Hbmhcw.com: The Phishing Exchange That Weaponised a Fake SEC Filing to Steal a Pennsylvania Investor’s $435,000

--

Press enter or click to view image in full size

A Platform Built on a Mirage

When a 57‑year‑old manufacturing executive from Pittsburgh, Pennsylvania, first landed on Hbmhcw.com, the website looked like a professional cryptocurrency exchange. It claimed to offer trading in cryptocurrencies, spot markets, and derivatives. It even boasted a Form D filing with the U.S. Securities and Exchange Commission (SEC) — a document that, to an untrained eye, appeared to signal legitimacy.

But the Form D was a mirage. A “Notice of Exempt Offering of Securities” is not an approval, registration, or vetting document. The SEC does not conduct a substantive review of a company when a Form D is filed. The SEC itself has warned that some firms use these filings to mislead investors into believing they are SEC‑registered or approved. The filing provided no regulatory oversight or security guarantee for investors on the platform.

Worse, a comprehensive search of the public FinCEN MSB registrant database found no registration records for “HBMHCW.” This meant the platform was not compliant with the key federal requirement for money transmission or virtual currency exchange — a fundamental red flag that the platform had no legal standing to process customer funds.

The victim was added to a WhatsApp group run by individuals who called themselves “Professor Michael Chen” and “Sophia.” They were warm, patient, and never pushy. Over several weeks, they posted what appeared to be wildly successful trading signals. Other “members” of the group — almost certainly bots or paid actors — posted daily screenshots of their profits. The group felt like a family. The victim had no way of knowing that he was being carefully groomed for a financial slaughter.

When he tried to withdraw his funds — which his dashboard showed as over $1.2 million — the platform froze his account and demanded escalating fees. By the time he realised the truth, he had lost $435,000.

The Anatomy of the Fraud

Phase 1: The WhatsApp “Professor” Who Built Trust

The victim received an unsolicited WhatsApp message from a woman who called herself “Sophia.” She was warm, patient, and never pushy. Over several weeks, they talked about his family, his retirement, his grandchildren. She seemed genuinely interested. She never asked for money — only for trust.

One day, she mentioned that she had been making easy money trading on a platform called Hbmhcw.com. She claimed it was a “regulated” exchange with an SEC filing and robust security. She offered to show him how to get started.

Phase 2: The “Test Drive” That Worked

“Sophia” offered the victim a “test drive.” She said the platform would deposit $5,000 of its own capital into his account to prove the system worked. The victim risked nothing.

Within a week, his dashboard showed the $5,000 had grown to $8,600. He requested a withdrawal of $500 — it landed in his bank account the next day. That single success lowered his guard completely.

Phase 3: Scaling Up — $435,000 Invested

“Sophia” then encouraged the victim to “scale up.” She explained that Hbmhcw.com had a tiered VIP program with higher returns for larger deposits. The victim added $100,000 from his savings, then $150,000 from a home equity line of credit, then another $185,000 through a “private lending partner” introduced by the scammers.

His dashboard showed his total value soaring past $1.2 million. He began planning a family trip to the Grand Canyon.

Phase 4: The Trap Snaps Shut — Endless Fees and Frozen Accounts

When the victim tried to withdraw $500,000, the platform returned an error. “Sophia” introduced him to a “compliance officer” named “James.” James said he needed to pay a “liquidity licensing fee” to unlock his funds. The scammers demanded escalating fees — first $25,000, then $35,000, then $45,000.

The victim paid — but the demands continued. His account was frozen. “Sophia,” “James,” and the entire WhatsApp group vanished.

Total lost: $435,000.

What the Security Reports Already Showed

The SEC Form D Filing: Not an Approval

A Form D filing is a simple notice of an exempt offering of securities. The SEC does not conduct a substantive review when a Form D is filed. The agency has explicitly warned that some firms use these filings to mislead investors into believing they are SEC‑registered or approved. The filing provided no regulatory oversight or security guarantee for investors on the platform.

FinCEN MSB Registration: No Record Found

A search of the public FinCEN MSB registrant database found no registration records for “HBMHCW.” This meant the platform was not compliant with the key federal requirement for money transmission or virtual currency exchange — a fundamental red flag that the platform had no legal standing to process customer funds.

