Bitget: 2025 Global Cryptocurrency Anti-Fraud Trends Report
Security cannot rely on isolated measures; it must build a networked, continuous, and user-centered system.# Abstract
Cryptocurrency fraud has entered a new era driven by AI deepfakes, social engineering, and the packaging of fake projects. This report, co-authored by Bitget, SlowMist, and Elliptic, analyzes common fraud methods from 2024 to early 2025 and proposes joint defense strategies for users and platforms.
The three current high-risk fraud types:
Deepfake impersonation ------ using synthetic videos to promote fake investments;
Social engineering fraud ------ covering job scam Trojans, phishing bots, and fake staking schemes;
Modern Ponzi schemes ------ disguised as DeFi, NFT, or GameFi projects.
Modern fraud is shifting from exploiting technical vulnerabilities to dual attacks on trust and psychological weaknesses. From wallet hijacking to multi-million dollar fraud, attacks are becoming highly personalized, deceptive, and concealed.
To address this, Bitget has launched the "Anti-Scam Hub," upgrading the platform's protective system and collaborating with SlowMist and Elliptic to achieve on-chain tracking of illicit funds, dismantling phishing networks, and marking cross-chain fraudulent activities.
The report includes real case analyses, a fraud red flag checklist, and protection guidelines for users and institutions.
Core conclusion: When AI can perfectly replicate anyone, security defenses must start with skepticism and end with collective defense.
# Table of Contents
1. Core Summary
The current status of AI-assisted cryptocurrency fraud threats and the joint countermeasures by Bitget, SlowMist, and Elliptic.
2. Introduction: The Evolution of Threats
How the development of DeFi, the proliferation of AI, and cross-border convenience have created a breeding ground for new types of fraud, along with the associated risks.
3. Anatomy of Modern Cryptocurrency Fraud
Analysis of the most dangerous frauds today:
3.1 Deepfake impersonation
3.2 Social engineering strategies
AI arbitrage bots
Job scam traps
Social media phishing
Address poisoning attacks
Pixiu token scams
Fake staking rebate platforms
Airdrop traps
3.3 Ponzi schemes in the Web3 era
4. Strengthening Digital Defenses: Bitget's Multi-Layer Security Architecture
Detailed explanation of Bitget's real-time threat detection, token due diligence, dual audit mechanisms, and a $300 million protection fund.
5. On-Chain Fraud Tracking and Fund Forensics (Written by Elliptic)
How transaction monitoring, cross-chain bridge tracking, and behavioral analysis can identify and block the flow of illicit funds.
6. Protection Recommendations and Best Practices (Written by SlowMist)
Practical guidelines for users and enterprises: from phishing identification to developing anti-fraud habits and enterprise-level response frameworks.
7. Conclusion: Future Path Planning
How cryptocurrency security can shift from isolated defenses to network immunity, and how Bitget can stay one step ahead in the face of evolving threats.
# Insights on the Frontline: Unveiling New Trends in Cryptocurrency Fraud
1. Core Summary
In January 2025, Hong Kong police dismantled a deepfake fraud group and arrested 31 individuals, who impersonated cryptocurrency executives to steal $34 million ------ this was just one of 87 similar cases cracked in Asia during the first quarter (SlowMist, "2025 Cryptocurrency Crime Report"). These are indisputable facts. From the Singapore Prime Minister's AI synthetic video to Musk's "false endorsements," deepfake trust attacks have become a daily threat.
This report, completed by three parties, reveals how cryptocurrency fraud has evolved from crude phishing scams to AI-enhanced psychological manipulation: nearly 40% of high-value fraud cases in 2024 involved deepfake technology. Whether it's job scam traps or Ponzi "staking platforms," the underlying theme is the precise exploitation of trust, fear, and greed through social engineering.
Cryptocurrency fraud is not just about stealing money ------ it is eroding the foundational trust of the industry.
Bitget's security system intercepts a large number of trust abuse behaviors daily: abnormal logins, phishing attacks, and malicious software downloads. To this end, we have launched the Anti-Scam Center, developed proactive protection tools, and collaborated with global leaders like SlowMist and Elliptic to dismantle fraud networks and track illicit funds.
