Crypto Fraud Hit $11.3 Billion In 2025, And 2026 Is Worse
Cryptocurrency fraud is no longer a peripheral risk. It is one of the largest financial crime categories on earth, and the tools enabling it are advancing faster than any government task force can track. In 2025, reported losses to cryptocurrency-related fraud and theft crossed $11.3 billion, a figure that security researchers say captures only a fraction of actual harm because most victims never report incidents to law enforcement.
The trajectory into 2026 is more troubling. Artificial intelligence has lowered the cost of launching sophisticated social engineering attacks to near zero, cross-chain bridging has made illicit fund movement faster and harder to trace, and an emerging class of professional fraud operations now runs with the operational discipline of legitimate financial services firms. Data from Chainalysis, CipherTrace, and the Federal Bureau of Investigation‘s Internet Crime Complaint Center (IC3) collectively paint a picture of an industry under siege.
TL;DR
- Cryptocurrency fraud losses reached $11.3 billion in 2025, driven by pig-butchering romance scams, DeFi exploits, and AI-powered phishing operations.
- Professional fraud syndicates operating from Southeast Asia now account for the majority of high-value social engineering losses globally.
- Enforcement conviction rates remain below 1% of estimated perpetrators, and AI deepfake tooling is widening the gap between criminal capability and regulatory response.
The Scale Of The Problem In 2025
The FBI’s IC3 2025 Internet Crime Report, published in spring of 2026, placed cryptocurrency-related losses at $9.3 billion for U.S. victims alone. That figure represents a 66% increase over the $5.6 billion the bureau recorded in 2023. When non-U.S. jurisdictions are aggregated, the global figure reaches $11.3 billion, according to data compiled by multiple blockchain analytics firms for the period ending December 31, 2025.
The number is almost certainly understated. Academic research published on SSRN has estimated that only 12% to 15% of cryptocurrency fraud victims file formal reports with law enforcement, citing shame, jurisdictional confusion, and the mistaken belief that recovery is impossible. Applying that underreporting ratio to known figures implies a true global loss figure well above $75 billion annually.
> The FBI’s IC3 received more than 69,000 cryptocurrency-related complaints in 2025, a 45% increase from 2023, yet the median recovery rate on reported losses remained below 4%.
Losses are not distributed evenly across victim demographics. Adults over 60 account for the highest absolute dollar losses, according to IC3 data, while adults aged 30 to 49 represent the largest count of victims. The typical high-value victim is financially literate, active on social media, and targeted over a period of weeks or months before any funds are transferred.
Also Read: Asia Tech Stocks Slide as AI Optimism Fades
Pig Butchering Becomes The Dominant Fraud Vector
No scam category grew faster between 2023 and 2025 than pig butchering, a long-horizon romance and investment fraud in which criminals cultivate trust with victims over months before steering them toward fraudulent cryptocurrency investment platforms. The name derives from the Chinese phrase “sha zhu pan,” a reference to fattening a pig before slaughter.
Chainalysis data shows that pig-butchering operations generated an estimated $3.6 billion in identifiable on-chain inflows to known scam addresses in 2025, up from $2.57 billion in 2023. The true figure is higher because many platforms operate through privacy-preserving techniques that obscure fund flows from standard heuristic analysis. Researchers at Stanford Internet Observatory found that a single compound in Myanmar’s Shan State was linked to more than 200 distinct fraudulent investment domains.
> Pig-butchering operations generated at least $3.6 billion in identifiable on-chain inflows in 2025, with individual victim losses routinely exceeding $500,000 in high-touch cases.
These operations are no longer amateur affairs. Investigative reporting and law enforcement affidavits from the U.S. Department of Justice describe call centers staffed by trafficked workers, organized into teams with distinct roles for relationship building, technical support, and withdrawal objection handling. Victims are kept engaged through fake profit dashboards showing compounding returns of 2% to 5% per day until they attempt to withdraw, at which point fabricated “tax obligations” or “regulatory holds” are used to extract additional deposits.
