A sophisticated social-engineering attack led to the theft of more than $282 million in BTC and LTC, with the funds rapidly laundered through monero.
Crypto phishing losses plunged in 2025, but experts warn the threat has only changed shape rather than disappeared. Reports show a sharp fall in money stolen by wallet-draining scams, even as attackers tested new tricks tied to recent protocol changes. Related Reading: Bitcoin Dominance Grows As Altcoins Post Another Losing Year: Analyst Scam Sniffer Data Shows Drop According to Scam Sniffer’s 2025 analysis, wallet drainer phishing losses fell to about $83.85 million — an 83% decline from roughly $494 million in 2024. The number of affected wallets dropped to around 106,000, a fall of about 68% year-on-year. These figures come from the security platform’s annual study and were picked up by major crypto outlets. Attackers Shift, Not Stop Only 11 incidents topped $1 million in 2025, down from 30 the prior year, signaling fewer headline grabs but a rise in smaller hits. The largest single theft recorded last year was roughly $6.5 million, tied to a malicious Permit signature attack. Average losses per victim fell to roughly $790, which suggests attackers moved toward more frequent, lower-value strikes. Market Moves Mattered Losses followed market activity. The third quarter logged the highest damage at about $31 million, when Ethereum’s rally brought more users and approvals onchain. Monthly peaks included August, which posted about $12.17 million, while December was the quietest with roughly $2 million. That pattern shows fraudsters target busy trading windows. 1/ Ever woken up to an empty crypto wallet? With scammers draining $107K+ across EVM chains JUST THIS WEEK (per @zachxbt), it’s scarier than ever! Shoutout to @realscamsniffer for their 2025 report – losses down 83%, but threats are evolving FAST. Let’s recap & warn on 2026… https://t.co/uSerpsg80d — JP (@rugpullfinder) January 3, 2026 Permit Signatures And New Vectors Reports highlighted Permit and Permit2 signature abuses as a major driver of big losses, accounting for a large share of multi-million cases. Scam Sniffer also flagged EIP-7702 batch signature techniques that were used in a few complex attacks after network upgrades. Security teams say these methods exploit user approval flows rather than raw smart-contract bugs. Why The Drop Happened Analysts attribute much of the improvement to better wallet warnings, wider use of approval revocation tools, and more active tracking by onchain monitors. Some defenders also point to reduced market froth in parts of the year, which lowered the pool of high-value targets. Still, multiple outlets stress that reduced totals do not equal safety. Related Reading: A Maduro Bet, A Market Alarm: US Lawmaker Targets Trading Abuses Based on reports, phishing will likely remain cyclical: losses could spike again during big rallies or when new signing features are introduced. Security firms urge users to check approvals, avoid blind signing, and use wallet tools that flag risky requests. Regulators and exchanges are watching the trend, but responsibility for many attacks still falls to individual users and wallet software. Featured image from Unsplash, chart from TradingView
The scammer sent a small "dust" amount to the victim's transaction history, causing the victim to copy the address and send $50M to the scammer's address.
A US investor says he lost $3 million in XRP after hackers emptied his wallet, and blockchain tracking suggests the funds moved fast through shadowy over-the-counter networks tied to Southeast Asia. Related Reading: Biggest Shiba Inu Burn In Months — And It Came From A Coinbase Account Funds Traced To OTC Networks According to blockchain sleuth ZachXBT, the stolen coins were first pooled into a single Tron address and then pushed through OTC services linked to an illicit marketplace known as Huione Guarantee. Reports have disclosed that Huione Guarantee is tied to a range of criminal activity, and that once funds enter those channels they are very hard to recover. The trace provides a clear record of movement on public ledgers, but it does not guarantee that law enforcement can follow the money to its final holders. 9/ Unfortunately the likelihood of this victim seeing any funds recovered is rather low due to a delay in reporting the theft to competent people within the private sector. I recommend victims try to report theft addresses to people as soon as possible as otherwise it can be… pic.twitter.com/Ficcit611f — ZachXBT (@zachxbt) October 19, 2025 Victim Says He Followed Best Practices Brandon LaRoque, the investor at the center of the case, told viewers that he had built his position over eight years and held about 1.2 million XRP. He posted a video this week explaining the loss, which has drawn wide attention online. “I thought I did all the things right,” he said, after describing how his Ellipal device turned out to be connected to the internet. The device maker, Ellipal, acknowledged that the seed phrase was imported into an app and said it was doing everything possible to help. Based on reports, the company suggested the theft followed a misuse of the seed rather than a flaw in a strictly offline product. A Human Cost LaRoque said he and his wife retired about a year ago and were planning to buy a house in Las Vegas. Now they say they may need to return to work. The loss is a stark example of how long-term small investors can be swept away by a single security lapse. The emotional impact is real. Many viewers on social platforms have offered help, but experts warn that public attention does not equal recovery. Experts Urge Caution On Recovery Firms According to ZachXBT, victims who want to pursue recovery must move quickly and seek competent private investigators, while avoiding predatory firms that promise guaranteed returns. Tracing on the blockchain can show where funds went next, and it can expose links to mixing services or OTC desks, but converting that trace into arrests or asset returns is complex. In the US, access to specialized crypto law enforcement is limited, which reduces the odds of successful recovery in many cross-border theft cases. Related Reading: Bitcoin’s Moment? Analyst Urges Traders To Swap Gold For Crypto Institutional Activity Rises As Retail Losses Persist Meanwhile, XRP has seen notable activity in regulated markets. Reports show more than 476,000 XRP futures contracts traded since May 2025, totaling $23.7 billion. Open interest has reached $1.4 billion, and the number of large institutional investors hit a record of 29. Featured image from Gemini, chart from TradingView
A fraudster posing as a hardware wallet support agent tricked the target into handing over wallet credentials.
Three high-profile exploiters have taken advantage of ether’s rally to liquidate stolen funds, pocketing tens of millions in extra profits.
Blockchain security firm CertiK says the lender’s website and X account have been offline since Aug. 4, after an attack drained millions.
Between January 2022 and July 2023, Eli and Kaitlyn Regalado allegedly solicited nearly $3.4 million from investors and mostly targeted churches.
A fake hardware wallet bought via TikTok led to a $6.9-million crypto theft; hackers are now targeting devices meant to keep funds safe.
A portion of the stolen funds has already been bridged from Arbitrum to Ethereum.
Analysts at BitMEX Research have raised the alarm about a scam targeting early Bitcoin holders, particularly those with wallets dating back to 2011. According to the firm, the scam appears to exploit long-dormant addresses by injecting false transactions and misleading messages via OP_Return outputs, an optional field in Bitcoin transactions that can carry arbitrary data. […]
The post Scam targets dormant Bitcoin wallets with fake legal notice appeared first on CryptoSlate.
Honeypot scams lure crypto investors into buying tokens they can’t sell, locking their funds through smart contract tricks.
Ravindra Kumar denied involvement of any wrongdoing on Friday.
