Web3 fraud reached a new scale in 2025, with Cyvers reporting $15.87 billion in detected fraudulent value, far surpassing the more than $2.5 billion lost to traditional hacks and exploits during the same period. The figures suggest that the crypto industry’s risk profile is shifting: while major technical breaches still capture headlines, fraud has become the larger and more pervasive threat.
Fraud spread across millions of transactions
One of the report’s most important observations is that the losses were not concentrated in a small number of dramatic incidents. Instead, they were distributed across 4.29 million individual transactions. That dispersion helped keep much of the damage below the public radar, especially compared with high-profile events such as the Bybit hack, which naturally draw more immediate attention.
According to Cyvers, this pattern points to the rise of industrialized crypto crime. Rather than isolated scams or one-off attacks, organized networks are now operating through clusters of related wallet addresses tied to the same scam infrastructure. Funds are then routed across multiple exchanges, payment service providers, and off-ramp channels, creating complex cross-platform flows that are harder to track and interrupt.
The growing danger of “authorized” fraud
Cyvers highlighted a particularly troubling shift in 2025: the rapid expansion of so-called authorized fraud, with pig-butchering scams standing out as the clearest example. Unlike conventional hacks, these schemes do not primarily rely on breaking into accounts or bypassing blockchain security controls. Instead, they exploit human behavior and trust.
In these scams, criminal groups often engage with victims for weeks or even months. The goal is to build emotional credibility and a false sense of security before steering the victim toward a final transfer or liquidation event. Because the victim technically approves the transaction from their own wallet or a verified account, many legacy fraud controls fail to flag the activity as suspicious in time.
The report argues that this is a structural problem for platforms relying on traditional compromised-account detection. If the transaction appears to be user-authorized, standard controls may be effectively blind to the fraud flow. Cyvers therefore says that real-time behavioral analytics and entity-level risk scoring are becoming essential if platforms want to detect these schemes before funds leave the ecosystem.
Liquid assets remain the preferred vehicles
The report also found that fraudulent flows were heavily concentrated in a small set of highly liquid crypto assets, reflecting their utility for rapid movement and conversion into fiat. USDT accounted for 37% of detected fraudulent movements, followed by ETH at 36% and USDC at 25%. This concentration indicates that fraud operators are not depending on obscure tokens. Instead, they are using the most liquid and widely accepted digital assets to move value efficiently.
That pattern reinforces a broader point: the infrastructure underpinning crypto fraud is increasingly mainstream. Stablecoins and blue-chip assets offer liquidity, speed, and broad exchange support, making them practical tools for organized scam networks seeking to scale operations across jurisdictions and platforms.
Exposure concentrated among large exchanges
Cyvers said exposure to fraudulent flows was also concentrated among major centralized players. Although the report did not identify specific companies, it stated that the single most exposed global exchange accounted for more than $2.3 billion in fraudulent flows. In addition, just three of the world’s top ten exchanges were responsible for nearly half of all fraud volume routed through centralized platforms.
These findings do not necessarily mean the exchanges themselves were complicit. Rather, they underscore how heavily organized fraud networks depend on large, liquid venues to process, route, or exit funds. The concentration also suggests that improvements in monitoring and intervention at a relatively small number of major platforms could have an outsized impact on the wider fraud landscape.
A broader shift in crypto risk
The 2025 data points to a broader transformation in how crypto-related crime should be understood. For years, public attention has focused on hacks, exploits, and smart contract vulnerabilities. Those threats remain significant, but the report suggests that the larger economic damage now comes from scams that leverage social engineering, operational scale, and financial infrastructure rather than purely technical compromise.
In that sense, crypto fraud is increasingly resembling a form of global organized crime. Pig-butchering may be the most visible “authorized fraud” model, but Cyvers’ findings suggest that many schemes rely on the same core ingredients: liquid stablecoins, major crypto assets, and access to large centralized exchanges. The result is a system in which fraud can scale quietly through millions of small or mid-sized transactions, even when individual incidents do not make headlines.
For the industry, the message is clear. Security can no longer be measured only by the prevention of hacks. As scam networks become more sophisticated, platforms may need to complement technical defenses with deeper transaction monitoring, behavioral intelligence, and stronger fraud-detection systems designed for user-authorized activity. Otherwise, the biggest losses in crypto may continue to come not from code exploits, but from manipulation at scale.

