AI Deepfakes Fuel $4.6B Crypto Losses: Report

Bitget, SlowMist, and Elliptic dropped a joint June 2025 Anti-Scam Report – and the numbers are brutal. AI-generated deepfakes powered nearly 40% of all high-value crypto scams in 2024, leading to a staggering $4.6 billion in global losses.

From fake livestreams to impersonated CEOs, deepfake tech has become scammers' favorite weapon. The report warns this trend is accelerating fast, with AI tools making it cheaper and easier to fool even savvy investors.

Web3 users beware: if it talks like your favorite founder but asks for crypto – it might be a bot.

How Scammers Tricked Web3 in 2024–2025: The Top 5 Cons

Crypto fraud now blends AI advances with human psychology. Scammers exploit trust and tech gaps. They move fast and adapt tactics. Below are deeper looks at top schemes, with concrete cases and vivid details.

Deepfake Impersonation

Attackers now use AI to mimic voices and faces. They craft videos of CEOs or influencers pushing fake projects. They strip comments and add official logos to boost trust. In one case, a deepfake “CFO” tricked an employee into sending over $25 million in early 2024. Nearly 40% of high-value frauds in 2024 used deepfakes.

Hong Kong police arrested 31 suspects in a ring that stole HK$34 million via executive impersonation in Q1 2025, one of 87 rings shut down across Asia that quarter. These scams hit both individuals and firms. They sow doubt: can you trust any on-chain update or video call?

Social Engineering Schemes

Scammers prey on trust, fear, and FOMO. They send Trojan-laced job offers or fake partnership invites. They flood messaging apps and social feeds with phishing bots. Victims click links, install malware, or share private keys. Some see bogus KYC requests that harvest IDs. Others join fake staking apps and lose funds.

The U.S. CFTC flags AI “trading bots” promising huge returns but hiding backdoors. Security firms note polished fake platforms fool even seasoned users. These attacks start with a story and end with empty wallets. Who can resist a tailored invite? Yet one wrong click can cost thousands.

Ponzi-Style DeFi and NFT Fronts

Old Ponzi tricks wear new outfits. Scammers wrap classic schemes in DeFi, NFT, or GameFi branding. They promise high yields through yield farms or exclusive NFT drops. They hype viral referrals and influencer buzz. Total Value Locked (TVL) spikes briefly, then liquidity vanishes.

For example, groups behind “Leaper Finance” on Blast chain cycled through projects, stealing tens of millions in 2024 by rebranding on multiple chains. They used forged audits and fake metrics to lure investors. Each new name resets suspicion. Excitement around the “next big drop” fuels the trap. Before you jump in, ask: is this hype or a house of cards?

Deepfake + Zoom Phishing

Scammers send fake meeting invites with malware links. During calls, they deploy deepfake video to impersonate a colleague or expert. They demand “urgent transfers” for compliance or deals. Once devices are compromised, they steal keys or sensitive data.

Trend Micro warns video scams surged in 2024, targeting finance teams and investors. Seeing a familiar face on screen? That can lull you into trust. But AI makes it easy to fake presence. Question every unexpected invite. Verify separately before sharing any info.

AI-Arbitrage Bot Scams

“AI = easy money” is the bait. Fraudsters offer ChatGPT-labeled trading bots that promise auto-profits. They present fake IDE interfaces and step-by-step guides. Victims paste backdoored code and fund contracts, only to see deposits siphoned away.

SlowMist finds these scams cast a wide net with small inducements: many users lose tens or hundreds of dollars each – but volume yields big returns for scammers. The wider market saw at least $9.9 billion lost on-chain to scams in 2024, per Chainalysis. If it feels too effortless, think twice.

Check this out: Fast Money, Fake Riches—How Young Crypto Scammers Burn Out Fast

Scam Tactics and How to Outsmart Them

Below are fresh insights on evolving scams beyond deepfakes and basic phishing. We cut repeats and add new angles. Stay sharp.

KYC Bypass and Virtual Identity Scams

Scammers use AI to forge dynamic IDs and videos. They mimic KYC processes to hijack accounts. They may ask for live video “verifications” that combine victim photos with AI-generated footage.

• Signs

Requests for video calls or selfies via unofficial links; sudden prompts to “verify” identity on new platforms; messages claiming urgent policy changes requiring fresh KYC.

• Example

In early 2025, attackers used deepfake-generated “applicant” videos to slip past exchange KYC checks, then drained wallets. Bitget’s report notes rising AI-backed KYC fraud.

• Protection

Only submit KYC via official platform interfaces. Reject unsolicited KYC requests. If asked for live video, verify the request via known support channels. Use multi-factor checks (e.g., combining on-chain signature with off-chain ID) to block fakes.

Blockchain Address Poisoning

Attackers generate lookalike wallet addresses and “poison” a user’s history so the wrong address appears in recent lists. A small typo sends funds to scammers.