Cardi B’s recent post about the meme token Wet A*s P*ssy (WAP) turned into a dramatic market shakeup. Within minutes, WAP’s market cap plunged from $2 million to just $150,000. The token’s price shot up to $0.0020 briefly, then tumbled over 90% back to $0.00019, wiping away almost all of this week’s gains. Related Reading: Is $250K Bitcoin Possible This Year? This Research Chief Thinks So Celebrity Tweet Sparks Chaos According to reports, Cardi B shared a wallet address on her official X account with the caption “even wetter than last time.” That single message sent ripples through the crypto world. Prices leaped, then crashed. Market watchers were left scratching their heads as billions of dollars in value seemed to vanish in mere moments. Suspicious Wallet Activity Blockchain trackers spotted something odd. A handful of wallets bought big chunks of WAP just five days before the tweet. They offloaded their tokens almost immediately after Cardi B’s post, banking roughly 10 times their original stake. So today, @iamcardib remembered that she still held a large portion of the $WAP supply and decided to run another pump and dump. The token went from 2.5M to 139k a couple of minutes after the tweet The dump was triggered by some wallets that bought the token around five days… pic.twitter.com/7Nwr27rcZA — dethective (@dethective) June 3, 2025 These sudden sells helped push the token’s price back down to around $0.00019. Based on reports, this pattern looks like a classic pump-and-dump. It raises questions about whether insiders planned the entire move. POV you might owe millions pic.twitter.com/j9FGLgoSBM — ZachXBT (@zachxbt) June 4, 2025 History Of WAP Controversies This isn’t the first time WAP caused trouble. Back in October 2024, Cardi B gave it a shout-out, and security firm PeckShield flagged the token for possible malicious deeds. That earlier buzz even led to an investigation by the UAE’s Securities and Commodities Authority after investors raised alarms over fraud and market manipulation. Many in the crypto community thought everyone would steer clear this time. Instead, the past slipped from memory, leading to heavy losses all over again. Investors Left Holding The Bag In the last 24 hours, WAP’s value dropped another 80%. Now it trades near the same levels it was at the end of May. Everyday traders who jumped on the hype found themselves staring at red numbers. Based on reports, some wallets walked away with tenfold returns in minutes. Meanwhile, others ended up with nearly worthless tokens. The speed of this rise-and-fall serves as a harsh reminder: if you buy a token right as it peaks, you might be stuck when the next crash hits. Related Reading: $500M Bet On Solana: Education Platform Aims To Supercharge Its Treasury Cardi B’s follow-up post clarified that her account was not hacked, promising more from “$WAP space” soon. Yet this explanation did little to calm nerves. Critics say it’s hard to separate the artist’s genuine interest from a planned marketing push. Some point out that even if she didn’t directly benefit, her endorsement gave insiders exactly the spotlight they needed to unload their shares. Featured image from Andrew Kelly/Reuters/USA Today, chart from TradingView
A crypto trader lost over $2.5 million worth of Tether (USDT) after falling for the same scam twice within hours. On May 26, blockchain security firm Scam Sniffer reported that the first error occurred when the trader copied a manipulated wallet address from their transaction history. This resulted in a transfer of $843,000 to the […]
The post Crypto trader loses $2.5 million USDT after falling for address poisoning scam twice appeared first on CryptoSlate.
The exchange fired staff involved in the breach on the spot and will press criminal charges.
What is a digital twin? A digital twin is a virtual model or replica of a physical object, system or process. It’s like a digital mirror, allowing us to simulate, monitor and predict the behavior of real-world entities in real-time. These virtual counterparts are designed to pull data from physical sensors or inputs, providing a continuous feedback loop that helps with analysis, optimization and decision-making. Digital twins can represent almost anything, from machinery in a manufacturing plant to human behavior or entire cities.In industries like healthcare, automotive, manufacturing and urban planning, digital twins allow for better resource management, predictive maintenance and more accurate simulations before physical changes are made. In essence, they help prevent costly mistakes by modeling complex systems in the virtual world before implementing them in the real world.Digital twins have taken on a darker role in the blockchain and cryptocurrency sectors. Cybercriminals use digital twin technology rather than simulating physical objects to create synthetic identities, replicas of real individuals, often derived from stolen data. These digital copies are then used to infiltrate online communities, impersonate