Scams

Losses tied to cryptocurrency ATM scams in the United States climbed to $333.5 million in 2025, according to blockchain security firm CertiK, with organized groups exploiting an "attribution gap" that separates cash deposits from on-chain records. Older Americans suffer the bulk of these losses as scammers use breach data, live phone coaching and AI tools, while regulators test responses ranging from state-level bans to stalled federal legislation.

Swedish authorities are investigating a reported data leak tied to CGI Sverige after a threat actor called ByteToBreach claimed to have exposed source code and sensitive material from the country's e-government platform. CGI said the incident involved two internal test servers with an older application version and its source code accessible but no evidence of impact on production data or services. Officials and security researchers warned that the leaked code and documentation, if authentic, could pose ongoing risks to Swedish and European public cyber infrastructure.

On a Thursday announcement, the US Treasury’s Office of Foreign Assets Control imposed sanctions on six individuals and two companies accused of enabling North Korea-linked IT worker fraud networks across multiple countries. The action freezes any US assets tied to those named, blocks their access to US financial services and targets cryptocurrency transactions allegedly used to launder $2.5 million and support the DPRK weapons program.

On March 12, 2026, blockchain intelligence platform NOMINIS reported that crypto-related incidents led to about $49.3 million in losses in February, down sharply from roughly $385 million in January. Researchers say the drop does not mean the ecosystem is safer, as attackers are shifting from complex smart contract exploits to techniques that manipulate user behavior and transaction authorizations. A major Solana-based DeFi breach at Step Finance accounted for about $30 million, while multiple smaller cases involved phishing approvals, malicious signatures and address poisoning.

On 12 March 2026, JPMorgan Chase was named in a proposed class-action lawsuit in Northern California alleging it helped process transactions for a $328 million crypto Ponzi scheme tied to Goliath Ventures. The complaint says about $253 million in deposits moved through JPMorgan accounts between January 2023 and June 2025 and claims the bank ignored red flags while serving as the firm's primary banking partner.

JPMorgan Chase has been sued in a U.S. federal court over allegations it allowed $250 million linked to the Goliath Ventures crypto Ponzi scheme to move through its accounts. The complaint claims roughly 2,000 investors were defrauded between 2023 and early 2026, with funds largely funneled to crypto platforms and luxury spending instead of genuine trading activity.

In February 2026, crypto-related losses dropped to about $49.3 million, an 87% decline from January's $385 million, yet attackers continued to refine their tactics. A report attributed much of the damage to a single Step Finance incident on Solana that drained around 261,854 SOL, while social engineering, phishing approvals, and address poisoning also cost users over $500,000. Additional technical exploits hit platforms such as YieldBlox, CrossCurve, and IoTeX, even as authorities in the United States and South Korea seized and froze millions linked to large-scale scam operations.

Mobile chipmaker MediaTek patched a vulnerability in its chipsets on Jan. 5 that, according to Ledger's Donjon security team, allowed attackers with physical access and a USB connection to extract sensitive data from some Android phones. The flaw in the secure boot chain could be used to recover PINs, decrypt storage and steal seed phrases from major software wallets on devices using MediaTek processors and the Trustonic TEE. Ledger has urged users of affected Android phones to install the latest security updates, even as it does not expect the issue to persist.

John Daghita, known online as "Lick" and the son of a US government contractor, was arrested on the Caribbean island of Saint Martin in a joint operation by the FBI and the French Gendarmerie, over allegations he stole more than $46 million in cryptocurrency from the US Marshals Service. On-chain investigator ZachXBT had previously traced suspicious movements of government-linked funds, helping uncover a broader theft scheme that may exceed $90 million and raising new concerns about insider risk in US digital asset custody.

South Korea's Gwangju District Prosecutors' Office sold 320.8 BTC seized from an international gambling platform, generating 31.6 billion won for the national treasury. The bitcoin had been stolen in August 2025 through a phishing attack but was returned to the authorities last month, after which it was sold between Feb. 24 and March 6 while the hacker remains under investigation.