Also Read: Xi Jinping Arrives in North Korea for First Kim Meeting in Seven Years
AI Tools Lower The Cost Of Sophisticated Attacks
The arrival of accessible large language models and voice cloning software in 2024 transformed the economics of cryptocurrency fraud. Attacks that previously required fluent English speakers and weeks of manual relationship building can now be partially automated. Security researchers at Elliptic documented more than 50 darknet forums in 2024 that offered GPT-jailbreak tools specifically trained on romance scam conversation scripts, enabling low-skill operators to sustain convincing long-form dialogues across dozens of simultaneous victims.
Voice cloning attacks represent a distinct and faster-growing threat vector. ElevenLabs and similar voice synthesis platforms, while implementing abuse controls, have nonetheless been replicated in gray-market versions that allow fraudsters to clone public audio of family members or financial advisers from as little as three seconds of source material. The FBI warned in April 2024 that AI-generated audio was appearing in grandparent scams targeting elderly victims, demanding emergency cryptocurrency transfers.
> Darknet marketplaces offered AI-powered scam-script tools in more than 50 forums by late 2024, reducing the labor cost of a sustained pig-butchering campaign by an estimated 60% to 80%.
Deepfake video adds another layer. The U.S. Secret Service published a threat assessment in January 2024 identifying deepfake video calls as an emerging vector in business email compromise attacks involving cryptocurrency. In one documented case, a Hong Kong finance employee transferred $25 million after participating in a video call populated entirely by AI-generated likenesses of company executives, a case widely covered by Reuters and Hong Kong law enforcement in February 2024.
Also Read: Foreign Investors Dump Korean Stocks Despite Kospi’s Record Rally
DeFi Protocols Remain The Largest Single Category Of Theft
Smart contract exploits, oracle manipulation attacks, and bridge vulnerabilities accounted for the largest share of raw cryptocurrency theft in 2025 by dollar value when social engineering losses are separated from protocol-level hacks. Chainalysis reported that DeFi protocols lost approximately $2.2 billion to hacks in 2024 alone, and preliminary 2025 figures from blockchain security firm Immunefi show losses of $1.74 billion through the first three quarters of 2025 across 192 incidents.
The attack surface is widening rather than narrowing. As the total value locked across DeFi protocols grew past $100 billion in early 2025, the financial incentive to discover and exploit vulnerabilities increased proportionally. Radiant Capital’s October 2024 exploit, in which attackers compromised three of eleven multisig signers through malware-infected hardware wallets and drained $50 million, demonstrated that operational security failures at the team level now represent as large a risk as code-level bugs.
> DeFi protocols have lost more than $7 billion to hacks and exploits since 2020, with bridge vulnerabilities accounting for roughly 38% of total value stolen in that period.
Cross-chain bridges remain structurally the most vulnerable component of the decentralized ecosystem. The 2022 Ronin Bridge hack, which resulted in $625 million in losses, established the template. By 2025, bridge security had improved but the attack surface had expanded to include intent-based bridging protocols and shared liquidity layers that introduce new trust assumptions. Security researchers at Trail of Bits published a 2024 audit framework specifically targeting cross-chain message validation, identifying five common vulnerability classes that remain unpatched across dozens of live protocols.
Also Read: Worldcoin Climbs as Crypto Rebounds and AI Identity Legislation Heats up
Address Poisoning And Clipboard Attacks Surge In Volume
While high-value DeFi exploits attract headlines, a quieter category of attack has grown dramatically in transaction count: address poisoning. In this attack, a fraudster sends a small amount of cryptocurrency from an address engineered to visually resemble a target’s legitimate counterparty address, hoping the victim will copy the wrong address from their transaction history for a subsequent high-value transfer.
On-chain data analysis by ZachXBT, the pseudonymous blockchain investigator, documented more than 340 confirmed address poisoning incidents in 2024 resulting in losses exceeding $68 million. The attack is effective because most wallet interfaces display only the first and last four to six characters of an address, allowing a carefully crafted lookalike address to pass visual inspection. One incident in May 2024 saw a single victim lose $71 million in wrapped Bitcoin (BTC) (BTC) through this mechanism, a case confirmed by multiple on-chain analysts.
> Address poisoning attacks generated more than $68 million in confirmed losses in 2024 across at least 340 documented incidents, with the attack cost to perpetrators measured in cents per attempt.
Clipboard hijacking malware compounds the problem. Malicious software installed through fake wallet applications or browser extensions monitors the clipboard for cryptocurrency address patterns and silently substitutes attacker-controlled addresses at the moment of paste. The Cybersecurity and Infrastructure Security Agency (CISA) flagged clipboard hijackers as a priority threat in its 2024 cryptocurrency security advisory, noting that variants were distributed through trojanized versions of legitimate wallet software hosted on convincing phishing domains.
Also Read: Railgun Uses Zero-Knowledge Proofs To Hide Every Trade You Make
The Geography Of Fraud Operations
Cryptocurrency fraud is geographically concentrated on both the perpetrator and victim sides in ways that shape enforcement outcomes. The United Nations Office on Drugs and Crime (UNODC) published a landmark 2024 report identifying Myanmar, Cambodia, and Laos as the principal geographic hubs for large-scale online fraud compounds. These compounds collectively employed an estimated 100,000 to 300,000 workers, many of whom were trafficked, as of the report’s publication date in October 2024.
The compounds operate in territories with limited central government control, making law enforcement action from outside jurisdictions legally and logistically complex. Erin West, a deputy district attorney in Santa Clara County, California, who has specialized in pig-butchering prosecutions, said in congressional testimony in March 2025 that the jurisdictional fragmentation between the U.S., Southeast Asian governments, and cryptocurrency exchanges created “a corridor of impunity” that prosecutorial tools were not designed to penetrate.
> The UNODC estimated in October 2024 that Southeast Asian fraud compounds generated between $27.4 billion and $36.5 billion in annual illicit proceeds, of which cryptocurrency fraud was the largest single component.
Nigeria, Ghana, and other West African nations remain significant sources of advance-fee and romance fraud at lower average transaction values but high volumes. Meanwhile, Eastern European organized crime groups dominate ransomware operations, which represent a distinct but overlapping fraud ecosystem. The FBI’s 2025 report noted that ransomware payments in cryptocurrency reached $1.1 billion in 2023, a figure first identified by Chainalysis, and remained elevated through 2025.
Also Read: Nvidia Tops 2026 Best Companies for the Future Ranking
Enforcement Actions And Their Limits
Governments have responded to the cryptocurrency fraud epidemic with increasing legislative and prosecutorial activity, but the results remain structurally constrained. The U.S. Department of Justice’s National Cryptocurrency Enforcement Team (NCET) has expanded its case load significantly since its 2021 founding, securing high-profile convictions including the Bitfinex hack recovery and multiple exchange executive prosecutions. In April 2025, the DOJ announced a coordinated takedown of 18 domains linked to a pig-butchering network that had defrauded more than 900 U.S. victims of a combined $200 million.
Yet the macro statistics expose the enforcement ceiling. The FBI received 69,000 cryptocurrency fraud complaints in 2025. The DOJ’s NCET has a staff of fewer than 50 attorneys and investigators. Simple arithmetic shows that comprehensive prosecution of even 1% of reported cases would require resources that do not exist within current budget allocations. The 2024 National Defense Authorization Act included provisions for expanded cryptocurrency training at the FBI, but additional funding appropriated was $25 million over five years, a figure analysts at the Brookings Institution described as “a fraction of what a single large pig-butchering compound generates in a month.”
> The DOJ’s NCET secured a $200 million pig-butchering takedown in April 2025, yet enforcement resources are sufficient to formally prosecute fewer than 1% of the cryptocurrency fraud complaints received annually by the FBI.
