The State of Crypto Scams in 2025

The rapid growth of the cryptocurrency ecosystem over the years coincides with an unfortunate reality – a proportional growth rate in sophisticated scams. But financial scams predate the advent of digital assets, having existed for thousands of years. From the Greek sea merchant Hegestratos’ attempt to sink his own ship to claim insurance in 300 BC, to Charles Ponzi’s scheme in the 1920s, to modern-day cybercrimes. 

These scams have continuously adapted to the ever-changing financial systems and technologies, typically exploiting market vulnerabilities, capitalizing on FOMO, and preying on individuals’ trust and greed for quick riches. 

When it comes to crypto, the perpetrators use the same spiel but with advanced AI-powered techniques and deepfakes, and psychological manipulation to defraud unsuspecting users. Understanding the current threat landscape is key to safeguarding your crypto assets and maintaining a healthy crypto ecosystem.

In this article, Ledger Academy dives deep into how crypto scams trick users and how to mitigate them. Let’s delve in.

What Is the Scale of Crypto Scams in 2025?

According to a Chainalysis report, in 2024 alone, approximately 0.14% of the total on-chain transaction volume was associated with illegal activities, including scams, money laundering, and hacks. That year, an estimated range between $41 billion to $51 billion went to illicit addresses, with scam addresses pulling in about $12 billion.

Fast forward to the first half of 2025, and investors have already lost nearly $3.1 billion to cryptocurrency scams and hacks, according to a report from blockchain security firm Hacken. Compared to bank-related scams, such as bank impersonation scams, fake text messages (smishing), and wire transfer scams, which face tighter regulations, the decentralized nature of cryptocurrencies escalates the challenge of tracing the stolen funds.

That said, the anonymity, cross-border operations, and irreversible nature of blockchain transactions make the likelihood of capture low, contributing to the growing popularity of crypto scams. What’s more, the high reward-to-effort ratio and the fact that the prosecution rate for crypto scams is relatively low further embolden crypto scammers.

Let’s explore the most common crypto scam techniques in 2025.

1. Social Engineering Scam in Crypto

Social engineering is a deceptive tactic that exploits human psychology, rather than code vulnerabilities, to gain unauthorized access to sensitive information, such as the victim’s crypto wallet or account. It takes charge as the most successful attack vector, where scammers pose as trusted entities, such as popular exchanges, customer support, or influencers, to defraud unsuspecting users.

This type of attack has evolved from simple email phishing techniques into a more advanced, precise, and personalized approach. As such, a typical social engineering scam utilizes three fronts:

1. Disguise authority – Scammers often present themselves as reliable entities to gain your trust. As such, they can pose as support agents, customer service, organization officials, or even express a love interest.
2. Create a sense of urgency – By fostering a sense of urgency, such as account anomalies, irregular fund withdrawals, investment opportunities, or time-sensitive crypto airdrops, the scammers create a fear-of-missing-out (FOMO) mentality or a sense of tension and anxiety.
3. Create a self-sustaining trust system – The scammers may lure you into fake groups/channels or impersonate Key Opinion Leaders (KOL) or friends to gradually pull you into their trap.

For example, in May 2025, Coinbase reportedly faced a social engineering scam, where bad actors bribed a small group of insiders to leak user data. The perpetrators used the acquired data to impersonate Coinbase staff, contacting their customer list and stealing over $45 million. They also demanded a $20 million ransom from Coinbase. 

The crypto exchange’s users technically lose approximately $300 million annually to social engineering scams.

Best Practices Against Social Engineering Scams

Social engineers technically manipulate human weaknesses, such as curiosity, greed, and fear, to trick their victims. While completely preventing them from approaching you is impossible, you can effectively eliminate the chances of falling prey to their ploys.

• Referring to official channels for accurate information – Always verify email addresses, Twitter accounts, Telegram channels, and Discord groups on the platform’s official website.
• Not your keys, not your coins – This is not just a mantra, but a call for vigilance. Any legitimate crypto platform or project will never ask for your secret recovery phrase (SRP) or private keys. In addition, always be wary when approving smart contract interactions.
• Diversifying your portfolio across multi-sig wallets – By properly segregating your assets, you can isolate wallets for everyday transactions, investments, and long-term storage, each with separate multi-signature protection.
• Enable anti-phishing protection – Installing anti-phishing plugins intercepts any flagged malicious links and phishing sites/emails.
• Delaying reaction time before acting – Implementing a cooling-off period (like 5 minutes, an hour, or 24 hours) before taking any action allows you to reassess your situation with a clear mind. Remaining calm destroys the sense of urgency that social engineers create.

2. Malware in Crypto

Cryptocurrency malware, short for malicious software, is code designed to infiltrate or intentionally hijack your computer resources. Usually, malware sneaks into the system without your permission and without you noticing via malicious links, downloads, or fake apps. 

In other words, it operates stealthily in the background, making it highly lucrative for cybercriminals. The attackers aim to achieve different objectives, such as financial profits, espionage, extortion, remote system control, dissemination of illegal information, data deletion, or disabling activities.

The modus operandi of malware involves several stages. First, the attacker tricks the user into clicking a malicious link or agreeing to install fraudulent software on their computer. They may also exploit software vulnerabilities that haven’t been patched to install the malware without the victim’s consent.

Once compromised, the malware slowly spreads itself on the victim’s device, gradually draining funds from the user’s wallet or performing other malicious activities. 

The malware may infiltrate your device in different forms based on the malicious intention. This includes:

• Keylogger – A type of surveillance malware that tracks and records your every keystroke to steal sensitive information such as passwords and financial details.
• Clipboard hijackers – Programs that monitor your clipboard for wallet addresses and replace them with the attacker’s addresses. This tricks the users into sending funds to the attacker, thinking they’re the intended recipients.
• Memory scrapers – An advanced malware that scans your device’s memory for private keys, SRP, and other sensitive information.
• Rootkit – A malware that overrides a system’s administrator privileges and conceals itself from detection.
• Ransomware – A type of malware that encrypts the victim’s files or hard drive, rendering them inaccessible. The victim is then forced to pay some ‘ransom’ to recover access to their data. Popular ransomware includes LockBit Ransomware, Blackcat Ransomware, and Everest Ransomware.
• Cryptojacking – Also known as malicious cryptomining, cryptojacking involves stealing and exploiting a victim’s computing resources to illicitly mine cryptocurrencies.

How to Prevent Malware Attacks

• Hardware wallets integration – Hardware wallets like Ledger Nano X and Ledger Stax typically isolate your private keys from internet-linked devices. Your funds remain secure even if your computer is infected with malware. Security is only compromised if you connect your Ledger device to the infected computer and sign a transaction on both the computer and the hardware wallet.
• Download software from official sources – Ensure you verify sources or domain names for intentional typos before downloading software or clicking on links.
• Install and regularly update anti-malware software – Regular security audits, such as periodically scanning your online-connected devices with updated anti-virus and anti-malware software, allow you to detect suspicious processes and network traffic.

3. Address Poisoning Scam in Crypto

With address poisoning, the fraudster exploits the victim’s tendency to copy-paste wallet addresses from transaction history rather than typing every digit. The scammer sends small amounts of crypto or NFTs to your wallet address, typically creating a “poisoned” transaction in your transaction history.

To explain further, the attackers send negligible funds to the user’s address through fake contracts, zero-value transfers, or dust transaction attacks. In zero-value transfer scams, the attacker doesn’t send any tokens, but the transaction is still recorded on the blockchain. Dust transactions, on the other hand, involve sending transactions whose value is less than the transaction fees required to process them. Either way, the spoofed address appears at the top of your transaction history.

By inserting a malicious vanity address that closely resembles a real one (with the first and last few characters matching) in your transaction history, the scammer hopes to trick you into copying and pasting their address instead of the intended recipient’s. If successful, you end up sending funds directly to the fraudster’s wallet.

How to Protect Yourself Against Address Poisoning

Some of the ways to stay safe from address poisoning include:

• Establishing a contact list or address book – Creating a contact list of the verified recipient wallets that you frequently transact with significantly reduces the probability of falling prey to this sort of scam.
• Using a name service – Domain name services (DNS), such as Ethereum Name Service (ENS), adds an extra layer of security. Additionally, name services allow you to shorten the length of wallet addresses, allowing you to interact with human-readable addresses rather than long hexadecimal addresses. This makes it easier to verify and challenging to spoof.
• Generating new wallet addresses for each transaction – Using fresh addresses every time, even when transacting with the same recipient, makes it difficult to poison your transaction history.
• Double-checking addresses – When confirming wallet addresses, users easily overlook the middle characters and verify only the first and last few characters. And this is what the attackers bank on. Most wallets also hide the middle characters. Carefully verifying the entire recipient address, character by character, against a trusted source before sending funds helps mitigate address spoofing.

4. SIM Swap Attacks: When Your Phone Becomes Your Achilles’ Heel

When it comes to SIM swapping, your phone number becomes the attacker’s primary weapon. It bypasses the conventional security countermeasures and directly tricks the mobile phone provider into transferring your SIM card information to one they control.

