Consent Preferences
Regulatory News

Surge in AI-Powered Crypto Scams

TLDR

  • Losses tied to AI deepfakes in crypto hit about 4.6 billion dollars in 2024, with investigators reporting at least 87 deepfake scam rings dismantled in early 2025.
  • Deepfake identity attacks exploded year over year. APAC rose 1,530 percent, and the Middle East and Africa rose 450 percent from 2022 to 2023.
  • Real cases span Hong Kong and across Asia, including a 46 million dollar deepfake crypto romance ring.
  • OTPs and weak KYC are prime targets. SIM swaps and MFA-bypass kits keep beating SMS or TOTP codes.
  • Stronger defenses pair passkeys with device binding such as an always-on module like ZSM, plus better onboarding checks and transaction signing bound to the user’s device. (Guidance aligns with NIST and regional regulators moving beyond OTPs.)

The numbers behind the surge

Global fraud kept climbing in 2024. The US FTC logged 12.5 billion dollars in consumer losses, up 25 percent year over year, with investment scams leading at 5.7 billion dollars. Crypto sits inside those investment losses and remains a favorite channel for scammers.

Within crypto specifically, a 2025 anti-scam report coauthored by Bitget, SlowMist, and Elliptic estimates deepfakes drove about 40 percent of high-value crypto scams in 2024, totaling roughly 4.6 billion dollars, and at least 87 deepfake scam rings were taken down in early 2025.

The growth rate in AI-enabled identity abuse is staggering. Sumsub reports a tenfold global jump in detected deepfakes from 2022 to 2023, including a 1,530 percent surge in APAC and 450 percent in the Middle East and Africa.

How criminals are using AI

Generative models speed social engineering in every language, while deepfake video and voice cloning increase believability in calls, livestreams, and KYC checks. Europol warns that organized groups now automate content, translation, and impersonation at scale. Voice cloning often needs only 30 to 90 seconds of audio and is appearing in vishing aimed at executives and crypto teams.

Injection and face-swap attacks also jumped. iProov’s threat reporting cites large increases in face swaps during online meetings in 2024, a pattern that maps to fraud rings using real-time deepfake overlays.

Real cases in the wild, with emphasis on APAC

  • Hong Kong police arrested 27 suspects in a deepfake-driven crypto romance ring worth about 46 million dollars, illustrating how AI personas shepherd victims into off-platform wallets and exchanges.
  • Hong Kong also saw high-profile deepfake video calls that tricked staff into multi-million-dollar transfers, showing how convincing executive impersonation can be.
  • Across Southeast Asia, investigative reporting shows scam compounds using AI assistants to localize pitches and quickly run crypto investment grifts at scale.
  • India has seen deepfake promo videos pushing investment schemes, part of a broader move to synthetic influencers that funnel victims toward crypto deposits.
  • UK and Canadian victims lost tens of millions to boiler rooms that mixed deepfakes, fake dashboards, and pressure tactics to extract crypto.

What these scams exploit

KYC gaps and synthetic credentials

Attackers now mint lifelike synthetic IDs and document forgeries that can slip past basic KYC. Reports highlight triple-digit growth in synthetic document fraud and sharp APAC increases year over year, which directly affects exchanges and wallets that rely on weak selfie or document checks.

OTPs and phishable MFA

SMS OTPs and TOTP codes remain easy prey. SIM-swap operations have emptied crypto accounts, and researchers disclosed TOTP brute-force weaknesses in mainstream MFA implementations. Off-the-shelf phishing kits now proxy MFA flows for criminals.

Keys and device posture

Compromised private keys made up the largest share of stolen crypto in 2024, and centralized services were increasingly targeted as the year progressed. Poor device hygiene and malware make account takeovers and wallet drains faster once social engineering lands.

Why device-bound, always-on authentication changes the math

Phishing-resistant passkeys replace codes with cryptographic challenges bound to the site’s domain. Recent NIST guidance recognizes properly implemented synced passkeys at AAL2, which makes them viable for high-risk consumer auth. When you pair passkeys with device binding an always-on secure module like ZSM you force every sensitive action to be cryptographically tied to a known device, not an interceptable channel. That closes the loop attackers rely on for OTP relay, SIM swaps, and AiTM proxies, and it adds durable signals for fraud engines without scraping or fingerprinting.

What to do now: a layered, crypto-specific checklist

Onboarding and KYC

  • Upgrade from static selfie checks to active liveness with deepfake and injection detection, including virtual camera and mask spotting. Validate government IDs with cryptographic or backend verification where available. Track repeated identity elements across applications to catch synthetic composites.
  • Route high-risk geos, devices, or funding instruments through enhanced verification, including second-device liveness or in-app notarized flows.
  • Align with FATF virtual-asset guidance on licensing, Travel Rule data, and cross-jurisdiction cooperation to reduce mule networks.

