A dimly lit server room with blue lighting casting shadows on rows of hardware — atmosphere of hidden digital risk

Topic: Finance · Crypto · Type: Evergreen · Reading time: ~8 min

Ninety-three people notified by the FBI's crypto fraud unit were referred to a suicide intervention specialist last year. Not because they lost a bet on a volatile token. Because they were systematically deceived by organised criminals who spent weeks or months earning their trust — then took everything.

That number doesn't make headlines. The dollar figures do. Americans reported more than $11 billion in crypto-related losses to the FBI in 2025 — over half of all internet crime losses recorded that year. The real figure, accounting for the estimated 95–98% of victims who never file a report, is probably closer to $200 billion. Globally.

This post is not about whether crypto is a good investment. It's about the fraud infrastructure that has grown up alongside it, why it keeps getting more sophisticated, and what you can actually do to stay safe.

The scam is the product: how modern crypto fraud works

Most people picture crypto scams as obvious: a stranger emails you promising 10x returns, you fall for it, you lose money. That's not how the industry-scale operations work anymore.

The dominant fraud model in 2024 and 2025 is known as "pig butchering" — a term that originated in Chinese criminal slang and refers to the practice of fattening a pig before slaughter. Victims are "fattened" over weeks or months through a manufactured relationship before they're drained.

Here's how the playbook runs: you receive a message — often a wrong-number text, a LinkedIn connection request, or a reply to a comment you made — from someone who seems normal. They don't mention crypto immediately. They build a relationship over days or weeks, share details about their own "successful" investments, and eventually introduce you to a platform where you can invest alongside them. The platform looks professional. Early withdrawals work fine — this is deliberate. By the time the victim tries to exit fully, the platform invents reasons to block them: unpaid taxes, verification fees, anti-money-laundering holds. Each invented barrier extracts more money before the operation vanishes.

Pig butchering revenue grew nearly 40% year-over-year in 2024, according to Chainalysis, while the number of individual victims grew by 210%. That divergence matters: operations are expanding their victim pools, prioritising volume over maximum extraction per target. The scams are no longer run by lone operators. Many are run from industrial-scale fraud compounds in Myanmar, Cambodia, and Laos where trafficked workers — themselves victims of labour exploitation — are forced to run scripts on targets assigned by management.

Worth knowing: According to the FBI, 78% of crypto fraud victims who were proactively contacted by Operation Level Up (a US federal intervention programme) were entirely unaware they were being scammed at the time of contact.

The other threats: hacks, rug pulls, and exchange failures

Pig butchering targets individuals through social engineering. But the crypto ecosystem also has structural vulnerabilities that cost billions regardless of how careful you are.

Exchange and protocol hacks are the most dramatic. In February 2025, Lazarus Group — a hacking operation linked to North Korea — stole approximately $1.5 billion in Ethereum from the Bybit exchange in a single attack, the largest crypto theft ever recorded in dollar terms. Total hack losses in H1 2025 exceeded $2.47 billion, already surpassing all of 2024 — driven primarily by wallet compromises where attackers gain access to private keys through malware or social engineering rather than breaking encryption directly.

Rug pulls operate differently. Developers launch a legitimate-looking token or DeFi protocol, attract real investment, then abruptly withdraw liquidity or exploit a hidden backdoor in the smart contract code — leaving investors with tokens worth nothing. In 2024 and 2025, this pattern migrated heavily to memecoins: projects that generate viral hype before insiders sell their holdings en masse, crashing the price and disappearing. A notable 2025 example involved the LIBRA memecoin, publicly linked to Argentina's president Javier Milei, which surged on that association and then collapsed as liquidity was removed.

Phishing at the wallet level is different from phishing for a password. An "address poisoning" attack sends you a tiny, worthless transaction from a wallet address that looks almost identical to one you've used before. If you later copy an address from your transaction history without checking all 40+ characters, your funds go to the attacker. In 2024, wallet drainer attacks — where users are tricked into signing transactions that grant an attacker unrestricted spending access — stole $494 million, a 67% increase over 2023.

If you're thinking about how the crypto ecosystem fits into a broader portfolio, it's worth reading how much of your portfolio should actually be in crypto before putting anything at risk.

Why AI is making this worse

Scammers now use AI the way legitimate businesses use marketing software — at scale, personalised, and increasingly indistinguishable from real human contact.