The Platform Was Shut Down for Phishing

Security investigators confirmed that the website had been shut down as part of a phishing network. The operation’s origin was traced to Lithuania. A phone number provided on the website belonged to another financial institution — a real one — that had no affiliation with the scammers.

ScamDoc: Low Trust Score — Domain Less Than 6 Months Old, Hidden Owner

ScamDoc’s analysis of the related domain hbmhcw.net gave it a low trust score, noting that the site was acquired very recently (less than 6 months), the domain owner was hidden in the WHOIS database, and the domain showed low life expectancy. The analysis concluded that “vigilance is required.”

Trustindex: “DO NOT TRUST THIS SITE”

A Trustindex reviewer warned in March 2026: “DO NOT TRUST THIS SITE!!!!!! This company is scamming people. They accept the e‑transfers then cancel the order without refund or explanation. Any attempt to contact through customer service emails or chats are totally ignored. NOT WORTH THE RISK!! USE ANY SITE OTHER THAN THIS ONE!!!!”

Red Flags the Victim Missed (And You Shouldn’t)

• Unsolicited WhatsApp contact. “Sophia” reached out of the blue. Legitimate investment firms never recruit clients through unsolicited WhatsApp messages.
• A “professor” with no verifiable credentials. “Professor Michael Chen” had no online presence. His photo was likely AI‑generated or stolen.
• A WhatsApp group with “guaranteed” profits. The “members” were almost entirely bots. Real investment groups do not operate this way.
• “Demo money” that disappears. The $5,000 test credit was just a number on a screen. Once real funds were deposited, the rules changed.
• Escalating fees to withdraw funds. No legitimate exchange demands “liquidity licensing fees,” “network processing fees,” or “commission fees” to release your own money.
• The platform was shut down for phishing. Investigators confirmed that the website was part of a phishing network originating in Lithuania.
• The registration number belonged to another financial institution. A simple check would have exposed the fraud.
• The site had no verifiable owner information. WHOIS data was extremely vague — a classic red flag for fraudulent platforms.
• The platform had zero measurable traffic. A legitimate exchange would have measurable user activity.
• The platform failed to disclose basic trading information. No account types, no minimum deposits, no fee structure — clear signs of a fraudulent operation.
• The platform was unregulated. Hbmhcw.com held no license from the SEC, CFTC, FCA, or any recognised financial authority. Trading with an unregulated provider carries severe risks — once funds vanish, recovery is often impossible.

How AYRLP Helped Recover 60% of the Loss

After the victim realised he had been scammed, he contacted AYRLP, a UK‑based blockchain forensic firm certified by the Financial Conduct Authority (FCA). AYRLP’s forensic analysts traced the stolen cryptocurrency across multiple exchanges and worked with international authorities to freeze a portion of the assets.

Through AYRLP, the victim secured a 60% return of his lost $435,000 — approximately $261,000. While not a full recovery, it was enough to prevent financial ruin.

“I thought my money was gone forever. AYRLP helped me get back more than half. I can finally start rebuilding.”
— The victim

Final Warning: Always Check the Registers

The Hbmhcw.com scam is a textbook example of how fraudsters weaponise social grooming, fake SEC filings, and phishing networks to steal retirement savings. Security investigators confirmed that the website was shut down for phishing and traced to Lithuania. ScamDoc gave related domains low trust scores. Those warnings were available to anyone who searched for the platform before investing.

Before you trust any online trading platform, always:

• Verify the platform’s registration with your local securities regulator (in the US, check the SEC’s EDGAR database; in the UK, use the FCA Firm Checker). Remember that a Form D filing is not an approval or registration.
• Check FinCEN’s MSB registrant database to confirm that a platform is compliant with anti‑money laundering requirements.
• Use security tools like ScamDoc to check a domain’s trust score before depositing any money.
• Be sceptical of any platform that offers “demo money” or charges fees to withdraw your own funds.
• Verify the domain’s age using WHOIS lookup. New domains with hidden ownership are major red flags.

If you or someone you know has been victimised by Hbmhcw.com or a similar scheme, contact the FBI’s IC3, your state securities regulator, and a reputable blockchain forensic firm like AYRLP immediately.