Two recent reports from a crypto security specialist and a blockchain analytics company have identified the top crypto scams in 2025. Helpfully, they also provided several recommendations on how to protect yourself.
In its 2025 Q2 MisTrack stolen funds analysis, crypto security specialist SlowMist said it had received 429 stolen funds reports in the previous quarter and assisted 11 victims in freezing or recovering around $12 million in stolen crypto assets.
Besides more traditional scam schemes, such as phishing and social engineering, the team said it has also encountered several asset theft incidents related to hardware wallets. All the victims believed they were using legitimate devices to secure their crypto assets. However, the wallets were purchased via unofficial channels or obtained as a "prize giveaway" and had pre-installed malicious firmware.
Next, malicious browser extensions designed to help steal crypto assets were "a particularly stealthy attack vector" in Q2.
"Avoid installing browser extensions or applications recommended by strangers – even if they appear official," SlowMist said, adding that it has also received numerous reports from users whose WeChat accounts had been compromised in order to scam their contacts.
Meanwhile, in its “The State of Crypto Scams 2025” report, blockchain analysis company Elliptic identified the top 11 scams in 2024 and the first half of 2025.
These include address poisoning, when criminals replace legitimate crypto addresses with their own; ATM scams; deepfake authorization scams; donation scams; crypto investment and giveaway-related incentive-based scams; phishing and ice phishing; "pig butchering;” Ponzi schemes; recovery scams that target already vulnerable victims; memecoin-fueled "rug pulls," and sextortion.
When it comes to address poisoning, Elliptic suggests looking for red flags such as a zero-value transaction that appears to be initiated by the user’s address to a recipient address that looks similar to a previous counterparty. Hiding zero-value transactions and double-checking copy-pasted addresses might also help.
Meanwhile, to avoid deepfake authorization scams, these red flags can help identify them: lip sync issues during video calls, unnatural blinking, blurring effects, or refusal to turn their head during the call, as deepfake software can't render side profiles.
Additionally, according to the analysts, extra verification for large transactions and alternative methods of verification, such as safe words, could also help protect oneself.
Regarding donation campaigns, incentive-based scams, phishing, and other scam categories, Elliptic encourages skepticism of everything you see – don't fall for trendy buzzwords and too-good-to-be-true stories.
As SlowMist concluded in its report: "Treat every authorization or signature as unlocking a door – make sure you know who’s on the other side."
Your email address will not be published. Required fields are markedmarked