Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

AI-enabled crypto scams: what practitioners need to act on


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11631
Topic starter  

TL;DR: Crypto scams and fraud stole an estimated $17 billion in 2025, with impersonation scams growing 1400% year over year and AI-enabled scams proving 4.5 times more profitable than traditional scams, according to Chainalysis. The pattern is no longer isolated fraud but industrialized criminal infrastructure that security, fraud, IAM, and identity verification teams must treat as a governance problem, not a user-awareness problem.

NHIMG editorial — based on content published by Chainalysis: 2026 Crypto Crime Report and analysis of AI-enabled crypto fraud

By the numbers:

Questions worth separating out

Q: What fails when organisations rely on brand trust alone to verify payment requests?

A: Brand trust alone fails because attackers can imitate legitimate support, government, or financial communications well enough to trigger action before suspicion sets in.

Q: Why do impersonation scams create a governance problem for IAM teams?

A: Impersonation scams exploit the gap between identity proofing and authorised action.

Q: How can security teams spot scam activity before funds are lost?

A: Look for bursts of outbound contact, cloned websites, repeated payment-urgency language, unusual wallet changes, and beneficiary edits that do not match prior behaviour.

Practitioner guidance

  • Tighten high-risk transfer verification Require secondary verification for wallet changes, urgent payment requests, and account recovery actions, especially when the request originates from SMS, chat, or voice support.
  • Harden support and recovery workflows Review customer-support and help-desk procedures that can override MFA, reset access, or redirect funds.
  • Detect impersonation patterns across channels Correlate phone, SMS, email, and web activity to identify repeated domain patterns, cloned templates, and outbound message bursts that match scam infrastructure.

What's in the full report

Chainalysis's full report covers the operational detail this post intentionally leaves for the source:

  • Per-scam category breakdowns that show how impersonation, pig butchering, and investment fraud differ in monetisation paths.
  • Operational examples of phishing-as-a-service, fake websites, and laundering services that underpin the criminal supply chain.
  • Case detail on the E-ZPass campaign, Coinbase impersonation, and major law-enforcement seizures.
  • On-chain tracing context that shows how investigators linked scam clusters to laundering networks and criminal infrastructure.

👉 Read Chainalysis's 2026 Crypto Crime Report on AI-enabled scam growth →

AI-enabled crypto scams: what practitioners need to act on?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11186
 

Impersonation fraud is now an identity governance problem, not just a fraud problem. When a scam succeeds because the victim trusts a brand, support desk, or government message, the control failure sits in identity assurance and channel verification as much as in fraud analytics. That boundary matters for IAM and identity verification teams because the question becomes whether an interaction can be trusted before any payment or credential event occurs. Practitioners should treat impersonation as a governance issue across identity, communications, and payout controls.

A question worth separating out:

Q: Who is accountable when AI-driven fraud bypasses identity controls?

A: Accountability usually sits across IAM, fraud operations, and product security, because the failure spans authentication, session trust, and abuse response. If the organisation cannot explain why an automated actor was treated as trustworthy, the gap is governance, not just detection. That is the level leaders should review.

👉 Read our full editorial: AI-enabled crypto scams are industrializing faster than controls



   
ReplyQuote
Share: