Crypto Fraud Reached $15.87 Billion in 2025, Far Exceeding Hack Losses

Crypto Fraud Reached $15.87 Billion in 2025, Far Exceeding Hack Losses

N
News Editor 01
2026-07-08 15:26:13
A Cyvers report says Web3 fraud hit $15.87 billion in 2025, dwarfing roughly $2.5 billion lost to hacks and exploits, as industrialized scam networks and authorized fraud became the dominant threat.
crypto fraudweb3 securitystablecoinsexchange complianceonchain risk

Web3 fraud surged to $15.87 billion in 2025, dramatically outpacing the roughly $2.5 billion lost to traditional hacks and exploits, according to Cyvers’ latest annual security report. The findings suggest that the crypto industry’s biggest security challenge is no longer limited to spectacular technical breaches. Instead, a larger share of losses is now coming from fraud schemes that are more distributed, more scalable, and often harder to detect in real time.

One reason the shift has received less public attention is the structure of the losses themselves. While major hacks tend to produce a small number of headline-grabbing incidents, the fraudulent activity tracked by Cyvers was spread across 4.29 million transactions. That dispersion made the damage less visible, even as the total value far exceeded losses from more familiar exploit-driven attacks.

From Isolated Scams to Industrialized Fraud Networks

According to the report, the 2025 threat environment was defined by what Cyvers describes as “industrialized” crime. Rather than relying on one-off scam wallets or simple transfer paths, criminal networks increasingly used clusters of addresses linked to the same operation. Funds were then routed through cross-platform flows involving exchanges, payment service providers, and fiat off-ramp infrastructure.

This evolution matters because it points to fraud becoming more operationally mature. The movement of funds is no longer always a linear path from victim to attacker. Instead, it can involve multiple intermediaries, fragmented transaction trails, and coordinated infrastructure designed to make tracing and intervention more difficult. In that sense, the report frames crypto fraud less as a collection of disconnected incidents and more as a global enterprise with organized processes and repeatable playbooks.

The report also suggests that this model allows bad actors to scale efficiently. When losses are distributed across millions of transactions, the activity may appear less severe on a case-by-case basis. But in aggregate, the total economic damage becomes far larger than that caused by conventional exploits.

Authorized Fraud Becomes a Central Threat

Among the most significant changes identified in the report is the rise of “authorized” fraud, especially pig butchering schemes. Unlike traditional hacks, which bypass security controls through code vulnerabilities, credential theft, or infrastructure compromise, these scams target human behavior. Victims are manipulated into willingly approving transactions from their own wallets or verified accounts.

Cyvers describes this as one of the most alarming developments in the 2025 security landscape. Criminal syndicates may spend weeks or even months cultivating trust with targets before directing them into fake investment opportunities or deceptive transfer flows. By the time the final liquidation or loss event occurs, the victim has often already completed the transaction voluntarily, at least from the standpoint of the platform’s systems.

That feature creates a major blind spot for traditional controls. Fraud tools designed primarily to detect account takeovers or compromised credentials may not flag an event if the transaction appears user-authorized. In the report’s assessment, this is why conventional fraud defenses are increasingly inadequate in crypto environments shaped by social engineering and behavioral manipulation.

To address that gap, Cyvers argues for more advanced monitoring approaches, including real-time behavioral analytics and entity-level risk scoring. The aim is to identify suspicious patterns before funds leave a platform, rather than relying only on indicators tied to direct account compromise.

Liquid Assets Remain the Main Rails for Fraud Flows

The report found that most fraudulent value moved through a small set of highly liquid digital assets, reflecting the practical needs of criminal networks. Assets that can be transferred quickly, accepted widely, and converted into fiat efficiently remain the preferred vehicles for large-scale fraud.

Cyvers said the largest share of detected fraudulent flows involved USDT at 37%, followed by ETH at 36% and USDC at 25%. This concentration underscores the role of stablecoins and major crypto assets as core settlement rails within illicit ecosystems. Their liquidity and broad exchange support make them especially useful for moving value across platforms and eventually toward off-ramp channels.

The data does not imply that the assets themselves are inherently fraudulent. Rather, the report highlights that highly liquid instruments are the most convenient medium for actors seeking to move stolen or fraudulently obtained funds at scale. In practice, this means the same assets that support efficient legitimate market activity can also be exploited by criminal operations.

Exposure Is Concentrated Among Major Centralized Platforms

Cyvers also found that exposure was heavily concentrated among large centralized exchanges. Although the report did not name specific companies, it stated that the single most exposed global exchange accounted for more than $2.3 billion in fraudulent flows. In addition, just three of the world’s ten largest exchanges were linked to nearly half of all fraud volume routed through centralized platforms.

This concentration is notable for several reasons. First, it suggests that scale and liquidity attract not only legitimate users but also a disproportionate amount of illicit traffic. Second, it raises questions about how major platforms monitor transaction behavior, identify risky entities, and coordinate with the broader ecosystem when suspicious flows begin to emerge. Finally, it illustrates that fraud prevention is not just a wallet-level or user-level issue; it is also an infrastructure issue tied to where liquidity is deepest and exit routes are easiest.

Because centralized venues often function as key junctions between on-chain activity and the fiat economy, they sit at the center of the fraud detection challenge. If scam proceeds can move through a small number of heavily used platforms, then risk management at those platforms becomes especially important for reducing system-wide exposure.

A Broader Security Shift for the Crypto Industry

The 2025 data paints a picture of an industry in which fraud has evolved beyond the traditional image of a hacker draining a protocol. Pig butchering may be the most visible authorized-fraud model, but the report argues that it relies on the same fundamental infrastructure seen across the wider ecosystem: liquid stablecoins, blue-chip crypto assets, and large centralized exchanges.

That combination gives modern scam networks durability and reach. They are not dependent on a single exploit technique or one specific chain. Instead, they can operate across services, use common assets to preserve mobility, and leverage the complexity of the broader financial stack to reduce detection.

For policymakers, exchanges, payment providers, and security teams, the central implication is that anti-fraud strategy must evolve. Technical security remains essential, but the report indicates that defending against fraud now requires a wider framework that includes behavioral intelligence, entity mapping, cross-platform coordination, and stronger visibility into how value moves between crypto and traditional financial rails.

Cyvers’ findings ultimately suggest that the crypto sector’s most expensive threat in 2025 was not the classic exploit but the organized, psychologically driven, and operationally sophisticated fraud economy growing around it. As long as criminals can combine social engineering with liquid assets and deep exchange access, fraud may continue to outpace conventional hacking in both scale and impact.

This article was originally published by Bit.Fan. For more cryptocurrency news and market insights, visit www.bit.fan.
300

Disclaimer:

The market information, project data, and third-party content displayed on this platform are for industry information sharing only and do not constitute any form of investment advice or return commitment.

Cryptocurrency trading carries high risks. Users should fully assess their risk tolerance and make independent decisions. All profits, losses, and legal responsibilities are borne by the users themselves.