Exchange-level compliance remains the most scalable enforcement lever available. Binance’s 2023 settlement with the U.S. Department of Justice, which included a $4.3 billion penalty and appointment of a compliance monitor, set a precedent for holding exchange infrastructure accountable for fraud facilitation. Subsequent actions against OKX and KuCoin in 2024 extended that logic. Know-your-customer requirements, transaction monitoring, and Suspicious Activity Report filing obligations now apply to the major centralized exchanges, but decentralized infrastructure remains largely outside this perimeter.
Also Read: Philippines Earthquake
Victim Recovery Rates And Asset Tracing Realities
The cryptocurrency industry’s native transparency, every transaction permanently recorded on a public ledger, creates a theoretical advantage for asset recovery that distinguishes it from traditional wire fraud. In practice, that advantage is aggressively countered by a layered obfuscation ecosystem that has grown in sophistication in parallel with enforcement capability.
Blockchain analytics firms Chainalysis, Elliptic, and TRM Labs can trace funds with high confidence across most public chains. Their tools are used by the FBI, the IRS Criminal Investigation division, and dozens of international agencies. Successful recovery stories exist. The DOJ’s 2022 recovery of 94,636 BTC connected to the 2016 Bitfinex hack, then valued at approximately $3.6 billion, was the largest financial seizure in U.S. Justice Department history and demonstrated what is possible when assets remain on traceable chains.
> The 2022 Bitfinex recovery of 94,636 BTC, valued at approximately $3.6 billion at seizure, remains the single largest asset recovery in DOJ history but required six years of investigative work and significant luck in the perpetrators’ operational security failures.
The obfuscation countermeasures have kept pace. Tornado Cash, before its August 2022 sanctions designation by the U.S. Treasury’s Office of Foreign Assets Control (OFAC), processed billions in illicit funds. Its successors, including privacy-preserving cross-chain bridges, zero-knowledge mixing protocols, and chain-hopping sequences through low-liquidity altcoins, now represent an obfuscation pipeline that analysts say can defeat standard heuristic tracing in the majority of high-value fraud cases. The median recovery rate for cryptocurrency fraud victims who report to the FBI remains below 4%, a figure the IC3 has disclosed consistently since 2022.
Also Read: Iran Resumes Strikes on Israel, Sending Oil Prices Sharply Higher
What Regulators Are Building In 2026
The regulatory response to cryptocurrency fraud has accelerated in 2026 across multiple jurisdictions. In the United States, the passage of the Digital Asset Anti-Money Laundering Act provisions embedded in broader cryptocurrency market structure legislation has extended Bank Secrecy Act obligations to decentralized finance protocol front-ends, self-hosted wallet providers servicing commercial customers, and cryptocurrency ATM operators. The Financial Crimes Enforcement Network (FinCEN) published updated guidance on May 5 clarifying that mixing service operators facilitating more than $1 million in monthly transaction volume must register as money services businesses.
The European Union’s Markets in Crypto-Assets regulation (MiCA), which entered full force in December 2024, requires all cryptocurrency asset service providers operating in EU member states to maintain fraud monitoring systems and report suspected cases to national financial intelligence units within 24 hours. Early compliance data from the European Banking Authority shows that 74% of registered CASPs met the reporting timeline requirement in Q1 of 2026, a higher rate than initial projections.
> MiCA’s fraud reporting mandates, now in full force across EU member states, require 24-hour incident disclosure from cryptocurrency service providers, with 74% compliance in Q1 of 2026, according to EBA monitoring data.
In Asia, Singapore’s Monetary Authority (MAS) has pursued mandatory “kill switches” for exchanges operating under its Payment Services Act license, allowing real-time freezing of accounts flagged by law enforcement. Japan’s Financial Services Agency has imposed strict annual audits of fraud prevention controls on all licensed exchanges following the 2024 DMM Bitcoin hack, which resulted in losses of approximately $305 million. The global regulatory architecture is consolidating, but coverage gaps across smaller jurisdictions remain large.
