Record crypto-fraud losses rise with AI-driven impersonation
Target Trend
Summary
Hide ▲
Show ▼
Cryptocurrency fraud is surging as scammers use AI chatbots and brand impersonation to widen victim reach and raise payout sizes. A Malwarebytes Labs analysis found a fake "Google Coin" presale site that mimics Google Gemini and pushes users to send irreversible crypto payments for nonexistent crypto. The broader pattern now includes trusted-brand lookalikes, polished sales pressure, and AI-assisted social engineering across the 2025–2026 timeframe.
Related Happenings
Lucifer DaaS’s evolution into a commission-based drainer service platform
Threat Actor Meta
First: 21.05.2026 17:00
Last: 21.05.2026 17:00
Sources 1
About this happening:
**Lucifer DaaS** has evolved into a **structured underground drainer platform**, shifting wallet theft from isolated phishing pages to a commission-based service model that scales...
Lucifer DaaS’s evolution into a commission-based drainer service platform
Threat Actor MetaAbout this happening: **Lucifer DaaS** has evolved into a **structured underground drainer platform**, shifting wallet theft from isolated phishing pages to a commission-based service model that scales...
FakeWallet crypto wallet phishing campaign targeting users in China
Campaign
First: 21.04.2026 00:52
Last: 21.04.2026 00:52
Sources 1
About this happening:
The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...
FakeWallet crypto wallet phishing campaign targeting users in China
CampaignAbout this happening: The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...
Latest development: 24.04.2026 14:48
Kaspersky said the FakeWallet campaign is gaining momentum with new tactics, including phishing apps published in the Apple App Store, cold wallet impersonation, and phishing notifications, and suspected it may be the work of threat actors linked to SparkKitty because some infected apps use OCR to steal wallet recovery phrases and the two campaigns share native Chinese-speaking operators and cryptocurrency targeting.
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
Campaign
First: 20.04.2026 16:33
Last: 20.04.2026 16:33
Sources 1
About this happening:
The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Scattered Spider SMS phishing and SIM-swap crypto theft campaign
CampaignAbout this happening: The **Scattered Spider** campaign used **SMS phishing** and **SIM swap** attacks to steal employee credentials, hijack phone numbers, and take over email and **virtual currency wa...
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
Campaign
First: 14.04.2026 15:00
Last: 14.04.2026 15:00
Sources 1
About this happening:
The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Triad Nexus investment scam and brand impersonation campaign targeting emerging markets
CampaignAbout this happening: The **Triad Nexus** campaign is continuing to run **large-scale investment scams** and **brand impersonation**, expanding into **emerging markets** and driving higher fraud losses...
Approval phishing crypto wallet fraud campaign
Campaign
First: 13.04.2026 11:00
Last: 13.04.2026 11:00
Sources 1
About this happening:
**Approval phishing** fraud networks were identified at scale, with **more than 20,000 victims** and at least **$33m** in additional stolen crypto tied to the operation. The fraud...
Approval phishing crypto wallet fraud campaign
CampaignAbout this happening: **Approval phishing** fraud networks were identified at scale, with **more than 20,000 victims** and at least **$33m** in additional stolen crypto tied to the operation. The fraud...
Timeline
-
14.01.2026 12:00 3 articles · 4mo ago
Chainalysis discloses record crypto-fraud losses driven by AI and impersonation
Initial DisclosureChainalysis reported record cryptocurrency fraud losses, saying at least $14bn in digital currency reached criminals last year and expecting $17bn in 2025 as more illicit wallets are identified. The analysis said individual scam payments rose 253% year-on-year to $2764, impersonation volume grew 1400% year-on-year, related payments increased over 600%, and AI-linked scams extracted $3.2m per operation versus $719,000 for operations without an AI vendor link. It cited the E-ZPass phishing campaign tied to the Smishing Triad and a multimillion-dollar Coinbase operation as examples of the expanding fraud pattern.
Show sources
- Impersonation Fraud Drives Record $17bn in Crypto Losses — www.infosecurity-magazine.com — 14.01.2026 12:00
- Impersonation Fraud Drives Record $17bn in Crypto Losses — www.infosecurity-magazine.com — 14.01.2026 12:00
- Scam Abuses Gemini Chatbots to Convince People to Buy Fake Crypto — www.darkreading.com — 18.02.2026 23:47