SIM swapping attacks in crypto exploit a vulnerability in SMS-based two-factor authentication (2FA). Initially, the attacker identifies their target and seeks their personal details, such as their official name, phone number, carrier, and perhaps clues to answers to security questions. Next, they utilize social engineering tactics to contact the mobile carrier, posing as the victim.

The attacker provides the victim’s details to convince the carrier to transfer the victim’s SIM card details to a new one. Upon successfully convincing the carrier, the mobile carrier might issue a new SIM card without adequately verifying the request.

With the victim’s phone number in their control, the scammer can intercept SMS messages and phone calls, including authentication codes to the victim’s wallet. Moreover, they can use these details to reset passwords or access social media, emails, and financial accounts.

SIM Swapping Attacks Countermeasures

Some of the best practices against SIM swapping attempts include:

• Use authentication apps over SMS-based 2FA – Avoid relying on SMS-based 2FA alone. Instead, utilize more secure choices like authentication apps, hardware wallets, and hardware tokens.
• Keep personal information private – Limit how much sensitive data or personal information you share on social media. 
• Establish account takeover countermeasures – Setting a strong SIM card PIN and enabling account takeover protection makes it difficult for the attacker to swap your SIM card.
• Set up alerts for suspicious activities – Regularly monitor activities on your account for abnormalities, such as unauthorized reset notifications and abrupt network disconnection, and be wary of phishing attempts.

5. $5 Wrench Attack: When Crypto Faces Physical Threats

One would expect that with the sophistication of scams in 2025, physical threats would be obsolete. However, that is not the case with the $5 wrench attack. 

$5 wrench attacks serve as a stark reminder that even in the age of advanced cybersecurity and AI deepfakes, physical threats can still undermine the security of the most sophisticated cryptocurrency systems. 

This attack gets its name from the hypothetical scenario that it depicts: an attacker threatening to physically harm a user witha $5 wrench unless they transfer funds or reveal their password, private keys, or SRP. Although humorously coined after a hypothetical situation, it underscores a serious security flaw regarding the physical safety and psychological resilience of users rather than the weakness of digital encryption.

How to Protect Yourself Against Physical Attacks

The $5 wrench attack is the most primitive type of cryptocurrency scam since it involves physical threats or the use of force to steal your crypto. This means it exploits the human element rather than technical vulnerabilities.

For your physical safety and digital assets security:

• Never disclose your crypto reserve online – Bragging about your crypto holdings, gains, or trades online, or publicly, is akin to “painting a target on your back.” Avoid drawing attention to your crypto reserve and instead maintain a low profile. If this information reaches the wrong person, it could place you in a difficult position.
• Create decoy wallets – A dummy hardware wallet serves as a separate wallet with a different set of keys. It contains just enough digital assets to satisfy the attacker, but not all of your assets.
• Enhance your home security – A crucial step for everyone, not just cryptocurrency owners.
• Geographic diversification – Implementing multi-sig wallets and dispersing your private keys to different physical locations gives you time to find a solution for the attack, even under physical duress.

6. Malicious Browser Extensions

Unlike traditional phishing scams that rely on fake emails or websites to steal user credentials, malicious browser extensions use crypto drainers to deceive users into signing fraudulent transactions. 

These extensions, equipped with malicious smart contracts or scripts, are designed to trick victims into connecting their browser-based crypto wallets. Unsuspecting users usually grant these extensions permissions without carefully reading the access privileges, allowing them to read and write data. 

Once connected, the malicious scripts can modify transaction details in real-time. This includes changing the recipient address, transaction amount, and smart contract parameters, before you approve a transaction. And before you know it, you have inadvertently authorized a transaction to the fraudster’s address.

Furthermore, some extensions can create visually convincing interfaces to overlay the real website. The fake interfaces trick unsuspecting users into entering private keys, seed phrases, or other sensitive information.

Using hardware wallets over browser-based wallets greatly reduces the risks posed by browser-based attack vectors. Alternatively, preventing such attacks can be as simple as installing extensions only from verified and trusted sources.

Looking Forward: The Evolution of Cryptocurrency Security

Cryptocurrency scams are becoming more and more lucrative as the adoption and value of cryptocurrencies increase. The advancement in technology also contributes to this growing concern, with AI-powered chatbots and deepfakes used to impersonate customer support agents, friends, or influential individuals in the space. In addition, privacy coins and cross-chain swaps make it easier for scammers to evade tracing and regulations.

But when all is said and done, the key to your crypto security is to remain vigilant. You never know where an attack will come from, whether remotely or from your physical surroundings. Verify everything, use hardware wallets for extra security, and be skeptical about too-good-to-be-true investment opportunities.