Deepfake video scams impersonating Elon Musk, Michael Saylor, and other prominent crypto figures flooded YouTube and social media in 2024–2025, promoting fake giveaway events ("send 1 BTC, receive 2 BTC back"). Voice cloning allows a scammer to call someone while convincingly mimicking a trusted contact or an exchange's customer service team. AI-generated identity documents help fraudsters bypass KYC verification at exchanges. TRM Labs reported a 456% increase in AI-enabled crypto scam reports between mid-2024 and mid-2025.

The practical implication is that "it looked real" is no longer a useful defense. A sophisticated 2025 pig butchering operation can maintain a convincing online persona across multiple months of daily contact, produce fake account statements, pass video calls using a deepfake overlay, and generate professional-quality documentation on demand. The indicators of trust that people have relied on for decades — seeing someone's face, hearing their voice, reviewing their documents — are no longer reliable at face value.

Understanding the mechanics of Bitcoin and Ethereum can help you spot technically impossible claims that scam platforms routinely make — guaranteed returns, locked liquidity, "risk-free" staking yields.

What actually protects you

The security advice that circulates most often ("use a hardware wallet, enable 2FA") is correct but incomplete. Here's a more precise picture of what reduces risk at each layer.

For exchange-level risk (the Bybit scenario):
- Don't hold significant long-term crypto balances on exchanges. Exchanges are hot targets. Funds held directly on an exchange are the exchange's liability until you withdraw.
- If you do hold on an exchange, choose one with a published proof-of-reserves audit and a history of responsible security disclosure.
- Use an authenticator app (Google Authenticator, Authy, Aegis) rather than SMS-based 2FA. SIM-swap attacks — where an attacker convinces your phone provider to transfer your number — can bypass SMS codes entirely. A hardware security key (YubiKey) is stronger still.

For wallet-level risk (phishing, drainers, address poisoning):
- For any meaningful amount of crypto, a hardware wallet (Ledger, Trezor) stored offline is the standard recommendation. Private keys never touch an internet-connected device.
- Never type your seed phrase into any website or app. No legitimate service will ever ask for it.
- When sending crypto, verify the full wallet address character-by-character before confirming — not just the first and last four characters.
- Be suspicious of any browser extension related to crypto. Malicious extensions are a primary vector for clipboard hijackers that silently replace wallet addresses when you copy them.

For scam-level risk (pig butchering, fake platforms, AI impersonation):
- Treat unsolicited contact about investment opportunities — from any platform, in any form — as a scam until proven otherwise. This includes LinkedIn, WhatsApp, Telegram, and dating apps.
- Search the name of any platform you're asked to use against "[platform name] scam" before sending any money. Check the DFPI Crypto Scam Tracker (California's Department of Financial Protection and Innovation maintains a live database).
- If an investment platform shows consistent, outsized returns with no down days — that's not a signal of quality. It's a signal of fabrication.
- If you are ever told you need to pay fees, taxes, or a "verification deposit" before you can withdraw your money, stop. That's a universal marker of fraud.

For a deeper technical grounding on where your crypto actually lives and who controls it, understanding crypto wallets — hot vs cold, custodial vs non-custodial is worth the 10 minutes.

What to do if it happens to you

Recovery is genuinely difficult, but speed matters. Blockchain transactions are irreversible, but funds sitting in a scammer's wallet before conversion aren't necessarily gone.

Report immediately to: the FBI's Internet Crime Complaint Center (IC3.gov), your country's financial regulator (FCA in the UK, BaFin in Germany, ASIC in Australia), and the exchange or platform where the transfer originated. Exchanges with good compliance teams can sometimes freeze associated accounts.

Document everything: wallet addresses involved, transaction IDs, screenshots of any communication with the scammer, and the URL of any fake platform. This information is essential both for law enforcement and for any blockchain analytics firm that might assist.

One final warning: once you've been victimised, you may be targeted again. Recovery scams specifically target previous crypto fraud victims, offering to trace and recover lost funds for an upfront fee. They are themselves scams. Real law enforcement agencies do not contact victims via Telegram or WhatsApp to offer recovery services.

The one thing to do this week

The single most effective thing most crypto holders can do immediately is move long-term holdings off centralised exchanges into a hardware wallet — and store the seed phrase offline, written on paper, in a place that isn't your home office desk.

The scam infrastructure is real, professional, and growing. But the people it harms most consistently are those who weren't told it existed. Now you know it does.