Scams

According to reports citing a forensic review of lobbyist Mauricio Novelli's phone, a draft agreement outlined a $5 million payment structure linked to Argentine President Javier Milei's promotion of the Libra token in February 2025. The note, dated Feb. 11, 2025, reportedly broke the sum into three tranches and referenced crypto entrepreneur Hayden Davis, while a second draft message from Feb. 16, 2025, appeared to script a crisis response after the Libra scandal erupted and the token later crashed after briefly hitting a $4 billion market cap.

An analysis by TRM Labs found that less than 1% of on-chain crypto activity in Australia between March 2025 and February 2026 involved illicit counterparties, even as local entities processed about $50 billion in transaction volume. Sanctions-related flows made up roughly 70% of identified illicit volume, while darknet markets, investment fraud, and illegal goods and services formed the next largest categories. Australia's framework requiring digital currency exchanges to register with the Australian Transaction Reports and Analysis Centre has coincided with a diversified crypto ecosystem and limited criminal exposure.

Blockchain security firm Nominis reports that crypto attack losses dropped from $385 million in January to $49.3 million in February, with a single Step Finance incident on Solana accounting for over 60% of the damage. The study indicates that attackers are increasingly targeting users through phishing, address poisoning and malicious approvals, rather than focusing solely on protocol code vulnerabilities.

A French couple in their late 50s in Le Chesnay-Rocquencourt was allegedly forced at knifepoint to transfer more than €900,000 (about $1 million) in Bitcoin to attackers posing as police officers. The suspects tied up the man, injured the woman, and fled in a white van, while authorities opened an investigation into suspected kidnapping, armed robbery by an organized group, and criminal conspiracy. Wrench attacks involving physical coercion to steal crypto have become more frequent in France as Bitcoin prices climb.

The United States Attorney's Office has filed a civil forfeiture action to seize about USDT 3.4 million in Tether tied to a crypto investment scam conducted on Ethereum. Authorities say the scheme targeted at least four victims in Massachusetts, Utah and South Carolina, with the funds later converted into USDT and confiscated in February and March 2025.

On 14 March 2026, the U.S. Treasury's OFAC imposed sanctions on six people and two companies accused of using remote IT jobs to channel roughly $800 million in 2024 to North Korea's weapons programs. The network allegedly relied on stolen identities, deepfake-enhanced job interviews, and crypto conversions, while global illicit crypto flows climbed to an estimated $154–$158 billion in 2025 with sanctions evasion, large-scale hacks, and industrialized fraud on the rise.

The US Department of Justice and Europol dismantled the SocksEscort residential proxy network, seizing 34 domains, taking 23 servers offline across 7 countries, and freezing $3.5 million in cryptocurrency. The operation, running since 2009, allegedly hijacked 369,000 devices in 163 countries and was used to support account takeovers, ransomware, and crypto fraud, exposing 124,000 registered users to potential enforcement action.

Losses tied to cryptocurrency ATM scams in the United States climbed to $333.5 million in 2025, according to blockchain security firm CertiK, with organized groups exploiting an "attribution gap" that separates cash deposits from on-chain records. Older Americans suffer the bulk of these losses as scammers use breach data, live phone coaching and AI tools, while regulators test responses ranging from state-level bans to stalled federal legislation.

Swedish authorities are investigating a reported data leak tied to CGI Sverige after a threat actor called ByteToBreach claimed to have exposed source code and sensitive material from the country's e-government platform. CGI said the incident involved two internal test servers with an older application version and its source code accessible but no evidence of impact on production data or services. Officials and security researchers warned that the leaked code and documentation, if authentic, could pose ongoing risks to Swedish and European public cyber infrastructure.

On a Thursday announcement, the US Treasury’s Office of Foreign Assets Control imposed sanctions on six individuals and two companies accused of enabling North Korea-linked IT worker fraud networks across multiple countries. The action freezes any US assets tied to those named, blocks their access to US financial services and targets cryptocurrency transactions allegedly used to launder $2.5 million and support the DPRK weapons program.