Account access

  • Make passkeys the default and remove SMS OTP as a primary factor. Regional regulators are already pushing beyond OTPs Singapore’s banks are phasing out SMS OTP for logins, and the Philippines’ central bank has told institutions to move to stronger methods.
  • Bind accounts to a registered device and keep the binding alive with an always-on module like ZSM. Use hardware-backed keys, key attestation where supported, and proof-of-possession checks during every session upgrade.
  • Kill AiTM and MFA-fatigue paths with channel binding, strict rate limiting on code entries, and resistant fallbacks. Retire email codes for anything sensitive.

Transaction approvals

  • Require on-device cryptographic confirmation that includes exact transaction details amount, asset, destination, network. Sign the payload on the bound device so an attacker cannot replay it from a proxy.
  • Add context-aware step up. Larger withdrawals, new devices, or first-time chains trigger an in-app passkey ceremony on the bound device, not an SMS.
  • Combine behavioral analytics velocity, unusual chain use, mixer or sanction risk with on-chain screening before broadcasting. Chainalysis and others show stolen-fund flows concentrating in specific vectors that risk engines can flag.

Org and ecosystem defenses

  • Train ops teams on AI-enabled social engineering and deepfake tells, including scripted callbacks and content watermark checks. Europol and bank case studies show cross-team response cuts losses.
  • Publish a hard-to-spoof support flow. Set public rules for what your team will never ask for, and move all recovery to in-app, device-bound flows.
  • Keep takedown muscle ready for fake livestreams and cloned social accounts, and coordinate with platforms and local cyber units that now recognize deepfake fraud patterns.

Closing thought

AI has handed criminals better scripts, perfect accents, and believable faces. The counter is to remove the weakest links attackers count on. When onboarding resists synthetics, account access defaults to passkeys, and every high-risk action is signed on a bound device with something like ZSM, the path from a convincing deepfake to a drained wallet gets much longer, louder, and easier to stop.

Sources: https://www.ftc.gov/news-events/news/press-releases/2025/03/new-ftc-data-show-big-jump-reported-losses-fraud-125-billion-2024 https://cointelegraph.com/news/bitget-deepfake-scam-rings-crackdown-asia-q1-2025 https://cryptonews.com/news/ai-deepfakes-crypto-scams-4-6b-surge-report/ https://sumsub.com/newsroom/sumsub-research-global-deepfake-incidents-surge-tenfold-from-2022-to-2023/ https://www.coindesk.com/policy/2024/10/16/hong-kong-police-bust-group-running-46m-crypto-investment-scam-using-deepfakes https://www.theguardian.com/money/2025/mar/05/deepfakes-cash-and-crypto-how-call-centre-scammers-duped-6000-people https://www.reuters.com/investigations/chatgpt-was-used-help-scammers-do-their-thing-asia-fraud-scheme-2025-09-15/ https://www.ft.com/content/b977e8d4-664c-4ae4-8a8e-eb93bdf785ea https://www.statista.com/chart/31901/countries-per-region-with-biggest-increases-in-deepfake-specific-fraud-cases/ https://www.iproov.com/reports/the-threat-of-deepfakes https://www.chainalysis.com/blog/2025-crypto-crime-report-introduction/ https://arstechnica.com/tech-policy/2024/01/sim-swapping-ring-stole-400m-in-crypto-from-a-us-company-officials-allege/ https://workos.com/blog/authquake-microsofts-mfa-system-vulnerable-to-totp-brute-force-attack https://csrc.nist.gov/News/2024/giving-nist-sp-80063b-a-boost https://fidoalliance.org/nist-cites-phishing-resistance-of-synced-passkeys-in-digital-identity-guidelines-update/ https://www.channelnewsasia.com/singapore/banks-phase-out-otps-login-phishing-scams-digital-tokens-4466786 https://bworldonline.com/top-stories/2025/02/04/650826/bsp-shift-from-obsolete-otps-to-more-secure-methods-needed/ https://www.fatf-gafi.org/en/publications/Fatfrecommendations/targeted-update-virtual-assets-vasps-2024.html

Maranda Manning
VP, Customer Success
Published
Sep 16, 2025
Share on:
Twitter
Linkedin
Blog

Similar Insight

View More
Business Value
Saudi & UAE: Strong Authentication as Advantage
By
Toby Rush
September 16, 2025
Business Value
Passkeys & the Public: Tackling Trust & Confusion in the Middle East
By
Toby Rush
September 16, 2025
Product
Stop Overspending on OTPs. Smarter Security Costs Less.
By
Toby Rush
September 16, 2025
View More