Crypto scams hit $51B in 2025, led by $5.5B pig butchering schemes. AI deepfakes (40%) and mobile wallet drainers (projected $1B thefts) dominate new threats. North Korean actors stole $1.3B+, highlighting geopolitical risks. Yet, despite tougher enforcement, recovery remains under 30%, exposing the gap between scam innovation and defense.
Key Takeaway
- $51B Lost Globally – Crypto scams reached record-breaking levels, with pig butchering alone stealing $5.5B.
- AI Deepfakes Dominate – Nearly 40% of major scams now leverage AI-generated voices, faces, and documents.
- Mobile Wallet Drainers Explode – Losses expected to surpass $1B in 2025, making phones the new frontline.
- Geopolitical Hacking – State-backed actors, especially North Korea, remain among the top global crypto thieves.
- Low Recovery Rates – Despite global crackdowns, less than 30% of stolen funds are ever recovered.
Methodology
- Data Sources: Used 2022–2025 records from blockchain analytics (Chainalysis, TRM Labs), law enforcement (FBI IC3, DOJ, Europol, Interpol), regulators (FTC, UK Action Fraud, ASIC), security researchers, and major media investigations.
- Frequency Measure: Counted global scam incidents (2000–2025). Where exact data was missing, reliable estimates were applied and flagged as “Estimate.” Low-data cases are marked as “Insufficient data.”
- Loss Calculations: All losses converted to USD at contemporaneous exchange rates. Rounded figures given for clarity; ranges noted where sources diverged.
- Ranking Rules: Primary ranking by incident frequency. In close cases, total losses and growth rate served as tiebreakers.
- Scope & Limits: Focused on fraud targeting retail crypto users (not technical hacks unless involving deception). Many cases go unreported (<5% reporting rate per FTC), so figures likely understate the true scale. Regional reporting varies, especially outside the U.S. and EU.
Disclaimer: This report is informational and not legal or financial advice. Cryptocurrency investments carry risk. Always conduct due diligence and consult trusted professionals.
Image: Crypto Scams 2025 – Illustrative Impact ($M)
Top 51 Crypto Scams You Must Know
| Scam Name (2025) | What It Does (Hook) | Common Channels | 2025 Trend / Impact | Quick Defense |
| 1. Pig‑butchering romance | Grooming + fake trading returns | Dating apps, WhatsApp, Telegram | Aug 2025: APAC froze $47M; OFAC sanctioned Funnull infrastructure in May; growth persists | Never invest due to online romance |
| 2. Phishing wallet drainer | Fake site/app steals seed/approvals | Email, SMS, search ads, QR | H1 2025: compromised wallets $1.71B; phishing $410.75 across 344 incidents | Never enter seed; bookmark sites |
| 3. Fake exchange/platform | Cloned sites show fake profits | Search ads, referral groups | May 2025: OFAC sanctioned Funnull, powering fake trading sites; AI clones lure via ads | Use licensed exchanges; test withdrawals |
| 4. Rug pull / exit | Team yanks liquidity or mass‑dumps | DEX launches, influencer hype | H1 2025: fewer rugpulls but higher losses; multiple incidents exceed $100M | Avoid unaudited tokens; verify locks |
| 5. Tech‑support impersonation | Fake support urges ‘safe’ transfers | Calls, emails, Telegram DMs | 2025 police advisories increased; scams often linked with crypto ATM coercion | Use in‑app support only |
| 6. Government impersonation | Threats of arrest; crypto ‘fines’ | Calls, fake letters, WhatsApp | Tasmania 2025: victims lost ~$2.5M; $900k via direct crypto ATM deposits | No agency takes crypto payments |
| 7. Airdrop approval scam | Connect wallet; approvals drain assets | X posts, Discord, sites | 2025 reports highlight approval‑farming drainers exploiting wallet permissions across chains | Avoid connecting unknown dApps |
| 8. Deepfake giveaway | Fake livestream doubles your crypto | YouTube, X, hijacked accounts | 2025: deepfake investment promos surge; WA losses $10.8m; TRM notes 456% AI‑scam growth | Never send to receive |
| 9. Address poisoning | Look‑alike address tricks paste | On‑chain spam, wallet history | 2025 security guides emphasize rising risk; widely covered by Ledger | Verify full string; send dust test |