influencers or executives, or manipulate systems for financial gain. How cybercriminals weaponize digital twins to scam crypto users In the crypto world, where anonymity and trustless transactions reign supreme, digital twins have emerged as a potent tool for cybercriminals to exploit. Scammers can take advantage of the decentralized, unregulated nature of crypto platforms to perpetrate these frauds. Here’s a deeper look at how scammers weaponize digital twins:Identity cloning: Cybercriminals gather personal data from social media, data breaches and other online sources to create a highly accurate digital twin of a real person. This might include images, voice recordings, writing style and even behavioral patterns. Once the digital twin is created, it can be used to impersonate individuals and gain trust from others in the crypto community.Fake influencers or advisers: Crypto influencers, who often command significant trust and attention, are prime targets for digital twin scams. By replicating their speech patterns, mannerisms and even generating deepfake videos, scammers can pose as trusted personalities in the space. These fake versions may promote fraudulent investment schemes, fake tokens or manipulate users into sending crypto to scam wallets.Synthetic KYC (Know Your Customer) scams: Some digital twins are created to bypass KYC processes on exchanges or decentralized finance (DeFi) platforms. Attackers can generate fake identities and provide forged documents or images to appear legitimate, gaining access to accounts or executing unauthorized transactions. This can enable criminals to launder stolen funds or impersonate legitimate traders.Phishing with personalization: Phishing scams in the crypto space often target individuals with highly personalized messages. When a scammer creates a digital twin of a known figure, they can tailor their communications to appear more convincing. By using these personalized messages, they trick victims into clicking on malicious links, giving away private keys or downloading harmful software.Did you know? In 2023, a Hong Kong finance employee was tricked into transferring $25 million after joining a video call with what turned out to be deepfake versions of their colleagues, generated using publicly available footage. Examples of digital twin-related scams in crypto While digital twin scams in crypto might sound futuristic, they’re already happening, and AI is a big part of the problem. These scams don’t always rely on evil digital twins alone; many use deepfake videos, AI-generated profiles and hallucinated interfaces to deceive users. Here are some real-world examples:Deepfake CEO scam defrauds chief financial officer via video call: In a sophisticated attack, scammers created digital avatars of a company’s CEO and executives using publicly available video materials. They conducted a video call with the company’s chief financial officer, convincing him to transfer funds under false pretenses. The digital twins were so convincing that the executive did not suspect foul play during the call.UI spoofing mimics trusted crypto platforms: Cybercriminals have employed UI spoofing to create near-perfect replicas of legitimate cryptocurrency platforms. These counterfeit interfaces trick users into entering sensitive information or making transactions, believing they are interacting with the real platform. The high fidelity of these digital twins makes them particularly dangerous, as they can bypass traditional security measures.AdmiralsFX scam uses deepfakes to lure investors: A large-scale scam operated by a call center in Tbilisi, Georgia, used deepfake videos of celebrities to promote a fraudulent cryptocurrency investment platform called AdmiralsFX. Victims were shown AI-generated videos of public figures endorsing the platform, leading them to invest substantial amounts of money. The operation defrauded over 6,000 individuals, highlighting the potent combination of deepfake technology and social engineering. How to spot interactions with evil digital twins: 6 Red flags Digital twin scams rely on sophisticated impersonation techniques, and scammers often use synthetic identities to build trust and manipulate their targets. To help you stay alert, here are six red flags that can help you identify interactions with synthetic identities. Watch for these warning signs to protect yourself from falling victim to fraud.Digital twin scams in crypto often hide behind polished, AI-generated responses that sound perfect but lack authenticity. If someone avoids live video calls and instead offers pre-recorded clips or deepfakes, be skeptical. Real people show up. Scammers frequently use urgency, pushing you to act fast with phrases like “limited offer” to bypass your judgment. One major red flag is receiving unverified crypto requests via DMs — legit professionals don’t do that. Always check profiles for inconsistencies like low follower counts or recent creation dates. Finally, be wary if someone insists on sticking