Back to Chainara
THREAT INTELLIGENCE REPORT

2025 Blockchain Scams,
Fraud, and Bad Actor Threats

Comprehensive analysis of the evolving threat landscape targeting blockchain ecosystems and digital assets

$24.2B
Total Losses 2024
$1.5B
Largest Single Theft
66%
YoY Scam Increase

Executive Summary

Massive Investment Scams

Transnational fraud networks (e.g. Southeast Asia-based "pig butchering" rings) are stealing billions from victims via fake crypto investments. Americans alone lost $10 billion to such scams in 2024 – a 66% increase over the prior year.

U.S.–UK authorities have responded with unprecedented crackdowns, sanctioning scam syndicates and seizing record funds (including a $225.3 million crypto seizure, the largest in Secret Service history).

State-Sponsored Crypto Heists

Nation-state hackers, especially North Korea's Lazarus Group, are carrying out audacious cryptocurrency thefts to fund rogue regimes. In February 2025, Lazarus executed the largest digital theft ever, stealing approx. $1.5 billion in crypto from the ByBit exchange.

These state-backed attackers exploit technical vulnerabilities and social engineering to loot exchanges, then rapidly launder funds across many blockchains to evade capture.

Ransomware & Cybercrime Syndicates

Organized cybercriminal groups continue to extort organizations worldwide via ransomware and hacks. 2025 is on pace to be the worst year on record for crypto theft, with $1.93 billion stolen in the first half alone.

While total ransomware payments fell ~35% in 2024 compared to 2023 (to ~$813 million), ransomware remains a top threat as gangs like LockBit still routinely breach companies and demand hefty cryptocurrency ransoms. Criminals are targeting bigger victims ("big game hunting"), evidenced by 2024's record $75 million single ransom payment.

Phishing, Social Engineering & Deepfakes

Human-targeted attacks have exploded as the primary entry point for crypto theft and fraud. Phishing lures and fake crypto sites increased 40% in early 2025, and voice phishing ("vishing") call attacks spiked 442% in late 2024.

Scammers and hackers now leverage AI-powered tools – using deepfake audio/video and generative AI – to craft convincing personas, impostor messages, and even live video of CEOs or loved ones, dramatically boosting their success rates. These emerging tactics make social engineering more dangerous than ever, bypassing technical controls through deception.

Transnational Crypto Scam Networks ("Pig Butchering")

One of the most pervasive threats in 2025 comes from organized crypto investment scam networks that prey on victims globally. Often dubbed "pig butchering" scams, these schemes involve fraudsters cultivating trust (via social media, dating apps, etc.) and then enticing victims into fake crypto investments or trading platforms – until the "pig" is metaphorically fattened and eventually slaughtered (all funds stolen).

The scale of these operations is staggering and growing. The US government estimates that Americans lost at least $10.6 billion to online investment scams run from Southeast Asia in 2024. This reflects a sharp rise in activity by criminal syndicates in places like Cambodia, Laos, and Myanmar, where scam call-center compounds have proliferated.

Case Study: Prince Group TCO

In October 2025, U.S. and U.K. authorities announced the largest-ever joint action against a crypto scam network, targeting the Prince Group Transnational Criminal Organization based in Cambodia. Led by Cambodian businessman Chen Zhi, Prince Group ran a sprawling empire of fraudulent investment platforms that targeted victims worldwide (notably in the US, UK, and East Asia).

The network funneled billions in illicit proceeds and even enslaved its workforce – many scam call-center operators were themselves victims of human trafficking and forced labor, held in compounds under threats of violence.

In a coordinated crackdown, the U.S. Treasury's OFAC sanctioned 146 individuals and entities tied to Prince Group's scams, while FinCEN invoked special measures to cut off a key money laundering conduit (Huione Group) from the US financial system.

Record Seizures and Enforcement

Law enforcement is aggressively pursuing the funds tied to these scams. In June 2025, the U.S. Justice Department filed a civil forfeiture complaint to seize over $225.3 million in cryptocurrency linked to numerous investment fraud victims. According to officials, this represents the largest crypto seizure in Secret Service history and is part of a sweeping effort to claw back stolen money from foreign scam rings.

State-Sponsored Cryptocurrency Theft

On the nation-state front, North Korea remains the most prolific bad actor in the cryptocurrency realm. Pyongyang-backed hacking units (most infamously the Lazarus Group) have pivoted from traditional bank heists to crypto heists, stealing digital assets at a scale that threatens global financial security.

ByBit Exchange Hack – $1.5 Billion

The defining incident of 2025 (so far) was the February 2025 hack of ByBit, a Dubai-based crypto exchange, attributed to Lazarus. On Feb 21, North Korean hackers pulled off the largest cryptocurrency theft in history – roughly $1.5 billion in Ethereum and other assets stolen in a single breach.

The hackers exploited a vulnerability in ByBit's multi-signature wallet approval process, timing their attack during a scheduled transfer and effectively hijacking the exchange's hot wallet. They swiftly swapped the stolen tokens and scattered the funds across dozens of wallets within hours, outpacing many automated defenses.