| 10. Pump‑and‑dump token | Price inflated, then dumped | Telegram, Discord shill groups | Still prevalent in microcaps; 2025 compliance reports flag manipulation across Telegram groups | Avoid hype; check liquidity, holders |
| 11. Blackmail/extortion | Threat to leak unless paid | Email, messaging apps | 2025 advisories report continued sextortion and business email compromise, demanding crypto | Do not pay; report immediately |
| 12. Cloud‑mining scam | Promised remote mining yields | Websites, paid ads | 2025: resurgent ad campaigns promise unrealistic yields; frequent victim reports | Avoid cloud‑mining offers |
| 13. Fake wallet app | Malicious wallet steals keys | App stores, web downloads | App‑store takedowns continue; 2025 sees rebranded wallets stealing seeds | Download only official wallets |
| 14. Crypto Ponzi | Pays old with new deposits | MLM, referral funnels | 2025: Investment-fraud losses remain high; pig‑butchering drives the majority of victim complaints | Avoid guaranteed steady yields |
| 15. Business opportunity | Easy profits, minimal effort | Cold outreach, ads | 2025: ‘guaranteed return’ pitches persist; regulators warn of AI‑polished websites | If too good, it’s fake |
| 16. Fake celebrity endorsement | Uses celeb to push tokens | Social ads, spoofed pages | 2025: deepfakes amplify endorsement fraud; WA ScamNet reports $10.8m losses | Verify on official channels |
| 17. Romance‑only extortion | Emotional coercion for crypto | Dating apps, chats | 2025: police note romance pressure tactics feeding larger investment schemes | Separate money from relationships |
| 18. Fake remote job | ‘Crypto‑paid’ job steals funds | Job boards, LinkedIn | 2025: job‑offer scams push crypto deposits or KYC harvest; increased on LinkedIn | Never prepay or trade for jobs |
| 19. SIM‑swap attack | Hijacks number; intercepts 2FA | Carrier fraud, phishing | 2025: persistent; multiple breaches aided by SIM swaps despite 2FA | Use app 2FA; SIM PIN |
| 20. Cryptojacking | Hidden mining on devices | Malware, compromised sites | 2025: steady background risk; browser‑based miners and malware reappear in waves | Use AV; patch browsers |
| 21. Escrow/marketplace fraud | Fake buyer/seller steals funds | P2P markets, chats | 2025: P2P trading scams remain common; platform escrow misuse persists | Use platform escrow; verify IDs |
| 22. Collateralized loan scam | Takes collateral; disappears | DeFi lending sites | 2025: DeFi lending scams exploit collateral; liquidity mining covers exit | Use reputable protocols only |
| 23. Bust‑out trading | Runs up credit, vanishes | Exchanges with leverage | 2025: exchanges report abuse patterns; AML teams tighten limits | Limit leverage; use KYC venues |
| 24. Synthetic identity | Fake identity opens accounts | Forged docs, mule networks | 2025: used for exchange onboarding fraud; mules move funds cross‑border | KYC carefully; monitor activity |
| 25. Imposter corporate coin | Claims token from a big brand | Fake sites, social ads | 2025: regulators and DFPI warn about fake ‘official’ tokens | Verify issuer, contracts, and domain |
| 26. Liquidity‑mining fake | Fake farm drain deposits | DEX, aggregator links | 2025: SlowMist flags DeFi losses; farms lure deposits then exit | Check audits; small test first |
| 27. Signal‑selling fraud | Sells bogus trading tips | Telegram, Discord | 2025: Telegram groups monetize signals; complaints rising | Don’t trust paid signals blindly |
| 28. Airdropped dust token | Selling triggers the drainer | Airdrop to wallets | 2025: drainer tokens still seeded to wallets; interacting triggers theft | Ignore unknown airdrops |
| 29. Charity donation scam | Fake charity asks for crypto | Emails, posts, DMs | 2025: disaster‑period spikes; deepfake appeals used | Verify charity registration |
| 30. Grandparent scam | Impersonates a relative needing funds | Phone calls, WhatsApp | 2025: AI voice cloning increases family‑emergency crypto demands | Call back known numbers |
| 31. Identity impersonation | Uses your name/pics for scams | Social media clones | 2025: profile cloning fuels investment approaches; DFPI tracker lists cases | Lock profiles; report clones |
| 32. Ransomware demand | Encrypts files; requests crypto | Malware, phishing links | 2025: remains significant; infrastructure compromises dominate loss totals | Backups; least‑privilege; EDR |
