‑Swap | How the Serena Hill Variant Differs | |---------|-------------------|-------------------------------------| | Target | A known crypto holder (the “victim”) | High‑net‑worth crypto trader with a public on‑chain reputation | | Impersonated party | A close relative (parent, sibling, spouse) | A fictional sister named “Serena Hill” who supposedly lives abroad | | Method of contact | Phone call, WhatsApp, or email | Encrypted messenger (Signal) + a “verified” Telegram group | | Narrative | Emergency (e.g., medical, legal) requiring immediate transfer | Urgent “family‑swap” to move assets before an imminent exchange hack | | Technical hook | Request to send crypto to a “new wallet” | A smart‑contract “swap” that promises 1 %‑plus “instant profit” and uses a phishing dApp that looks like Uniswap | | Outcome | Funds sent to attacker’s address, never returned | Tokens swapped to attacker‑controlled contracts, then “laundered” through mixers and bridges | | Step | Action | Tools / Resources
The Serena Hill scam combined classic social engineering with a deceptively legitimate‑looking decentralized‑exchange (DEX) UI, making it harder for even seasoned traders to spot the red flag.
Even without hard proof, the story continues to gain traction. Why?