to one platform and refuses to switch to secure or verified channels. These tactics combined often signal a coordinated scam using digital twin or AI deception.Did you know? Unlike traditional simulations, digital twins are dynamic virtual environments powered by real-time data. While a simulation models one process, a digital twin can run multiple simulations at once, constantly learning and adapting through a live feedback loop. Can blockchain help prevent digital twin-powered crypto scams? While blockchain technology is often targeted by cybercriminals due to its decentralized and pseudonymous nature, it also holds the potential to offer powerful solutions for combating digital twin-based scams.Blockchain, with its transparent and immutable features, provides unique tools that can help verify identities and secure transactions, making it harder for scammers to manipulate the system. Leveraging blockchain’s capabilities introduces robust security layers that verify the legitimacy of interactions, helping reduce fraud, identity theft and digital impersonation.Onchain identity verification: One of the most important developments in blockchain technology is the concept of decentralized identity (DID). With DID, individuals can verify their identity on the blockchain without relying on centralized authorities. This ensures that scammers cannot create synthetic identities without being detected. Blockchain provides a transparent, secure and verifiable system for managing identities, reducing the risk of impersonation.NFT identity markers: Some platforms use non-fungible tokens (NFT) as a form of digital identity. NFTs are unique and traceable on the blockchain, which makes it much harder to clone someone’s identity. If you’re engaging with a person who has a verified NFT identity, you can be more confident that they are who they claim to be.Immutable audit trails: Every transaction on the blockchain is permanently recorded and timestamped. This means that if someone tries to impersonate another person or create a fraudulent identity, their actions leave a trace. If a synthetic identity is used to scam individuals, the blockchain’s audit trail can help authorities track the perpetrator.Smart contract protections: Smart contracts on blockchain can be used to implement certain safeguards. For instance, smart contracts can include identity verification processes, ensuring that transactions aren’t processed unless the user’s identity is verified. This can help prevent users from sending crypto to scammers using fake identities.While not a silver bullet, blockchain can significantly strengthen trust and security in increasingly AI-powered digital environments.
Criminals are no longer using BTC, but instead choosing stablecoins, the report revealed.
Haliey Welch’s foray into cryptocurrency, initially met with hype, has become mired in controversy, with accusations of involvement in a crypto scam.
The token is down by more than 60% since launch.
The Donald and Melania Trump-backed memecoins that launched over the weekend have amassed a combined value of over $15 billion.
In response to a phishing operation especially meant to target users of the cryptocurrency exchange Coinbase, David Schwartz, Chief Technology Officer of Ripple, has issued a warning to the XRP community. This warning is a result of ongoing efforts to protect crypto holders against the growing complexity of newly developed schemes in the realm of […]
Millions of OpenSea user emails are now fully in the wild after the marketplace’s automation vendor leaked the emails in mid-2022.
The crypto community continues to reel from losses due to scams and hacks. According to Chainalysis data, funds stolen from crypto platforms increased by 21% from last year to $2.2 billion. And for the fourth straight year, losses from hacking and crypto scams exceeded $1 billion. While hacking and crypto scams remain a problem for […]
Nigeria’s anti-corruption agency arrested 792 suspected to be involved in a crypto romance scam scheme based out of the country’s largest city.
A crypto investigator uncovered that a former professional player on Fortnite could be associated with a major meme coin scam and hacking of celebrity accounts. Related Reading: Peter Schiff Slams MicroStrategy’s Bitcoin Bet: ‘It Will Crash’ Crypto sleuth ZachXBT discovered that the high-profile case of the $3.5 million scam of the token is linked to […]
The popular Lottie Player animations library was hacked to push a crypto-draining popup on multiple websites, which has now been fixed.
A United States appeals court said a federal court was right to toss Ali Sedaghatpour’s lawsuit claiming that his insurer, Lemonade Insurance, should cover him for a crypto scam loss.
Republican presidential nominee Donald Trump pitched himself as a pro-Bitcoin candidate, but not too long ago he said it was based on “thin air.”
The malicious wallet-draining app marked “the first time drainers exclusively targeted mobile users,” says Check Point Research.