| 33. Fake fund manager | Pretends to be a licensed portfolio pro | Cold calls, referrals | 2025: enforcement actions target unlicensed ‘advisers’ pushing crypto investments | Check licenses, regulator records |
| 34. ICO pump scheme | Hype ICO, then dump | Forums, newsletters | 2025: lower volumes, but manipulative launches persist | Scrutinize team, tokenomics |
| 35. Crypto ATM coercion | Forces deposit into the ATM wallet | Phone threats, QR codes | Jun–Jul 2025: Australian authorities intervene with suspected victims; Tasmania’s losses are publicized | Never pay via a crypto ATM |
| 36. Recovery‑service scam | Promises fund recovery for the fee | Calls, emails, ads | 2025: ‘recovery’ outfits re‑target victims; police warn of double‑loss pattern | No legit recovery asks crypto |
| 37. AI‑voice family scam | Synthetic voice requests money | Phone calls | 2025: reports of AI voice fraud up; TRM cites sharp growth | Use a safeword; verify offline |
| 38. Multi‑stage chain | Combines scams sequentially | Mixed channels | 2025: layered scam playbooks combine grooming, approval drainers, ATM coercion | Pause; verify each request |
| 39. Loan‑app extortion | Loan, then threats/extortion | Mobile apps | 2025: multiple arrests; lenders harass victims after microloans | Avoid unknown loan apps |
| 40. Betting‑to‑crypto switch | Starts betting, shifts to crypto | Telegram, apps | 2025: betting groups funnel victims into ‘investment’ chats, then crypto deposits | Don’t trust unknown gaming apps |
| 41. Honey‑trap tokens | Adult site drains via tokens | Livestreams, private apps | 2025: police bust sextortion‑linked token drain operations | Never trade via adult sites |
| 42. Money‑mule laundering | Recruit to move scam crypto | WhatsApp, Telegram | 2025: cross‑border laundering via mules remains central; APAC clampdowns | Refuse; it’s a criminal activity |
| 43. Bizmen trading scam | Promises big gains to SMEs | Social media, chat | 2025: multiple Indian cases target SMEs with fake advisors | Verify advisor; avoid upfront fees |
| 44. Fake staking service | Claims high-stakes yields | Websites, DEX links | 2025: scammers promise outsized APY; victims approve malicious contracts | Stake via official protocol apps |
| 45. NFT rug / wash‑trade | Fake volume; then vanish | NFT marketplaces | 2025: volumes lower; wash‑trading persists; occasional exit scams | Check creator history, trades |
| 46. Bridge approval drain | Bridge asks for unlimited approvals | Cross‑chain bridges | 2025: cross‑chain bridges targeted; unlimited approvals exploited | Limit approvals; revoke regularly |
| 47. Telegram trading bot | Malicious bot steals tokens | Chatbots in groups | 2025: malicious bots proliferate; token theft via approvals | Avoid unknown bots; use multisig |
| 48. Fake airdrop claim site | Phishing mimics real airdrops | Look‑alike domains | 2025: look‑alike domains lure; phishing kits circulate | Type URLs; verify on GitHub |
| 49. Exchange KYC phish | Steals KYC docs, then funds | Email, forms, apps | 2025: KYC document theft fuels account takeovers and mule onboarding | Upload only inside the official app |
| 50. QR sticker swap | Replaces payment QR with theirs | Physical posters, stores | 2025: physical QR swaps reported at venues; verify recipient on‑screen | Verify the recipient on the device |
| 51. Hardware‑wallet clone | Counterfeit device steals seed | Third‑party sellers | 2025: sporadic cases; counterfeit devices harvest seeds; buy direct only | Buy direct from the manufacturer |
Deep Dives: Top 10 Cryptocurrency Scams
1) Phishing Attacks
Modus Operandi: Phishing represents the most frequent crypto attack vector, utilizing sophisticated social engineering to steal private keys and wallet credentials. Modern campaigns employ AI-generated content, legitimate-looking interfaces, and multi-vector approaches combining email, social media, and fake applications.
Attack Funnel: Hook begins with urgent security alerts or attractive opportunities (fake airdrops, wallet updates). Trust builds through professional website design, familiar branding, and time pressure tactics. Extraction occurs when victims enter seed phrases, connect wallets, or approve malicious smart contracts. Mobile drainer attacks alone stole $494 million in 2024 from 332,000 victims.