The speed and sophistication of this operation made it a strategic strike rather than a mere theft – a wake-up call that an adversarial nation can infuse billions into its coffers overnight via cyber means.

Laundering Tactics and Evasion

North Korean crypto hackers are extremely adept at laundering their loot to circumvent global sanctions. TRM Labs and government agencies have observed that DPRK-linked laundromats are using an ever-diversifying web of blockchain services and bridges to obfuscate stolen funds. In 2023–2024, Lazarus began moving a lot of stolen crypto through decentralized cross-chain bridges and into certain ecosystems (notably the TRON network), which allow swapping assets with minimal oversight.

Ransomware and Organized Crypto-Enabled Crime

Beyond scams and state actors, the ransomware epidemic continues to plague businesses and critical infrastructure, with cryptocurrency as the preferred payment medium. Dozens of cybercrime gangs – many operating from Russia and Eastern Europe – relentlessly target Western companies, encrypting data and extorting victims for Bitcoin or Monero.

2024 saw something of a paradox: ransomware attackers collected less money overall than the prior year (roughly $813 million, down 35% from 2023), yet the threat itself did not diminish so much as evolve. The downturn in payments is partly because more victims refused to pay or improved their backups.

$75M
Largest Single Ransom (2024)
$1.5M
Median Top-Tier Ransom

However, the severity of attacks grew – the criminals shifted to "quality over quantity," hitting fewer targets but demanding larger ransoms from big corporations (a tactic known as "big game hunting"). In 2024, the largest ransom ever recorded was paid: approximately $75 million in cryptocurrency to a group dubbed Dark Angels.

Phishing, Social Engineering, and Emerging Tactics

Human-focused attack techniques underlie a vast portion of blockchain-related crime in 2025. Whether it's a scam victim persuaded to invest in a fake crypto platform, an exchange employee duped into running malware, or a CEO's email account hijacked via phishing – social engineering is the common denominator.

Phishing & Vishing Surge

Phishing (fraudulent emails, messages or websites that trick users into revealing credentials or secrets) has skyrocketed in both frequency and sophistication. Security firms saw phishing attacks on crypto users jump ~40% in early 2025.

Voice phishing (vishing) is also on the rise – criminals call targets impersonating tech support or bank officials. In fact, voice-phishing attempts spiked by 442% between the first and second halves of 2024.

Deepfakes, AI, and New Deceptions

In 2025, adversaries are increasingly wielding Artificial Intelligence as a force multiplier for scams and fraud. Advanced language models (LLMs) and AI-generated media are enabling more convincing, personalized con artistry at scale. Notably, criminals have been caught using AI deepfakes of voices and videos to impersonate trusted people.

Deepfake Impersonation for Fraud: Using AI-generated video or audio to impersonate senior executives, government officials, or loved ones to authorize fraudulent transfers.
"Crypto Recovery" Scams: After high-profile hacks, scammers contact victims posing as law enforcement or "asset recovery firms" that demand upfront fees (often in crypto) to help recover lost funds.
Address Poisoning: Scammers send tiny amounts of crypto using addresses similar to the victim's, hoping the user will later copy the wrong address when sending funds.
AI-Enhanced Phishing: Phishing emails crafted by AI had dramatically higher click-through success – 54% vs 12% for human-written phishing.

Recommendations

Harden Human Defenses

Invest in regular security awareness training. Emphasize phishing/vishing recognition, impose strict verification steps for financial transactions, and employ phishing-resistant multi-factor authentication (such as hardware security keys) for critical accounts.

Strengthen Technical Security

Ensure best-in-class security for crypto assets. This includes multi-signature or MPC wallets with out-of-band approval processes, hardware wallets for key storage, network segmentation, continuous monitoring, and regular penetration testing.

Leverage Blockchain Intelligence

Use blockchain analytics tools to screen crypto transactions and wallets for risk. These can flag if funds originate from known darknet wallets or are moving to sanctioned addresses, allowing you to act appropriately.

Plan for Incident Response

Develop incident response plans specific to crypto incidents. Include engaging law enforcement quickly, as timing is critical for potential fund recovery. Stay updated on evolving regulations and ensure compliance with OFAC, FinCEN, and other regulators.

Sources & Citations

The insights and data in this report are drawn from authoritative 2024–2025 threat intelligence analyses and official reports:

U.S. Department of the Treasury - U.S. and U.K. Take Largest Action Ever Targeting Cybercriminal Networks in Southeast Asia
U.S. Department of Justice - United States Files Civil Forfeiture Complaint Against $225M in Funds
War on the Rocks - Swap Around and Find Out: The New Rules of International Digital Economic Warfare
TRM Labs - 2025 Crypto Crime Report
Kroll - 2025 Cyber Threat Landscape Report: Cybercrime in the Crypto Era
Chainalysis - 2024 Crypto Crime Mid-Year Update Part 1: Cybercrime Climbs
Elliptic - The State of Crypto Scams 2025
Morgan Lewis - Key Takeaways from the CrowdStrike Global Threat Report 2025

Protect Your Organization

Learn how Chainara's threat intelligence platform can help defend against these evolving threats

Back to Chainara Contact Sales