Social engineering emerged as the dominant driver of crypto related fraud in 2025, according to new findings from blockchain analytics firm AMLBot. The company said nearly two thirds of the crypto incidents it investigated last year were caused by scams that targeted people directly rather than weaknesses in blockchains, protocols, or smart contracts.
Based on roughly 2,500 internal investigations, AMLBot found that 65 percent of cases involved access and response failures. These included compromised personal devices, weak verification practices, and delays in identifying suspicious activity. The company emphasized that its data reflects only its own casework and should not be treated as a full measure of global crypto crime.
Social Manipulation Tops the List of Attack Methods
The report shows that attackers increasingly rely on manipulation instead of technical exploits. Common tactics included chat based scams, fake investment opportunities, phishing links, and impersonation schemes where fraudsters pretend to be trusted figures.
In many cases, victims were lured into clicking malicious links or sharing sensitive details such as private keys and recovery phrases. Unlike traditional hacking, these attacks require no advanced coding skills. They depend on urgency, fear, and misplaced trust.
Percentage of crypto theft cases by fraud category. Source: AMLBot
AMLBot noted that these trends underline a growing gap between protocol level security and real world user behavior. Even well protected platforms can be undermined when scammers convince users to hand over access themselves.
Investment and Phishing Scams Lead by Volume
Investment scams were the most common category by case count, accounting for 25 percent of incidents reviewed by AMLBot. Phishing attacks followed at 18 percent, while device compromises made up 13 percent.
A second tier of frequent scams included pig butchering schemes and over the counter fraud, each representing 8 percent of cases. Chat based impersonation scams accounted for 7 percent. Together, these categories highlight how varied social engineering tactics have become, often blending emotional pressure with convincing narratives of profit or authority.
While individual losses varied, AMLBot said the cumulative impact of these schemes was significant, especially as crypto adoption expands among less experienced users.
Impersonation Scams Drive Heavy Financial Damage
Among social engineering tactics, impersonation stood out as the most financially damaging. AMLBot traced at least $9 million in stolen digital assets to impersonation related attacks over the past three months alone.
Slava Demchuk, chief executive of AMLBot, said attackers frequently pose as exchange support staff, project managers, investment partners, or company representatives. “They exploit trust and urgency, playing convincing roles that make victims lower their guard,” Demchuk said.
Percentage of crypto theft cases per month. Source: AMLBot
He warned that requests framed as urgent actions such as immediate fund transfers or wallet access are often the first red flag. According to Demchuk, users should never share private keys or recovery phrases under any circumstances, regardless of how legitimate the request may appear.
January Scam Losses Highlight Ongoing Risks
The findings come amid a broader rise in crypto scam losses at the start of 2026. According to data from crypto security firm CertiK, scammers stole $370 million in January, marking the highest monthly total in 11 months.
Phishing accounted for $311 million of those losses. One particularly severe social engineering case resulted in a single victim losing around $284 million, underscoring how devastating these attacks can be when they succeed.
Security experts say the figures reinforce a consistent message. Technical safeguards remain essential, but they are not enough on their own. As long as attackers can exploit human behavior, education, awareness, and cautious habits will remain critical lines of defense for crypto users.