• Signs

Address in your wallet auto-completes but looks slightly off; sudden requests to reuse past addresses you haven’t interacted with recently.

• Example

Research shows 270 million poisoning attempts over two years, with at least $83.8 million stolen in 6,633 incidents. Victims sent funds to near-identical addresses after attackers polluted their history.

• Protection

Manually verify full addresses before sending funds. Use address book features with trusted addresses. Enable wallet warnings for address similarity. Double-check any auto-filled address, especially for large transfers.

Honeypot and Pi Xiu Token Traps

Scammers deploy tokens that let you buy but prevent selling (“Honeypot”). They label them with trendy names (e.g., “Pi Xiu”) and promise quick flips.

• Signs

You can purchase a token but sell fails; documentation is vague on sell mechanics; sudden spikes in token holders but no trading volume.

• Example

In late 2024, several Pi-Xiu-style tokens appeared on BSC and Avalanche. Users lured by “exclusive launches” got stuck with unsellable tokens.

• Protection

Attempt a small sell before large buys. Check token contract for sell restrictions. Use tools like Etherscan to read contract code or rely on audited reports. Avoid tokens with opaque mechanics.

Rebate and Airdrop Scams

Scammers promise rebates or airdrops in exchange for small gas fees or approvals. They harvest approvals or deploy malware.

• Signs

Messages claiming you qualify for an airdrop; instructions to approve spending or connect wallet to unfamiliar sites; requests for gas payment upfront.

• Example

In early 2025, phishing sites mimicked popular DeFi bridges, offering “refund airdrops” that triggered phishing scripts to capture keys.

• Protection

Verify airdrop announcements on official channels (project social media, website). Never approve unexpected contract interactions. Check community forums before claiming any reward.

Advanced Phishing with Lookalike Domains

Fraudsters register domains differing by one character or use homoglyphs. They clone interfaces of exchanges or wallets.

• Signs

URLs with subtle typos or strange TLDs; SSL certificate mismatches; email links that don’t match official domains; login pages asking for private keys directly.

• Example

Reports show crypto ATM scams where attackers sent SMS with links to fake exchange login pages, stealing credentials and funds.

• Protection

Bookmark official URLs. Inspect the domain closely. Use browser extensions that flag known phishing sites. Avoid logging in via links; type URLs manually.

Pig Butchering and Romance-Linked Scams

Scammers build long-term trust via chat or dating platforms, then push investment schemes. Losses balloon over months.

• Signs

New “friends” or matches quickly guide discussions to crypto opportunities; they share “insider” tips and ask to move to private channels; gradual requests for funds increase.

• Example

Chainalysis notes pig butchering scams grew nearly 40% in 2024, causing multi-million-dollar losses globally. Victims often chase back losses, sinking deeper.

• Protection

Beware investment talk early in new relationships. Keep personal and investment decisions separate. Verify any tip through independent research before acting. Involve a trusted advisor.

Smart Contract Audit Fraud

Scammers show fake audit badges or reports. They post attractive “audit summaries” without real security firm backing.

• Signs

Audit reports hosted on suspicious sites or GitHub repos without verifiable signatures; audit summaries lacking depth (e.g., “No issues found” without details); no link to auditor’s official page.

• Example

In 2024, analysts found several projects claiming audits by defunct firms; users trusted those and lost funds when hacks occurred.

• Protection

Verify audits via the auditor's official website. Look for detailed findings, code review results, and timestamped signatures. If unclear, treat the project as high risk.

Insider and Staff-Targeted Schemes

Attackers impersonate colleagues via email or chat, persuading staff to approve transactions or share credentials.

• Signs

Requests from a known colleague but through unusual channels or off-hours; urgent requests for fund transfers or credential sharing; changes in writing style or email domain quirks.

• Example

A mid-2024 case saw employees at a crypto fund tricked into approving a payment after a deepfake audio call from a “manager.”

• Protection

Implement strict verification for transaction approvals (e.g., dual sign-off, out-of-band confirmation). Educate staff about voice deepfake risks. Use secure internal communication tools.

Supply Chain and Dependency Attacks

Scammers inject malicious code into popular open-source libraries or wallets. Users unknowingly download compromised updates.

• Signs

Unexpected package updates; sudden changes in dependency behavior; updates without clear changelogs.

• Example

In 2024, attackers compromised a minor wallet library to include code that exfiltrated keys when users installed the updated package.

• Protection

Pin dependencies to known safe versions. Review update logs and changelogs carefully. Use reproducible builds. Employ code signing and vet open-source contributions.

Web3 users must question every unusual request. Pause before approving actions. Verify via multiple channels. Use hardware wallets and multi-factor authentication. 

Platforms should share threat intelligence, run real-time behavior analytics, and adopt AI detection for anomalies. Regulators will push stricter KYC/AML checks, slowing some flows but raising trust long term. Collective vigilance and layered defenses can outpace fraud and secure crypto’s future.

Read on: Crypto Heist 101: How Hackers Steal Millions in Crypto