Here's all the advice 3 blockchain detectives have on how to protect yourself from crypto scammers
Scam activity in the crypto world has grown 24% annually since 2020.
Losses from crypto fraud reached $3.96 billion in 2023, up 335% from 2021.
Crypto scams are booming.
Luckily, there are crypto detectives and blockchain sleuths who track down stolen funds and help those who suspect they've been defrauded.
The business of these investigators has flourished in recent years, three of them told Business Insider, in part because scams in the crypto sphere are becoming more sophisticated and even harder for even intelligent, computer-savvy people to avoid.
Cryptocurrency crime has skyrocketed in recent years. Losses stemming from crypto investment frauds, the most common type of crypto scam, ballooned to $3.96 billion in 2023, according to data from the FBI, up 335% in two years.
Scam activity has grown an average of 24% year-over-year since the pandemic, with bad actors likely pulling in a record $12.4 billion in revenue last year, according to estimates from the analytics firm Chainalysis.
Here are investigators' top tips on how you can protect yourself from crypto scammers.
First things first: be aware that talking to strangers on the internet isn't exactly safe to begin with.
The vast majority of fraud takes place online — a digital jungle where it's hard, even for intelligent, experienced investors to tell what's a hoax and what's the real deal, according to John Powers, the president of the financial investigations firm Hudson Intelligence.
Powers, who worked as a PI for years prior to doing investigative work on the blockchain, thinks scams are becoming so good they're defining a new era of con-artistry.
"We've moved beyond the Nigerian 419 scams where the prince was contacting you by email," Powers told BI in an interview. "We're in a much different and more subtle and sophisticated place now. And it turns out that chatting online with random strangers is not necessarily a low-risk activity, especially if that seeming casual contact is actually just the tip of the spear."
He recommends people maintain healthy skepticism, particularly when talking to people or making investments online.
The risk is evident in the numbers. Pig butchering scams — one type of fraud where a scammer establishes an online relationship with someone before asking them to invest or send money — have been on the rise, with revenue from this type of fraud soaring 40% in 2024, according to Chainalysis.
Joe Greenfield, the chief forensic examiner at the investigative firm Maryman, strongly urges investors not to take anything at face value. Before sending over any info or money on the blockchain, you should check out everything you can about the situation, like researching the investment, calling the person directly, or even showing the exchange to another person in your life to get another pair of eyes on the situation.
"Assume in today's day and age that everything is a fraud. Everything's a scam until you prove otherwise to yourself," Greenfield said.
There's no such thing as a crypto exchange withholding your funds for tax reasons. There's also no such thing as an exchange requiring you to send in a fee in order to withdraw your money.
But those are common examples of fraudulent expenses scammers come up with to extort money out of their victims, according to Kyla Curley, a partner at the professional services firm StoneTurn who frequently investigates financial fraud.
Curley says she often sees clients who had been unknowingly defrauded for months, due to a scammer repeatedly making small financial asks.
In pig butchering schemes, victims can also be roped into fake relationships that involve sending payments for months — or sometimes, years —before victims finally realize they've been scammed, Greenfield adds.
"It can drag for some time before people realize, like, oh shoot. They're asking me for more money again. Maybe this isn't right."
One nightmare scenario Greenfield frequently investigates is when investors wake up and realize that their crypto wallets have been emptied overnight.
In many cases, the theft was made possible by cybersecurity weaknesses within the person's crypto storage, such as by using a cloud-based wallet, weak passwords, and setting up SMS authentication instead of an app-based verification method.
For the strongest security, he recommends using a cold storage wallet, using app-based authentication on sensitive accounts when possible, and following best-practices when it comes to picking a password.
"We've seen hundreds of millions of dollars stolen that way," he said of cases stemming from cybersecurity vulnerabilities.
Fraud victims, often strung along for months, frequently come to the realization that they've been scammed far too late. Sometimes, they choose to remain silent and not get help due to embarrassment or shame, Powers said.
But it's most useful if people get help right away.
"The sooner, the better, the faster that we can try to work with the client, try to work with the online provider if they've got one for these online wallets and their legal counsel," Greenfield said.
Curley says scam victims will also need the help of an attorney or law enforcement if they hope to recover some of their funds. Once an investigation finds a wallet on an exchange with the stolen funds, the exchange needs a subpoena order to release private information about who owns the wallet.
Be aware of how costly help could be. It's common for attorney and investigator fees to rack up in the thousands, according Powers. He added that his firm typically does not take on fraud victims who have lost less than $100,000 in crypto, which he said was in clients' financial best interests.
Curley estimates that around 20% of cases she oversees will end with a client getting at least some money back.
Unfortunately, Curley also expects scams to become more sophisticated and damaging over time, due to how rapidly scams evolve.
"It's really, really hard for probably 90% of the population to identify or even be in tune with," she said of the sophistication of some scams out there. "I think, again, with AI, we all know that's just going to get much much worse."
