Scams

In 2026, the FBI arrested John "Lick" Daghita in the Caribbean on accusations that he diverted $46 million in seized crypto assets from US Marshals Service wallets via his role at Command Services & Support, Inc. Investigations tied his addresses to funds allegedly siphoned in 2024 after he reportedly boasted about the theft to another offender. The case emerges amid broader crypto crime trends, including billions in stolen assets, large exchange hacks and growing threats from malware and operational security failures.

On March 5, 2026, FBI Director Kash Patel announced that John "Lick" Daghita was arrested on Saint Martin in a joint operation with French tactical units over an alleged multimillion-dollar crypto theft. Investigators allege he siphoned more than $46 million in digital assets from wallets managed for the U.S. Marshals Service by Command Services & Support, a firm owned by his father. Blockchain sleuth ZachXBT linked his on-chain activity and Telegram persona after Daghita flaunted about $23 million in wallets during group chats.

On March 5, 2026, Rebound Orthopedics & Neurosurgery agreed to a multi-million dollar class action settlement following a February 2024 security breach that exposed data on 426,536 patients. The deal includes a $2.5 million fund, two years of CyEx Medical Shield Complete and up to $5,000 for documented losses, with claims due by May 28th.

On March 5 2026, Dubai’s Virtual Asset Regulatory Authority issued a market alert against Kucoin Exchange and related entities operating under the Kucoin brand, citing unlicensed virtual asset services offered to Dubai residents. The regulator ordered Kucoin to cease all unauthorized crypto activities in or from Dubai and warned that unlicensed providers could expose consumers to financial and legal risks. Kucoin had previously obtained a MiCAR license in Austria in early 2026, but in February 2026 the Austrian Financial Market Authority barred KuCoin EU from onboarding new business over anti-money laundering compliance breaches.

Google's threat intelligence team reported that a new exploit kit dubbed "Coruna" targets iPhones running iOS 13.0 to 17.2.1 and has been used on fake crypto websites to capture wallet seed phrases. The toolkit, first identified in February 2025, contains multiple iOS exploit chains and was later found on spoofed Chinese financial and exchange sites seeking user funds and sensitive data. Security researchers say the tool may be linked to surveillance customers, while some industry experts dispute claims it originated from US intelligence code.

In an international operation on March 3 and 4, law enforcement agencies led by the FBI and Europol dismantled LeakBase, a cybercrime forum with more than 142,000 registered members and over 215,000 messages. Authorities in 14 countries seized user accounts, payment details and IP logs, issued prevention notices and replaced the site with seizure banners. LeakBase's predecessor Raidforums, which was shut down in 2022, had previously hosted leaked personal data of roughly 272,000 users of Ledger's crypto wallet service.

On Wednesday, Europol said a coalition including Coinbase and Microsoft dismantled key infrastructure of Tycoon 2FA, a phishing‑as‑a‑service platform used to bypass multi‑factor authentication. By mid‑2025, Tycoon 2FA represented 62% of phishing attempts blocked by Microsoft, with more than 30 million malicious emails in a single month, and Coinbase traced blockchain transactions linked to the alleged operator and customers.

Bybit reported that its AI-based fraud prevention framework intercepted and recovered $300 million tied to impersonation and other scams in 2025, protecting thousands of account holders. The exchange also said its models flagged hundreds of risky addresses, blocked more than 3 million credential-stuffing attempts, and structured scam response into a three-tier risk system.

Between December 8, 2025 and January 30, 2026, Binance worked with Interpol, Afripol and law enforcement in 16 African countries on Operation Red Card 2.0, which led to 651 arrests and the recovery of $4.3 million tied to scam networks linked to over $45 million in losses. The exchange is also challenging a Wall Street Journal article it calls inaccurate and defamatory, while highlighting expanded compliance resources and its role in responding to more than 71,000 law enforcement requests in the previous year.

In the fourth quarter of 2025, Bybit reported that its AI-assisted risk monitoring system disrupted or stopped more than $300 million in suspected scam-related withdrawals. The platform said around $500 million in withdrawals were flagged overall, protecting over 4,000 users, many of whom canceled transfers after receiving real-time alerts.