Social Engineering Tactics Dominated 65% of AMLBot's 2025 Crypto Investigations
According to AMLBot's findings, 65% of cryptocurrency incidents examined in 2025 were driven by social engineering tactics, primarily through investment fraud and phishing schemes, while impersonation attacks accounted for $9M in stolen funds.
Approximately two-thirds of cryptocurrency-related incidents that blockchain analytics firm AMLBot investigated throughout 2025 were the result of social engineering tactics rather than technical security breaches, a new report reveals based on the firm's internal case investigations.
According to AMLBot, 65% of incidents examined during the previous year stemmed from access and response vulnerabilities, including compromised hardware, inadequate verification processes, and slow detection systems, as opposed to flaws in blockchain technology or smart contract code.
The firm clarified that its findings are derived from approximately 2,500 internal case investigations and should not be interpreted as a comprehensive measurement of crypto-related criminal activity across the entire industry, as stated in a Wednesday report provided to Cointelegraph.
The predominant attack methods included hardware compromises through chat-based scams, fraudulent impersonation schemes, and various investment and phishing operations that relied on social manipulation tactics.
Phishing attacks targeting cryptocurrency holders are forms of social engineering that don't depend on code exploitation. Rather, threat actors distribute deceptive links designed to capture victims' confidential data, including the private keys that control access to cryptocurrency wallets.
These results indicate that enhancing security measures at the protocol layer may prove insufficient for user protection when fraudsters can circumvent protective measures by directly targeting individuals.
Investment scams and phishing lead by case count
Investment-related scams represented the highest proportion of investigated cases at 25%, with phishing attacks coming in second at 18% and device compromise incidents at 13%, establishing them as the most damaging attack categories measured by case frequency.
So-called pig butchering scams made up 8% of cases, over-the-counter (OTC) fraud similarly accounted for 8%, and chat-based impersonation attacks comprised 7%, together forming the second tier of most commonly observed attack methods.
Impersonation linked to $9 million in recent losses
AMLBot successfully traced a minimum of $9 million in stolen cryptocurrency assets to impersonation-based attacks during the previous three-month period.
When it comes to social engineering scams, impersonation represents the most destructive attack vector, according to Slava Demchuk, CEO of AMLBot, in comments to Cointelegraph.
"Attackers continue to exploit and trick victims with a ruthless game of charades, posing as trusted entities. Sometimes they're exchange support teams, investment partners, project managers or reps."
Demchuk emphasized that users should never share private keys or recovery phrases and should remain vigilant regarding urgent requests that involve fund transfers or wallet access, identifying these as typical entry points for social engineering scams.
As a defense against impersonation-based attacks, Demchuk strongly advised cryptocurrency investors to refrain from sharing their private keys and recovery phrases under any circumstances.
Additionally, he recommended that investors disregard what appear to be "urgent requests involving fund transfers of wallet access," which typically serve as the initial point of contact for social engineering scam operations.
CertiK reports January spike in crypto losses
Cryptocurrency scams experienced a significant increase in January, when fraudsters successfully stole $370 million, representing the highest monthly total recorded in 11 months, based on data from crypto security firm CertiK.
Of the total amount stolen, $311 million was linked to phishing scam operations, with one especially devastating social engineering attack resulting in losses of approximately $284 million for a single victim.