Read the original article on Business Insider
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
TechCrunch
13 minutes ago
- TechCrunch
Allianz Life says ‘majority' of customers' personal data stolen in cyberattack
U.S. insurance giant Allianz Life has confirmed to TechCrunch that hackers stole the personal information of the 'majority' of its customers, financial professionals, and employees during a mid-July data breach. The company disclosed the data breach on Saturday in a legally required filing with Maine's attorney general, but did not immediately provide a number of how many Allianz Life customers are affected. Its parent company, Allianz, has more than 125 million private and corporate customers worldwide, according to its website. When reached by TechCrunch, Allianz Life spokesperson Brett Weinberg confirmed the breach. 'On July 16, 2025, a malicious threat actor gained access to a third-party, cloud-based CRM system used by Allianz Life,' referring to a customer relationship management (CRM) database containing information on its customers. 'The threat actor was able to obtain personally identifiable data related to the majority of Allianz Life's customers, financial professionals, and select Allianz Life employees, using a social engineering technique,' the spokesperson said. Allianz Life said it notified the FBI, and added it had 'no evidence' that any other systems on its network were compromised. The insurance giant would not say if it had received any communication from the hackers, such as a ransom note. The company also would not attribute the breach to a hacking group. Allianz Life is the latest company in the past month to have been hacked during a wave of data breaches targeting the wider insurance industry, including Aflac, a major provider of supplementary health insurance. Security researchers at Google said in June that they were 'aware of multiple intrusions' across the insurance sector attributed to Scattered Spider, a collective of hackers and techniques that rely on social engineering techniques, such as deceptively calling and tricking helpdesks into granting them access to a company's network. Prior to targeting insurance companies, the Scattered Spider hackers were seen targeting the U.K. retail industry, as well as the aviation and transportation sectors, and are historically known for hacks targeting Silicon Valley technology giants. Per the Maine filing, Allianz plans to begin notifying affected individuals around August 1. Do you know more about the Allianz Life cyberattack? Are you an affected customer or employee? Securely contact this reporter via encrypted message at zackwhittaker.1337 on Signal.
Yahoo
an hour ago
- Yahoo
Scams, forgotten passwords, and lost fortunes: Meet the digital locksmith who helps people get their bitcoin back
Crypto prices are surging, and so are cases of lost crypto keys and crypto scams. Crypto recovery specialist Julia Burlingham is seeing a business boom as a result. Here's what happens if you lose access to your crypto wallet. Forgetting your Instagram password is annoying. Forgetting your crypto wallet password could be devastating. Crypto owners don't have the luxury of emailing themselves a password reset link if they're locked out of their self-custody wallet. It's an issue that's becoming bigger as bitcoin and other cryptos surge in price and crypto holders scramble to retrieve previously abandoned wallets. For Julia Burlingham, who owns the business Professional Crypto Recovery, business is booming. "When the price of bitcoin goes up, my phone rings all day," Burlingham told Business Insider. Burlingham started her business five years ago, after helping her brother recover his dogecoin during the memecoin's heyday. According to Burlingham, she was able to unlock his wallet, where an initial $300 investment had grown to $6,000. She's seen it all, from people who inherit locked crypto wallets to those who have misplaced their seed phrase. Here's what it's like inside the world of crypto recovery. How does crypto storage work? There are two main ways of holding crypto: on an exchange like Coinbase, or through self-custody using your own crypto wallet. While self-custody provides more control and privacy, the responsibility of securing the wallet lies in — as the name implies — yourself. Setting up a self-custody wallet generates a seed phrase of 12 or 24 random words that encodes your private key. People often write the seed phrase down with pen and paper, according to Jess Houlgrave, CEO at the digital asset startup Reown. Issues arise when that slip of paper isn't stored securely. "As soon as you're in the self-custodial realm, you need to be able to store and recover your seed phrase in order to be able to use the assets," Houlgrave told Business Insider. She's also seen people store their passkeys on Google Drive or password managers, which Houlgrave doesn't recommend, as those methods are susceptible to being hacked. Both Houlgrave and Burlingham mentioned that the LA wildfires earlier this year resulted in many people losing their seed phrases when their homes burned down. Last year, Reuters reported that some wallet recovery services saw requests for their services more than triple when bitcoin rose to $70,000. Now, with bitcoin prices firmly in six-figure territory, the stakes are even higher. A day in the life of a crypto locksmith Burlingham helps people with issues such as forgotten passwords, partial seed phrases, corrupted wallet files, or old wallets that no longer sync with the blockchains. Her clients range from original bitcoin investors who bought over a decade ago to people who just set up their accounts recently and suddenly lost access. "Depending on the wallet, sometimes you can brute force it," Burlingham said. It helps if you remember fragments of a password or seed phrase. "I'll ask for password clues and how they typically make their