Tooling: Attackers utilize wallet drainer kits (MS Drainer, Pink Drainer), SEO manipulation for search ranking, IPFS hosting for takedown resistance, and fake CAPTCHA pages for legitimacy. Address poisoning subsets create fake transaction histories, causing victims to copy attacker addresses.Prevention Steps: Never enter seed phrases on websites; verify URLs completely, including HTTPS certificates; use hardware wallets for transaction confirmation; maintain separate browsers for crypto activities; enable all available wallet security features, including transaction simulation.
2. Pig Butchering Scams (Romance Investment Fraud)
Modus Operandi: The most profitable scam category, combining romance fraud with investment manipulation. Operators build genuine-seeming relationships over weeks or months before introducing exclusive cryptocurrency investment opportunities through fake trading platforms.
Attack Funnel: Hook occurs through dating apps, social media, or wrong-number texts. Trust develops through daily communication, shared personal stories, and a gradual romantic connection. Scammers demonstrate fake trading profits, encourage small initial investments, then progressively increase amounts. Extraction accelerates through emergency scenarios, requiring additional fees for withdrawals.
Tooling: Professional fraud infrastructure includes Huione Guarantee marketplace ($70B+ in scam transactions), AI-generated social media profiles, fake trading platforms with artificial profit displays, and extensive money laundering networks. Southeast Asian operations utilize forced labor from trafficking victims.Prevention Steps: Never invest based on online relationships; verify all trading platforms through independent research; consult trusted family/friends before major financial decisions; be suspicious of investment opportunities from romantic interests; document all communications for potential law enforcement reporting.
3. Fake Airdrop Scams
Modus Operandi: Exploit crypto users’ desire for free tokens through fake airdrop campaigns requiring wallet connections or personal information. Advanced variants send malicious tokens directly to wallets, requiring interaction that triggers wallet-draining contracts.
Attack Funnel: Hook involves announcements of valuable airdrops from popular or fake projects. Trust builds through professional marketing, social media buzz, and artificial scarcity with limited claiming windows. Extraction occurs through malicious smart contract approvals, seed phrase collection, or direct wallet compromise.
Tooling: Automated airdrop distribution systems, smart contract approval farming, fake project websites with wallet connection requirements, social media bot networks for artificial engagement, and SEO manipulation targeting airdrop-related searches.
Prevention Steps: Research airdrop legitimacy through official project channels; never connect wallets to unverified claiming sites; be suspicious of unsolicited token deposits; verify airdrop announcements through multiple independent sources; understand smart contract permissions before approving.
4. Social Media Impersonation
Modus Operandi: Create fake accounts impersonating cryptocurrency celebrities, executives, or official project accounts to promote fraudulent giveaways, investment opportunities, or malicious links. AI-enhanced deepfakes now power 40% of high-value social media frauds.
Attack Funnel: Hook utilizes familiar faces and trusted brands to capture attention. Trust develops through verified-looking accounts, professional content, and urgency tactics. Extraction occurs through “send-to-receive” giveaways, malicious link clicks, or direct investment solicitation.
Tooling: Account verification purchases, deepfake video generation, AI voice synthesis for audio content, bot networks for engagement amplification, and professional graphic design for legitimacy. YouTube livestream hijacking targets popular channels for maximum reach.
Prevention Steps: Verify accounts through official websites and multiple channels; be suspicious of unsolicited giveaways requiring cryptocurrency sends; check account creation dates and historical content; never trust urgent investment opportunities from social media; report and block suspicious accounts immediately.
5. Investment/Ponzi Schemes
Modus Operandi: Modern crypto Ponzi schemes disguise traditional structures through DeFi mechanics, yield farming terminology, and technological complexity. Operations promise unrealistic returns while using new investor funds to pay earlier participants.
Attack Funnel: Hook involves sophisticated marketing about revolutionary trading algorithms, exclusive investment opportunities, or guaranteed passive income. Trust builds through fake testimonials, professional presentations, and initial small payouts. Extraction escalates through larger investment requirements and referral bonuses.
Tooling: Professional websites with fake performance data, automated payout systems to maintain an illusion, referral tracking platforms, fake testimonial generation, and complex tokenomics to obscure traditional Ponzi mechanics.
Prevention Steps: Research investment fundamentals thoroughly; be skeptical of guaranteed high returns; verify regulatory compliance and licensing; avoid investments requiring recruitment of others; consult independent financial advisors before major commitments; understand that legitimate investments carry risk.
