Scams

On February 21, 2026, IoTeX disclosed that a private key tied to a token safe was compromised, enabling unauthorized asset transfers. On-chain data indicates roughly $8.8 million drained across multiple tokens, with funds moved into ETH and partially bridged to Bitcoin. IoTeX said preliminary assessments suggest the actual loss could be significantly lower than rumors.

On February 21, 2026, the FBI's Internet Crime Complaint Center highlighted a surge in ATM "jackpotting" attacks in the US. The agency says more than 1,900 incidents have been recorded since 2020, with over 700 cases in 2025 alone causing losses exceeding $20,000,000. Criminals allegedly use generic keys and malware to override bank authorization and trigger ATMs to dispense cash, prompting the FBI to urge financial institutions to strengthen physical and software security.

On February 20, 2026, Sam Bankman-Fried used a proxy to publish a "10 Myths" X thread from prison, disputing that FTX was insolvent and challenging aspects of his fraud case. He claimed customers are receiving 119%–143% of November 2022 claim values and rejected personal-life rumors, while critics point out his conviction stands and findings on customer fund misuse remain.

Darknet marketplaces and drug vendors took in nearly $2.6 billion in cryptocurrency in 2025, with inflows to drug-linked addresses slightly above $2.5 billion. From mid-2023, payments for fentanyl precursors fell sharply, and larger transfers over $500 correlated with worse Canadian health outcomes, underscoring how on-chain activity can act as an early warning for public health and enforcement.

Blockchain analytics firm TRM Labs reported that illicit entities received roughly $141 billion in stablecoins in 2025, the highest level in five years, driven mainly by sanctions-linked networks and large-scale money laundering. Sanctions-related activity made up 86% of all illicit crypto flows, with around $72 billion tied to the Russian ruble-pegged A7A5 token, while overall illicit use represented about 1% of an estimated $12 trillion in annual stablecoin transactions.

According to Global Ledger, hackers accelerated laundering in the second half of 2025, often moving funds within seconds and using mixers, DeFi, and bridges. Tornado Cash appeared in 42% of exploits, and average laundering time rose to 10.6 days. DeFi flows hit $732M in H2, while bridges routed $2.01B.

Address poisoning is a scam that tampers with a user's transaction history instead of attacking private keys, convincing victims to send funds to a maliciously crafted lookalike address. Incidents including a roughly 3.5 wBTC theft from a Phantom Chat phishing campaign in February 2026 and a $50 million USDT loss in 2025 show how interface design and user habits can lead to large losses. By abusing dust transfers, copy buttons and truncated address displays, attackers exploit behavior and wallet UX to make poisoned addresses appear trustworthy.

In a Wednesday report drawing on roughly 2,500 internal investigations, AMLBot found that 65% of the 2025 crypto incidents it handled involved social engineering and user access or response lapses rather than protocol flaws. By case count, investment scams led at 25%, followed by phishing at 18% and device compromises at 13%.

On February 17, 2026, blockchain security firm Cyvers reported a $600,000 loss tied to an address poisoning scheme that leveraged zero‑value transfers and a copy‑paste mistake. Similar incidents since December 2025 include $514,000 and $12.25 million losses, while researchers estimate more than one million poisoning attempts occur each day on Ethereum.

On Feb. 13, cybersecurity expert Dmitry Smilyanets reported receiving a fake Trezor-branded letter demanding an "Authentication Check" by Feb. 15 or risk device restrictions, with a QR code leading to a phishing site. The scam, which mislabels Trezor CEO Matěj Žák as "Ledger CEO," targets hardware wallet users whose postal data was exposed in past breaches and attempts to trick them into entering seed recovery phrases. Similar physical letters and QR-based attacks have been reported against Ledger users since at least October last year, following multiple data leaks impacting both Ledger and Trezor customers.