Scams

The United States Attorney's Office has filed a civil forfeiture action to seize about USDT 3.4 million in Tether tied to a crypto investment scam conducted on Ethereum. Authorities say the scheme targeted at least four victims in Massachusetts, Utah and South Carolina, with the funds later converted into USDT and confiscated in February and March 2025.

On 14 March 2026, the U.S. Treasury's OFAC imposed sanctions on six people and two companies accused of using remote IT jobs to channel roughly $800 million in 2024 to North Korea's weapons programs. The network allegedly relied on stolen identities, deepfake-enhanced job interviews, and crypto conversions, while global illicit crypto flows climbed to an estimated $154–$158 billion in 2025 with sanctions evasion, large-scale hacks, and industrialized fraud on the rise.

The US Department of Justice and Europol dismantled the SocksEscort residential proxy network, seizing 34 domains, taking 23 servers offline across 7 countries, and freezing $3.5 million in cryptocurrency. The operation, running since 2009, allegedly hijacked 369,000 devices in 163 countries and was used to support account takeovers, ransomware, and crypto fraud, exposing 124,000 registered users to potential enforcement action.

Losses tied to cryptocurrency ATM scams in the United States climbed to $333.5 million in 2025, according to blockchain security firm CertiK, with organized groups exploiting an "attribution gap" that separates cash deposits from on-chain records. Older Americans suffer the bulk of these losses as scammers use breach data, live phone coaching and AI tools, while regulators test responses ranging from state-level bans to stalled federal legislation.

Swedish authorities are investigating a reported data leak tied to CGI Sverige after a threat actor called ByteToBreach claimed to have exposed source code and sensitive material from the country's e-government platform. CGI said the incident involved two internal test servers with an older application version and its source code accessible but no evidence of impact on production data or services. Officials and security researchers warned that the leaked code and documentation, if authentic, could pose ongoing risks to Swedish and European public cyber infrastructure.

On a Thursday announcement, the US Treasury’s Office of Foreign Assets Control imposed sanctions on six individuals and two companies accused of enabling North Korea-linked IT worker fraud networks across multiple countries. The action freezes any US assets tied to those named, blocks their access to US financial services and targets cryptocurrency transactions allegedly used to launder $2.5 million and support the DPRK weapons program.

On March 12, 2026, blockchain intelligence platform NOMINIS reported that crypto-related incidents led to about $49.3 million in losses in February, down sharply from roughly $385 million in January. Researchers say the drop does not mean the ecosystem is safer, as attackers are shifting from complex smart contract exploits to techniques that manipulate user behavior and transaction authorizations. A major Solana-based DeFi breach at Step Finance accounted for about $30 million, while multiple smaller cases involved phishing approvals, malicious signatures and address poisoning.

On 12 March 2026, JPMorgan Chase was named in a proposed class-action lawsuit in Northern California alleging it helped process transactions for a $328 million crypto Ponzi scheme tied to Goliath Ventures. The complaint says about $253 million in deposits moved through JPMorgan accounts between January 2023 and June 2025 and claims the bank ignored red flags while serving as the firm's primary banking partner.

JPMorgan Chase has been sued in a U.S. federal court over allegations it allowed $250 million linked to the Goliath Ventures crypto Ponzi scheme to move through its accounts. The complaint claims roughly 2,000 investors were defrauded between 2023 and early 2026, with funds largely funneled to crypto platforms and luxury spending instead of genuine trading activity.

In February 2026, crypto-related losses dropped to about $49.3 million, an 87% decline from January's $385 million, yet attackers continued to refine their tactics. A report attributed much of the damage to a single Step Finance incident on Solana that drained around 261,854 SOL, while social engineering, phishing approvals, and address poisoning also cost users over $500,000. Additional technical exploits hit platforms such as YieldBlox, CrossCurve, and IoTeX, even as authorities in the United States and South Korea seized and froze millions linked to large-scale scam operations.