6. Rug Pull Scams
Modus Operandi: Token projects that disappear with investor funds either immediately (hard rug pull) or gradually (soft rug pull). DeFi’s permissionless nature enables the rapid deployment of fraudulent projects with professional marketing.
Attack Funnel: Hook involves new token launches with attractive tokenomics, community building, and hype generation. Trust develops through roadmap presentations, team introductions (often fake), and early investor engagement. Extraction occurs through liquidity removal, token dumping, or complete project abandonment.
Tooling: Smart contract deployment platforms, fake team profile generation, social media marketing automation, liquidity manipulation tools, and cross-chain bridge utilization for fund movement. Meme coin speculation provides cover for rapid wealth extraction.
Prevention Steps: Research team backgrounds and verify identities; check liquidity lock status and token distribution; require third-party security audits; avoid FOMO-driven investment decisions; start with minimal amounts for new projects; monitor liquidity and trading patterns continuously.
7. Crypto ATM Scams
Modus Operandi: Social engineering campaigns directing victims to cryptocurrency ATMs, typically impersonating government agencies, tech support, or financial institutions. Elderly Americans represent the primary targets, losing a median $10,000 per incident.
Attack Funnel: Hook begins with urgent phone calls about account problems, legal issues, or technical support needs. Trust develops through official-sounding language, knowledge of personal information, and authority impersonation. Extraction directs victims to nearby Bitcoin ATMs with step-by-step instructions for fund transfer.
Tooling: Caller ID spoofing technology, victim database compilation, geographic ATM mapping for directing victims, official-sounding scripts, and real-time coaching during ATM transactions.
Prevention Steps: Understand that no legitimate government agency accepts cryptocurrency payments; hang up on unsolicited urgent calls; verify official communications through independent channels; never provide personal information to unsolicited callers; educate elderly family members about common tactics.
8. Fake Exchange/Wallet Applications
Modus Operandi: Create convincing replicas of popular cryptocurrency platforms to steal login credentials, funds, and personal information. Mobile-first attacks increasingly target smartphone users through app store distribution and typosquatting domains.
Attack Funnel: Hook utilizes familiar branding and professional design to appear legitimate. Trust builds through app store presence, positive fake reviews, and functional interfaces. Extraction occurs through credential theft, direct fund access, or malware installation for ongoing compromise.
Tooling: App store manipulation, typosquatting domain registration, professional UI/UX design, fake review generation, and malware integration for persistent access. SEO manipulation targets cryptocurrency-related searches.
Prevention Steps: Download applications only from official sources; verify developer credentials and app authenticity; check URLs carefully for typos or unusual domains; research user reviews across multiple platforms; maintain separate devices for high-value crypto activities.
9. Tech Support Impersonation
Modus Operandi: Impersonate official customer support from major cryptocurrency platforms to steal credentials, seed phrases, or gain direct wallet access. Operations target users experiencing genuine technical issues or security concerns.
Attack Funnel: Hook involves responding to user help requests or creating fake security alerts. Trust develops through technical knowledge, official-sounding procedures, and urgent security language. Extraction requires victims to share private keys, seed phrases, or provide remote access to devices.
Tooling: Customer support platform monitoring, fake support website creation, official branding replication, remote access software, and social engineering scripts targeting common user problems.
Prevention Steps: Understand that official support never requests private keys or seed phrases; use only official support channels and contact methods; be suspicious of unsolicited help offers; verify support authenticity through independent communication channels; enable all available security features, including 2FA.
10. Address Poisoning
Modus Operandi: Sophisticated attack exploiting user transaction habits by sending small amounts from addresses similar to frequently-used legitimate addresses. Victims copy-paste from transaction history without full verification, sending funds to attacker-controlled wallets.
Attack Funnel: Hook involves monitoring target wallet activity and generating similar addresses. Trust develops through familiar transaction patterns and address similarity. Extraction occurs when victims use transaction history for address copying instead of address books or full verification.
Tooling: Address generation algorithms for creating similar addresses, blockchain monitoring for identifying target wallets, small-value transaction automation, and wallet interface exploitation targeting copy-paste behaviors.Prevention Steps: Use address books for frequently-used addresses; verify complete addresses character by character; avoid copy-pasting from transaction history; use hardware wallet address verification; implement transaction simulation tools before sending large amounts.
