Scams

Pig-butchering crypto scams cultivate long-term trust, then funnel victims into fake digital asset platforms. In January 2026, losses reached $370.3 million, with social engineering accounting for about $311 million. Authorities are pursuing networks and laundering operations, but cross-border structures and encrypted channels complicate enforcement.

In a report published on Saturday, blockchain analytics firm Elliptic said five platforms—Bitpapa, ABCeX, Exmo, Rapira and Aifory Pro—are facilitating ruble-to-crypto conversions used by sanctioned Russian entities. Elliptic linked the network's rise to the March takedown of Garantex's website and highlighted flows including at least $11 billion at ABCeX, $19.5 million tied to Exmo, and $72 million involving Rapira.

In the week just concluded, the Shiba Inu team launched the SOU (Shib Owes You) NFT initiative to help users affected by last September's Shibarium hack. Following this, Shibarium-focused account Susbarium and team member Lucie warned that scammers are creating fake SOU portals and phishing links to drain wallets. Users are being reminded that SOU NFTs will not be airdropped and can only be claimed via the official SHIB website, and that they should avoid suspicious links and never share private keys or seed phrases.

On February 21, 2026, IoTeX disclosed that a private key tied to a token safe was compromised, enabling unauthorized asset transfers. On-chain data indicates roughly $8.8 million drained across multiple tokens, with funds moved into ETH and partially bridged to Bitcoin. IoTeX said preliminary assessments suggest the actual loss could be significantly lower than rumors.

On February 21, 2026, the FBI's Internet Crime Complaint Center highlighted a surge in ATM "jackpotting" attacks in the US. The agency says more than 1,900 incidents have been recorded since 2020, with over 700 cases in 2025 alone causing losses exceeding $20,000,000. Criminals allegedly use generic keys and malware to override bank authorization and trigger ATMs to dispense cash, prompting the FBI to urge financial institutions to strengthen physical and software security.

On February 20, 2026, Sam Bankman-Fried used a proxy to publish a "10 Myths" X thread from prison, disputing that FTX was insolvent and challenging aspects of his fraud case. He claimed customers are receiving 119%–143% of November 2022 claim values and rejected personal-life rumors, while critics point out his conviction stands and findings on customer fund misuse remain.

Darknet marketplaces and drug vendors took in nearly $2.6 billion in cryptocurrency in 2025, with inflows to drug-linked addresses slightly above $2.5 billion. From mid-2023, payments for fentanyl precursors fell sharply, and larger transfers over $500 correlated with worse Canadian health outcomes, underscoring how on-chain activity can act as an early warning for public health and enforcement.

Blockchain analytics firm TRM Labs reported that illicit entities received roughly $141 billion in stablecoins in 2025, the highest level in five years, driven mainly by sanctions-linked networks and large-scale money laundering. Sanctions-related activity made up 86% of all illicit crypto flows, with around $72 billion tied to the Russian ruble-pegged A7A5 token, while overall illicit use represented about 1% of an estimated $12 trillion in annual stablecoin transactions.

According to Global Ledger, hackers accelerated laundering in the second half of 2025, often moving funds within seconds and using mixers, DeFi, and bridges. Tornado Cash appeared in 42% of exploits, and average laundering time rose to 10.6 days. DeFi flows hit $732M in H2, while bridges routed $2.01B.

Address poisoning is a scam that tampers with a user's transaction history instead of attacking private keys, convincing victims to send funds to a maliciously crafted lookalike address. Incidents including a roughly 3.5 wBTC theft from a Phantom Chat phishing campaign in February 2026 and a $50 million USDT loss in 2025 show how interface design and user habits can lead to large losses. By abusing dust transfers, copy buttons and truncated address displays, attackers exploit behavior and wallet UX to make poisoned addresses appear trustworthy.