Social engineering scams were responsible for the majority of crypto-related incidents investigated in 2025, according to new findings from blockchain analytics firm AMLBot.
In a report shared with Cointelegraph, AMLBot revealed that 65% of the roughly 2,500 cases it handled last year were driven by access and response failures — not technical vulnerabilities in blockchains or smart contracts.
The data highlights a growing reality in the crypto space: hackers are increasingly targeting people rather than code.
Social Engineering Dominates Crypto Crime in 2025
AMLBot’s internal casework shows that most attacks stemmed from compromised devices, weak verification processes, delayed threat detection, and user error. Instead of exploiting blockchain flaws, scammers relied on manipulation tactics such as impersonation, phishing, and fake investment schemes.
Investment scams accounted for 25% of investigated cases, making them the most common category. Phishing attacks followed at 18%, while device compromises represented 13%.
Other notable fraud types included:
-
Pig-butchering scams (8%)
-
Over-the-counter (OTC) fraud (8%)
-
Chat-based impersonation scams (7%)
Phishing schemes remain particularly effective because they do not require advanced technical skills. Attackers simply trick victims into clicking fraudulent links or sharing sensitive information, including private wallet keys and recovery phrases.
The report makes clear that even as blockchain infrastructure becomes more secure, users remain the weakest link in the security chain.
Impersonation Scams Cost Millions
According to AMLBot, impersonation-related scams alone resulted in at least $9 million in stolen digital assets over the past three months.
Slava Demchuk, CEO of AMLBot, said attackers frequently pose as trusted entities such as exchange support teams, investment managers, or project representatives. These scams often begin with urgent messages requesting wallet access or immediate fund transfers.
Demchuk stressed that users should never share private keys or recovery phrases under any circumstances. He also warned investors to ignore urgent or pressure-based requests involving crypto transfers, as these are common tactics used in social engineering attacks.
The warning comes as crypto scam activity continues to rise. Blockchain security firm CertiK reported that scammers stole $370 million in January alone — the highest monthly loss in nearly a year.
Of that amount, $311 million was attributed to phishing scams. One particularly severe case involved a single victim losing approximately $284 million in a sophisticated social engineering attack.