Patterns and Trends: 2023-2025 Cryptocurrency Scam Evolution
- AI integration accelerating: Deepfake technology now powers 40% of high-value frauds, with 87 deepfake operations dismantled in Q1 2025. Voice cloning and synthetic video creation are democratizing sophisticated impersonation attacks.
- Mobile-first attack vectors: First mobile-exclusive wallet drainers discovered in 2024, with $494 million stolen through mobile-specific phishing campaigns targeting Android and iOS users.
- Scam-as-a-Service professionalization: Huione Guarantee marketplace processed $70+ billion in fraudulent transactions, offering comprehensive fraud toolkits including drainer software, fake identity services, and money laundering infrastructure.
- Cross-chain exploitation: Bridge exploits and multi-chain money laundering are complicating law enforcement tracking, with 63% of illicit transactions now utilizing stablecoins instead of Bitcoin.
- Telegram ecosystem dominance: Over $50 million stolen through Telegram OTC trading scams, with 85% of Web3 projects building communities on the platform’s anonymous-by-design infrastructure.
- Elderly targeting intensification: Crypto ATM scams increased 10-fold since 2020, with Americans 60+ losing $2.8 billion in 2024. Social engineering tactics are specifically developed for less tech-savvy demographics.
- State-sponsored escalation: North Korean operations stole $1.34 billion in 2024, utilizing IT worker infiltration and sophisticated technical tactics. DPRK groups are responsible for 61% of all stolen cryptocurrency.
- Infrastructure centralization: Major wallet drainer operations (MS Drainer, Pink Drainer) consolidating market share with 15-20% revenue sharing models, enabling scalable fraud-as-a-service offerings.
- Social media platform evolution: TikTok and short-form content platforms are becoming primary vectors for targeting Gen Z investors, with viral crypto scam content exploiting shortened attention spans.• Recovery scam proliferation: Between February 2023 and 2024, victims lost an additional $9.9 million to fake recovery services, with scammers targeting individuals already victimized by cryptocurrency fraud.
Suggested Playbooks & Checklists
Universal “Don’t Get Scammed” Checklist
✓ Verify independently: Research all crypto platforms, investments, and services through official regulatory databases before engaging
✓ Use hardware wallets: Store significant crypto amounts on hardware devices requiring physical confirmation for transactions
✓ Enable proper 2FA: Replace SMS-based authentication with authenticator apps or hardware keys to prevent SIM swapping
✓ Bookmark trusted sites: Navigate only through bookmarks to avoid phishing sites; never click links in unsolicited messages
✓ Test with small amounts: Make minimal test transactions before trusting platforms with larger amounts
✓ Separate communication channels: Verify suspicious requests through independent communication methods, not email or message responses
✓ Research team backgrounds: Investigate project teams, company registrations, and regulatory compliance before investing
✓ Monitor account activity: Set up alerts for all crypto accounts and regularly review transaction histories
✓ Understand irreversibility: Remember that cryptocurrency transactions cannot be reversed; exercise extreme caution before sending funds
✓ Report suspicious activity: Immediately report suspected scams to relevant authorities and platform administrators
✓ Stay educated: Follow security researchers, regulatory updates, and fraud alerts to understand evolving scam tactics
Before Sending Any Funds Playbook
Step 1: Platform Verification
- Check regulatory compliance through official databases (SEC, FCA, ASIC, etc.)
- Verify business registration and licensing information
- Research platform history and user reviews on independent sites
- Confirm platform security measures and insurance coverage
Step 2: Communication Authentication
- Verify requests through separate communication channels
- Confirm recipient identity through multiple verification methods
- Check email domains for spoofing indicators and certificate validity
- Validate urgency claims through independent fact-checking
Step 3: Technical Security Review
- Review smart contract audits and security assessments
- Test withdrawal processes with minimal amounts first
- Verify transaction details, including addresses and amounts
- Check for red flags like honeypot indicators or suspicious contract functions
Step 4: Financial Risk Assessment
- Only invest amounts you can afford to lose completely
- Diversify investments across multiple legitimate platforms
- Understand the specific risks of the transaction type
- Set clear maximum exposure limits and stick to them
If You Think You’ve Been Scammed Playbook
Immediate Actions (First 30 minutes)
- Stop all further transactions and communications with the suspected scammer.
- Document all evidence, including screenshots, transaction hashes, and communication records.
- Change all passwords and enable additional security measures on remaining accounts.
- Contact your bank and credit card companies to prevent additional fraud
Asset Protection (First 24 hours)
- Move remaining funds to new wallets with fresh seed phrases
- Revoke all smart contract approvals using tools like revoke. cash
- Enable additional security features on all crypto accounts
- Alert family and friends about potential contact from scammers using your information
Reporting Requirements (First 48 hours)
- File reports with FBI IC3 (ic3.gov), FTC (reportfraud.ftc.gov), and local law enforcement
- Report to the relevant crypto exchanges and platforms involved
- Submit complaints to regulatory bodies (SEC, CFTC, FCA, etc.) in your jurisdiction
- Contact your country’s cybercrime reporting center for international coordination
Evidence Collection
- Preserve all communications, transaction records, and website screenshots
- Document the timeline of events and financial losses with specific amounts and dates
- Collect blockchain transaction evidence using explorers like Etherscan
- Gather contact information and account details used by scammers for law enforcement
FAQs
1. What are the most common cryptocurrency scams in 2025?
The most common scams include phishing wallet drainers, pig butchering romance-investment fraud, fake investment platforms, impersonation scams, rug pulls, and Ponzi schemes. Phishing alone accounted for over 40% of incidents globally, while pig butchering led in total losses.
2. How do “pig butchering” scams work?
Pig butchering combines romance fraud with fake crypto investments. Scammers build a relationship over weeks or months, then convince victims to invest in fraudulent trading platforms. Once trust is established and larger deposits are made, scammers disappear with the funds.
3. What are the red flags that a crypto platform or offer is a scam?
Common red flags include:
- Guaranteed high returns with little or no risk.
Urgent calls to action like “claim your airdrop” or “invest now.”
Requests for your seed phrase or private keys. - Platforms that block withdrawals or demand fees to release funds.
- Anonymous teams or projects with no audits.
4. How can I avoid phishing wallet drainer scams?
- Never share your seed phrase or recovery phrase.
- Bookmark official websites and avoid search-engine ads.
- Read transaction details carefully before signing.
- Use a wallet revoker tool to remove suspicious approvals.
- Store large amounts of crypto on hardware wallets.
5. Are fake crypto apps still on Google Play and the App Store?
Yes. Scammers frequently upload apps impersonating trusted wallets and exchanges. Victims who install them may unknowingly hand over private keys or lose deposits. Always download apps only through official project websites and check reviews, developer names, and download counts.
6. What should I do if I think I’ve been scammed in crypto?
Take immediate action:
- Stop all transactions and revoke suspicious permissions.
- Document transaction hashes, messages, and screenshots.
- Move remaining funds to a new wallet with a fresh seed phrase.
- Report to the FBI IC3, FTC, local law enforcement, and exchanges involved.
- Warn family/friends, as scammers may attempt follow-ups.
7. Why do crypto scams increasingly target elderly people?
Elderly users are targeted through crypto ATM scams and fake government or tech support calls. Scammers exploit less tech-savvy demographics with urgency and authority tactics, leading to median losses of $10,000 per case in the U.S..
8. Can AI and deepfakes make crypto scams harder to detect?
Yes. AI-generated deepfakes now power nearly 40% of high-value frauds. Scammers use fake videos, cloned voices, and AI-enhanced impersonations of crypto leaders to gain credibility and trick victims.
9. Is it possible to recover stolen cryptocurrency?
Recovery is difficult because crypto transactions are irreversible. Global recovery rates remain below 30% despite law enforcement efforts. Some victims fall for “recovery scams” — fraudsters posing as investigators to steal even more.
10. What’s the #1 rule to stay safe with cryptocurrency?
The golden rule: Never share your private keys or seed phrase with anyone. Legitimate services will never ask for it. Combine this with using hardware wallets, verifying platforms independently, and staying skeptical of “too good to be true” offers.
Glossary
- Airdrop Phishing: A scam where attackers create fake airdrop websites or send malicious tokens to lure users into revealing their seed phrase or approving fraudulent transactions.
- Address Poisoning: A scam technique where attackers send small transactions from wallet addresses that look very similar to legitimate ones, tricking victims into copying the wrong address when making future transfers.
- Advance Fee Fraud: A scam that promises a large reward (inheritance, lottery, or investment payout) if the victim first pays a small fee in cryptocurrency. The reward never arrives.
