The latest crypto crime data shows fraud has industrialized, powered by cheap AI tools and professional money laundering networks, but better detection is also revealing the true scale of the problem.
For a long time, crypto scams were easy to dismiss as fringe activity. Someone copying a website, someone else sending sloppy emails, a few unlucky victims. The Chainalysis report makes it clear that the era is over. What exists now looks less like improvisation and more like coordination. In 2025, on-chain scam activity reached at least $14 billion, and Chainalysis believes the real figure could land closer to $17 billion once attribution gaps close. That number matters, but what matters more is how that money was made.
The alarming numbers behind the industrial shift
Two figures in the Chainalysis report explain the shift better than any abstract description. Impersonation scams surged by 1,400 percent in a single year. These are scams where criminals pretend to be government offices, banks, or exchange support teams. At the same time, operations that made direct use of AI tools earned far more money. On average, those scams pulled in $3.2 million, compared with $719,000 for operations that did not use AI.
That difference reflects leverage. AI removes the friction that once limited scale. Messages no longer need to be written by hand. Language barriers fade. Personal details can be stitched together quickly enough to sound convincing. The report describes higher operational efficiency and broader victim reach, but the practical effect is simpler. More attempts succeed, and they succeed faster.
Anatomy of a modern scam factory
One example in the Chainalysis report stands out: the “E-ZPass” phishing campaign. It did not operate like a single group running a single scam. It functioned more like a marketplace. A group called Lighthouse sold phishing kits that included fake websites and tools designed to avoid detection. The price was low, roughly $50 paid in cryptocurrency. Other actors handled text distribution at scale. Others specialized in cashing out or reselling stolen data.
Each piece was replaceable. Each role was specialized. That structure allows campaigns to expand without adding much risk to any single participant. In one instance, a single campaign reportedly sent 330,000 messages in one day and reached more than 1 million people globally. That kind of output does not happen accidentally.
The human element in the machine
Technology explains reach, but it does not fully explain success. One of the most damaging cases involved scammers posing as Coinbase customer support agents. What made the scheme work was not just automation but access. Investigators allege that a former Coinbase employee was bribed for customer information. With real names and account details in hand, scammers convinced victims to move funds to “secure” wallets. Nearly $16 million disappeared.
This pattern shows up repeatedly. AI helps scale the scam, but human trust and human access still close the deal.
A glimmer of progress in the data
The Chainalysis report also captures something else: momentum on enforcement. Law enforcement seizures hit record levels. UK authorities recovered 61,000 bitcoin. A coordinated international operation shut down a Cambodian scam compound linked to $15 billion in illicit funds, a sign that authorities are getting better at following the money.
Unlike traditional financial crime, blockchain activity does not disappear with time. Every transaction leaves a trail. As analytical tools improve, more of that hidden activity comes into view. Part of the rising totals reflects clearer sight rather than a sudden explosion in crime. Losses that once went unnoticed are now being uncovered and recorded.
What comes next?
The direction is not subtle. As one security researcher monitoring criminal Telegram channels noted, nearly every part of a scam operation is now available for purchase. Phishing design. Hosting. Spamming. Cash pickup. Goods purchasing. Stablecoins grease the entire system.
That reality shifts responsibility in two directions. Individuals need to assume that unsolicited messages are untrustworthy by default, especially those that demand urgency. The ecosystem, meanwhile, faces a longer fight. Better real-time fraud detection, sustained pressure on enabling infrastructure, and deeper international cooperation are no longer optional.
The Chainalysis report leaves little room for nostalgia. Crypto fraud is no longer a cottage industry. It operates like a business, and it needs to be confronted as one.
