The road to Kaimi’s ruin started in December, with an Instagram message about a Japanese monkey from a handsome stranger who called himself Mike. Over the coming months Mike and Kaimi would develop a friendship that quickly evolved into a romance.

Kaimi had no idea he had become ensnared in a romance scam known as “pig butchering,” from the Chinese phrase sha zhu pan — the name coming from the idea that scammers must “fatten up” victims first with flattery and fake bonding before stealing their money.

Experts told CNBC it’s easy to dismiss victims of these scams as ignorant or foolish, but doing so discounts how manipulative the scammers are.

Matt Friedman is the CEO of the Mekong Club, a Hong Kong-based organization that works with corporations to fight modern slavery. “Ten scams come by, and they’re very clearly a scam,” Friedman told CNBC. “But the 11th one, I even may even fall for it.”

The scam often starts with a simple text message – “Hi!” Many people disregard the messages that scammers send.

But if they respond, the scammers move quickly to establish a rapport. The mystery texter might say they’re a wealthy executive. They’ll share images of their lavish lifestyle. Eventually, they’ll try to make a meaningful romantic bond with the victim. It can take anywhere from a few weeks to a few months.

At the third stage, the scammers offer to “teach” the victim how to trade cryptocurrencies or foreign currencies. The scammer networks operate fake trading platforms that look “exactly the way they should look,” Friedman told CNBC. Victims are “taught” how to trade by their scammer, and the fake exchanges are engineered to show nonexistent profits of 15% to 20%.

When victims try to withdraw money or have run out of fresh funds, the fake exchanges shut down the accounts and demand payment. Panicked and encouraged by their so-called friend, the victims wire what little money they have left. The exchange and their “friend” block the victim shortly after.

It can take weeks before victims understand they’ve been scammed, and even longer to admit what has happened to them.

Experts told CNBC that the scammers on the phone aren’t the real beneficiaries of the scam, although they do sometimes get a cut of the proceeds. Most often, they’ve been trafficked to Cambodia, Laos, or Myanmar to work for organized scamming networks, according to extensive reporting from ProPublica and Vice.

Law enforcement and prosecutors acknowledge pig-butchering is a problem but tell victims they’re largely unable to help. Reported U.S. losses from investment scams totaled $3.31 billion last year, according to the FBI, but experts say that many victims are too embarrassed to report their losses.

The U.S. manages to recover relatively little. The Justice Department’s only public action seized just $112 million. Federal prosecutors in New York and Virginia have also been pursuing domain names and individuals linked to the scams.

Dennis, a small business owner in Maryland, told CNBC his scammer Sarah reached out to him on Facebook around the same time that Mike first reached out to Kaimi.

CNBC has altered their names to protect their identities, as both Dennis and Kaimi shared personally identifiable information and identity documents with their scammers, and as Kaimi has not disclosed his sexual orientation to everybody in his life.

Kaimi lost more than $120,000 to his scammer. Dennis lost around $500,000.

Over the following weeks, Kaimi wired thousands of dollars from his bank to Crypto.com, a centralized exchange. He used it to buy ether and send it to DPEX’s wallets.

His transfers started small – the first was worth just $140. DPEX claimed it converted his ether transfers into Tether, a U.S. dollar stablecoin.

Mike and Kaimi’s first trade together was a bet against the Japanese yen falling in value. When Kaimi saw he’d made $20 on a $100 trade, he was sold.

Mike offered to help Kaimi structure a plan to use profits from DPEX pay off his $300,000 in student loans, mortgage, and credit cards. In February, Mike even “sent” $30,000 from his own DPEX account to Kaimi’s to help him move closer to his debt-free goal.

“I want to repay you as soon as possible, shrink down most of the debt, then plan a trip to Korea to see you,” Kaimi told Mike. Mike pressed Kaimi to add more to his account and join him in bigger bets. He grilled Kaimi about how else he could raise money, from friends or through loans.

In all, Kaimi sent DPEX more than $100,000 worth of ether. His paper profits grew handsomely: in one week in March, Kaimi’s balance went from $100,000 to $310,000.

“I thought I was someone who knew when they were being scammed, was able to discern things,” Kaimi told CNBC.

But when Kaimi told Mike he was planning to withdraw his funds, the penny dropped. DPEX froze Kaimi’s account, claiming that Mike’s generous $30,000 “gift” was a suspicious transaction.

Mike claimed his account was frozen too. “OMG,” Mike said. “we are the same.”

DPEX asked that Kaimi pay back that gift to unlock his full account balance. Kaimi had planned to do so anyway, but sent DPEX nearly $30,000 to settle the “debt.”

The scammers settled into a predictable pattern, pumping Kaimi for more and more fees and taxes. Kaimi paid $64,000 in apparent penalties, urged on by Mike. When the scamming operation asked him for another $65,000, Kaimi realized that there was no chance he was getting his money back.

When Mike pressed him to pay DPEX’s “fees,” Kaimi snapped. “I’ve filed a report to the FBI and the SEC,” he told Mike.

Sarah pointed him to an “exchange” called Bigone-Eth, and could only be accessed through a iOS app called Trust Wallet. Dennis sent thousands of dollars from Coinbase to Trust Wallet, and gave the fake exchange permission to control the crypto in his Trust Wallet.

Sarah guided him through trades that predictably returned 20% From late December through January, Dennis bought nearly $160,000 worth of bitcoin for his “Bigone-Eth” account, and invested $100,000 worth of his cousin’s Bitcoin with Bigone-Eth as well.

It wasn’t enough for Sarah, who told Dennis he needed to invest at least $500,000. Otherwise, she suggested, Dennis’ son would “suffer” because of Dennis’ laziness.

But like Kaimi, Dennis felt he’d made enough. The hammer fell when he went to withdraw his winnings: Bigone-Eth froze him out and demanded $180,000 to release his $1.2 million balance.

The demand made Dennis suspect that the broker was trying to scam him out of his money. It was only in March, months after he began talking with Sarah, he began to investigate romance scams and fake crypto brokerages.

Along the way, he conducted an internet search and found a company called Financial Fund Recovery, or FFR, which said it specialized in crypto asset recovery.

Dennis said he’s been in regular contact with the FBI about the scam. CNBC traced Dennis’ bitcoin to a wallet that’s received more than 59,000 bitcoin, worth about $1.6 billion, since 2019. The trail ends after that wallet, which regularly transfers its contents to the crypto exchange Binance.

Crypto exchanges like Binance, Crypto.com and Coinbase are convenient waypoints for scammers because they have a trusted reputation and massive trading volume. All three exchanges have warned of the dangers of crypto scammers, but for some, that isn’t enough.

When he reached out to Crypto.com, the exchange told Kaimi they couldn’t help him get his money back.

“I’m not asking you to take responsibility of getting my money back,” he said. But he pointed out that his scammers had used the same wallet for months.

West says that while private partners in the banking and crypto industry often are conduits for these kinds of scamming operations, they are also ideally positioned to cut off the supply of fresh money to pig butchering networks.

“We are essentially fleecing our entire middle class of their generational wealth, and handing it to bad actors overseas, and nobody’s stopping this,” West told CNBC.

Shortly before publication, Cloudflare shut down Bigone-Eth’s domain name and flagged it as a suspected phishing site. Neither Cloudflare nor the FBI responded to a request for comment.

Within hours, Dennis’ scammer sent him the new domain name and begged him to respond to her. Dennis ignored her.

“Disappointing men with no sense of responsibility,” she wrote the next day.