passwords," Burlingham added. Using specialized supercomputers with high GPU and CPU power, Burlingham runs password recovery tools that test millions of combinations. Because wallets and private keys are highly sensitive, she runs them on air-gapped computers, or machines that aren't connected to the internet. Burlingham also helps those who have been scammed of their crypto, a growing problem. According to a report by Chainalysis, more than $2 billion was stolen from cryptocurrency services already in 2025, surpassing the total for all of 2024. The recovery process can take months. One case that Burlingham started in November of last year took until this April to finish. Recovering crypto is also an energy intensive endeavor. "It's really high," Burlingham said of her electricity bill. "You have to have cooling systems because these machines produce a lot of heat." Lost crypto Unfortunately, sometimes, nothing can be done to recover the crypto. According to crypto wallet provider Ledger, it's estimated that between two and four million bitcoins are permanently lost. James Howell is an infamous example of this unlucky outcome — the IT worker accidentally threw away a hard drive containing 8,000 bitcoins back in 2013. In the case of crypto, an ounce of prevention is worth a pound — or several — of cure. Make multiple copies of your seed phrase and putting them into secure physical locations, such as a locked safe or bank vault, Burlingham recommends. And it may sound simple, but avoiding phishing links and keeping your seed phrase private are steps that many people still overlook. Read the original article on Business Insider
Forbes
2 hours ago
- Forbes
FBI Warning To 10 Million Android Users — Disconnect Your Devices Now
Discconnect now, FBI warns 10 million Android users. Update, July 26, 2025: This story, originally published on July 25, has been updated with a statement from the researchers which initially disclosed and disrupted the BadBox 2.0 operation that the FBI and Google are tackling head-on. In March, I reported that one of the largest botnets of its kind ever detected had impacted over a million Android devices. That massive attack was known as BadBox, but it has now been eclipsed by BadBox 2.0, with at least 10 million Android devices infected. Google has taken action to protect users as best it can, as well as launching legal action against the attackers, and the FBI has urged impacted users to disconnect their devices from the internet. Here's what you need to know. The FBI, Google And Others Warn Of Android BadBox 2.0 Attacks The FBI cybersecurity alert, I-060525-PSA, could not have been clearer: ongoing attacks are targeting everything from streaming devices, digital picture frames, third-party aftermarket automobile infotainment systems and other assorted home smart devices. The devices, all low-cost and uncertified, mostly originating in China, allow attackers to access your home network and beyond by, the FBI warned, 'configuring the product with malicious software prior to the user's purchase.' It has also been noted, however, that mandatory 'software updates' during the installation process can also install a malicious backdoor. Point Wild's Threat Intelligence Lat61 Team reverse-engineered the BadBox 2 infection chain and, as a result, uncovered new indicators of compromise that have been shared with global Computer Emergency Response Teams, as well as law enforcement. 'This Android-based malware is pre-installed in the firmware of low-cost IoT devices, smart TVs, TV boxes, tablets, before they even leave the factory,' Kiran Gaikwad from the LAT61 team said, 'It silently turns them into residential proxy nodes for criminal operations like click fraud, credential stuffing, and covert command and control (C2) routing.' Google, meanwhile, confirmed in a July 17 statement that it had 'filed a lawsuit in New York federal court against the botnet's perpetrators.' Google also said that it has 'updated Google Play Protect, Android's built-in malware and unwanted software protection, to automatically block BadBox-associated apps.' Human Security Behind Initial BadBox 2.0 Disclosure And Disruption Human Security, whose Satori Threat Intelligence and Research Team originally both disclosed and disrupted the BadBox 2.0 threat campaign, said at the time that researchers believed 'several threat actor groups participated in BadBox 2.0, each contributing to parts of the underlying infrastructure or the fraud modules that monetize the infected devices, including programmatic ad fraud, click fraud, proxyjacking, and creating and operating a botnet across 222 countries and territories.' If nothing else, that provides some context to the scale of this campaign. Now, Stu Solomon, the Human Security CEO, has issued the following statement: 'We applaud Google's decisive action against the cybercriminals behind the BadBox 2.0 botnet our team uncovered. This takedown marks a significant step forward in the ongoing battle to secure the internet from sophisticated fraud operations that hijack devices, steal money, and exploit consumers without their knowledge. Human's mission is to protect the integrity of the digital ecosystem by disrupting cybercrime at scale, and this effort exemplifies the power of collective defense. We're proud to have been deeply involved in this operation, working in close partnership with Google, TrendMicro, and the Shadowserver Foundation. Their collaboration has been invaluable in helping us expose and dismantle this threat.' FBI Recommendations And Mitigations — Disconnect Your Devices Now The FBI has recommended that Android users should be on the lookout for a number of potential clues that your Chinese-manufactured smart device could be infected with BadBox 2.0 malware. When it comes to mitigation, the advice is straightforward: users should 'consider disconnecting suspicious devices from their networks,' the FBI said.