- Cloud Mining Scam: Fraudulent operations that sell fake “mining contracts” to users. Victims believe they’re renting hashing power, but the companies often don’t own any mining hardware.
- Crypto ATM Scam: Social engineering attacks where victims are pressured (often by fake “government agents” or “tech support”) to withdraw money and send it via cryptocurrency ATMs.
- Deepfake Fraud: Use of AI-generated videos, images, or voice clones to impersonate trusted figures and trick victims into sending money or sharing sensitive data.
- Fake Exchange / Wallet App: Malicious apps or websites designed to look like legitimate crypto platforms. They steal login credentials, seed phrases, or deposited funds.
- Giveaway Scam: A fraud in which scammers impersonate celebrities or companies and promise to “double your crypto” if you send them funds first.
- Honeypot Scam: A smart contract scam where buyers can purchase tokens but cannot sell them, leaving them stuck with worthless assets while scammers profit.
- Ice Phishing (Approval Scam): A trick where victims unknowingly approve unlimited spending rights for a scammer’s contract, allowing attackers to drain stablecoins or tokens.
- Malware (Clipper / Infostealer): Malicious software that swaps copied wallet addresses to redirect funds (Clipper) or searches devices for seed phrases and private keys (Infostealer).
- Pig Butchering (Sha Zhu Pan): A hybrid romance-investment scam where scammers build trust (often romantic) with victims, then convince them to “invest” in fraudulent crypto platforms before disappearing with all funds.
- Ponzi / Pyramid Scheme (HYIP): Fraudulent schemes promising high guaranteed returns. Early investors are paid with money from new ones, and the system collapses once recruitment slows.
- Phishing: The most common scam where attackers use fake websites, ads, or emails to trick users into sharing their seed phrase or signing malicious transactions.
- Rug Pull: When project developers suddenly withdraw liquidity or abandon a token project, leaving investors with worthless tokens.
- Seed Phrase: A string of words that gives complete access to a crypto wallet. Anyone with this phrase can control all assets in the wallet.
- SIM Swap Attack: A scam where attackers convince a mobile carrier to transfer a victim’s phone number to their SIM card, letting them bypass SMS-based 2FA and hack crypto accounts.
- Social Media Impersonation: Scams where fraudsters impersonate crypto celebrities, influencers, or exchanges to promote fake giveaways or malicious links.
- Wallet Drainer: A malicious script or service that drains all funds from a wallet once a victim signs a fraudulent transaction or shares their seed phrase.
Sources and Citations
This report draws on data and analysis from blockchain analytics firms, law enforcement agencies, regulators, and investigative media outlets. Key references include:
- Blockchain Analytics & Research
Chainalysis, TRM Labs — global scam loss data and forensic analysis - Law Enforcement Reports
FBI Internet Crime Complaint Center (IC3) — annual crypto scam reports
U.S. Department of Justice press releases on OneCoin and other large-scale frauds:
OneCoin co-founder sentenced to 20 years.
OneCoin co-founder Greenwood’s case details - Regulators
Federal Trade Commission (FTC) — consumer warnings and refund press releases
Commodity Futures Trading Commission (CFTC) — enforcement actions against fraudulent investment platforms
UK Action Fraud & Australian Securities and Investments Commission (ASIC) — international case reporting - Security Research
Zscaler security blog on Clipper malware proliferation
Clipper Malware Becoming More Prevalent
SlowMist analysis of “ice phishing” smart contract approval scams
What Is Ice Phishing and How to Prevent It - Media Investigations & Case Studies
Washington Post — coverage of fake crypto wallet apps
CityNews — reports on paper wallet scams
Forbes — investigation into fake Trezor app theft
Fake Trezor App on Apple Store
CoinDesk — analysis of AnubisDAO rug pull fraud
Investors Lose $60M in AnubisDAO Rug Pull.
BleepingComputer — reporting on wallet drainers via Google Ads
Crypto Wallet Drainers Stole $58 Million via Google Ads - Consumer Alerts & Guidance
FBI: Pig Butchering Scam Advisory
FBI: Advance Fee Fraud Schemes
U.S. SEC press releases on fraudulent ICOs & Ponzi schemes - Victim Assistance and Reporting
Internet Crime Complaint Center (IC3): ic3.gov
Federal Trade Commission Fraud Reporting: reportfraud.ftc.gov
Global Anti-Scam Organization — job scam awareness campaigns
A New Type of Employment Scam