Also Read: Iran Fires Missiles at Israel, Sending Oil Prices Sharply Higher
How The Fraud Ecosystem Launders Proceeds
Understanding the downstream money laundering infrastructure is essential to any complete analysis of cryptocurrency fraud, because seizure at the laundering stage is often more achievable than interdiction at the point of fraud. Elliptic’s 2024 cryptocurrency crime report identifies a three-stage model common to high-volume fraud proceeds: aggregation on a single chain, rapid cross-chain movement to reduce traceability, and final off-ramp through peer-to-peer exchanges, over-the-counter desks, or compliant exchanges in jurisdictions with weak transaction monitoring.
The peer-to-peer and OTC layer is the most significant enforcement gap. Platforms like Huione Guarantee, a Cambodian OTC marketplace that TRM Labs documented in July 2024 as having processed more than $11 billion in suspected fraud proceeds since 2021, operate in jurisdictions outside the reach of Western enforcement. Huione Guarantee later launched its own stablecoin specifically designed to reduce its dependence on regulated financial infrastructure, a development that the U.S. Treasury flagged in March 2025 as a major money laundering risk.
> TRM Labs documented more than $11 billion in suspected fraud proceeds flowing through a single Cambodian OTC platform between 2021 and mid-2024, illustrating the scale of the laundering infrastructure supporting cryptocurrency scam operations.
Stablecoin rails have become the dominant medium for both fraud operations and laundering because they offer dollar-denominated value storage with cryptocurrency-speed settlement and no requirement for a banking relationship. Tether (USDT) and USDC are both used extensively, though Tether (USDT)‘s significantly larger market share and its historical presence across less-regulated exchanges has made it the predominant vehicle in documented fraud cases. Tether has proactively frozen wallets at law enforcement request on multiple occasions, including a coordinated action with the DOJ in November 2024 that froze $225 million linked to a Southeast Asian fraud ring, but its reactive posture is structurally limited against the volume of fraud flows.
Read Next: Hong Kong’s IPO Boom Hides a Deepening Performance Problem
Conclusion
The $11.3 billion in cryptocurrency fraud losses recorded in 2025 is not an aberration. It is the output of a mature, professionalized criminal industry that has optimized its operations over more than a decade, adapted to every enforcement action taken against it, and now has access to artificial intelligence tools that make each individual operator more productive and harder to detect. The gap between criminal capability and enforcement capacity is not closing. By most measurable indicators, it is widening.
Three structural dynamics are likely to define the trajectory through the remainder of 2026 and beyond. First, AI-powered personalization will make social engineering attacks more convincing and harder to distinguish from legitimate financial communication, raising the baseline competence required for any fraud awareness campaign to be effective. Second, the proliferation of cross-chain infrastructure will continue to fragment the on-chain trail that blockchain analytics firms rely upon, reducing recovery rates further from an already catastrophically low 4% baseline. Third, the regulatory frameworks taking shape in the U.S. and EU are materially better than what existed three years ago, but their jurisdictional limits mean that the fraud compound model, physically located in sovereign territories with limited cooperation agreements, remains largely intact.
The cryptocurrency industry’s response to fraud has historically been reactive. Protocol teams prioritize shipping features over security audits. Exchanges invest in compliance only when regulators force the issue. The data through 2025 suggests that this posture carries a compounding cost: each dollar of fraud loss not only harms individual victims but corrodes the institutional trust that the broader industry depends upon for mainstream adoption. The victims who lose retirement savings to pig-butchering scams do not return to cryptocurrency markets. They become its most vocal critics. For an industry that has spent more than a decade arguing that it deserves to be taken seriously, $11.3 billion in annual fraud losses is the most damaging counterargument in circulation.
Read Next: Zcash Surges 20% as Privacy Coins Find Renewed Bid After AI Bug Discovery
—
