Scams

On January 6, Cambodian authorities arrested businessman Chen Zhi and deported him to China, where he is accused of running a large‑scale crypto scam and money laundering network tied to a 127,000 BTC seizure worth around $15 billion. Chen, founder of Cambodia-based Prince Group, now faces potential prosecution under Chinese law, as investigators detail how funds allegedly flowed through shell companies, exchanges, and mining operations. Regulators and crypto firms have been working to trace and freeze assets, with reported U.S. losses from similar “pig-butchering” schemes reaching $3.6 billion in 2024.

Arkham Intelligence data indicates that crypto wallets associated with the US Government transferred more than $225 million in USDT, funds allegedly seized from pig-butchering fraud schemes. The size of the transfer aligns with a stablecoin seizure exceeding $225 million that the US Department of Justice disclosed in June 2025, linked to a large money-laundering network and hundreds of victims. Court documents describe how US Secret Service and FBI investigators traced hundreds of thousands of crypto transactions as part of the operation.

On January 5, Ledger informed customers that its e-commerce partner Global-e suffered a breach exposing names, emails, phone numbers, and order details. Soon after, phishing emails falsely promoting a Ledger–Trezor merger urged users to enter 24-word recovery phrases on a spoofed site. Global-e confirmed the incident was limited to contact and order data and is investigating with cybersecurity experts.

The Flow Foundation published a technical post-mortem on Tuesday detailing a Dec. 27 protocol exploit that enabled counterfeit tokens, with confirmed losses of about $3.9 million. Validators halted the network within six hours and resumed operations two days later under a governance-approved recovery that preserved legitimate history and destroyed fake assets.

On Jan. 5, Ledger informed customers that a breach at its third‑party payment processor Global‑e exposed names, contact details, and order information, while leaving hardware wallets, passwords, and 24‑word recovery phrases untouched. Although no crypto assets were directly compromised, past incidents show that such personal data dumps can fuel long‑running phishing, extortion, and even physical robbery attempts that target confirmed hardware wallet owners. The latest leak renews scrutiny of the broader commerce infrastructure around self‑custody and highlights the offline risks created when shipping and billing data is linked to crypto holdings.

On 05 Jan 2026, MetaMask users were warned about a new phishing campaign that mimics two-factor authentication checks to steal seed phrases. Attackers use typosquatted domains and countdown-style warnings to pressure victims into entering full wallet recovery phrases. Once obtained, the scammers import the wallets and rapidly drain user funds.

On 5 January 2026, hardware wallet provider Ledger informed users that customer data had been exposed via a breach at its payment processor Global-e. Names and contact information were accessed, while private keys, recovery phrases and on-chain funds reportedly stayed secure. The incident renews concerns about third-party vendor risks and the potential for targeted phishing attacks against crypto users.

Onchain investigator ZachXBT said a Coinbase support impersonation operation stole roughly $2 million in crypto, traced through onchain activity and social media artifacts. The FBI reported more than $16 billion in internet crime losses in 2024, underscoring the role of social engineering; Coinbase reiterates it never requests passwords, 2FA, seed phrases, or transfers to a safe address.

On January 5, 2026, a phishing campaign impersonating MetaMask support pushed a fake two‑factor authentication process to harvest recovery phrases. SlowMist's CSO described the operation as highly polished, with look‑alike domains and branded emails. Although 2025's phishing losses fell from nearly $494 million to about $84 million, attackers are reappearing with refined tactics.

Turkish exchange BtcTurk disclosed a hot wallet breach draining about $48 million across Ethereum, Arbitrum, and Polygon. The platform paused withdrawals and began internal checks, stating most customer assets reside in cold storage. Security specialists caution that follow‑up phishing attempts may target users in the aftermath.