This report charts the evolution of threats, reveals current high-risk methods, and provides practical defense strategies for users and institutions. When AI can replicate anyone's face, security mechanisms must fundamentally possess a spirit of skepticism.
2. Introduction: The Evolution of Threats
The borderless nature of cryptocurrency is both its greatest advantage and its biggest risk. As decentralized protocols lock in total value exceeding $98 billion, institutional participation continues to rise, and the same technology driving innovation is also fueling a new wave of cryptocurrency fraud.
These are no longer the rudimentary phishing attacks of the past. From 2023 to 2025, the scale and sophistication of fraud have increased dramatically: in 2024, global users lost over $4.6 billion to fraud, a year-on-year increase of 24% (Chainalysis, "2025 Cryptocurrency Crime Report"). From deepfake impersonation to Ponzi ecosystems disguised as "staking returns," fraudsters are using AI, psychological manipulation, and social platforms to deceive seasoned users.
Three mainstream attack methods:
Deepfakes, impersonating public figures to endorse fake platforms.
Social engineering scams, including job scam tests and phishing tweets.
Ponzi scheme variants, disguised as DeFi/GameFi/NFT projects.
The most alarming aspect is the upgrade in psychological manipulation: victims are not merely deceived but gradually persuaded. Scammers not only steal passwords but also design traps targeting behavioral blind spots.
Of course, defense systems are also evolving in tandem: collaborative innovation within the ecosystem is accelerating.
Bitget's behavioral analysis system marks suspicious patterns in real-time; Elliptic tracks multi-chain assets for forensic evidence; SlowMist's threat intelligence helps eliminate Asian phishing gangs.
This report integrates practical case studies, field research, and operational data from three parties to analyze the main causes of current asset losses and provide counter-strategies for users, regulators, and platforms.
Fraud methods continue to evolve, but defense mechanisms are also upgrading. This report elaborates on specific solutions.
3. Anatomy of Modern Cryptocurrency Fraud: The Top Ten Scams of 2024 - 2025
As blockchain technology becomes more widespread and cryptocurrency assets appreciate, scams are becoming increasingly complex, concealed, and sophisticated, exhibiting new characteristics of "high-tech disguise + psychological manipulation + on-chain inducement." Over the past two years, scammers have integrated AI, social engineering, and traditional fraud models to create a more deceptive and destructive fraud ecosystem. Among these, deepfakes, social engineering, and Ponzi variants are the most rampant.
3.1 Deepfakes: The Collapse of Trust Systems
The generative AI of 2024-2025 has spawned a new type of trust fraud: a scam based on trust utilizing deepfake technology. Attackers use AI synthesis tools to forge audio and video of well-known project founders, exchange executives, or community KOLs to mislead users. The forged materials often blur the line between real and fake ------ mimicking the target's facial expressions and voice, even generating videos with "official logos" in the background, making it difficult for ordinary users to discern authenticity. Typical scenarios include:
(1) Celebrity deepfake promotion of investments
Scammers easily "invite celebrities to endorse" using deepfake technology. Example: Singapore Prime Minister Lee Hsien Loong and Deputy Prime Minister Lawrence Wong were both featured in deepfake videos promoting a "government-backed cryptocurrency platform."
https://www.zaobao.com.sg/realtime/singapore/story20231229-1458809
Tesla CEO Elon Musk frequently appears in fake investment reward scams.
https://www.rmit.edu.au/news/factlab-meta/elon-musk-used-in-fake-ai-videos-to-promote-financial-scam
Such videos are widely disseminated through social media platforms like X/Facebook/Telegram, with scammers often disabling comments to create a false sense of "official authority," enticing users to click malicious links or invest in specific tokens. This attack method exploits users' inherent trust in "authoritative figures" or "official channels," making it highly deceptive.
(2) Bypassing identity verification
Scammers use AI to forge dynamic facial videos (which can respond to voice commands) combined with victims' photos to bypass identity verification systems of exchanges/wallet platforms, hijacking accounts to steal assets.
(3) Virtual identity investment scams
In 2024-2025, Hong Kong and Singapore police continuously dismantled multiple deepfake fraud groups. For instance, in early 2025, Hong Kong police arrested 31 suspects in a case involving HKD 34 million, with victims spread across Singapore, Japan, Malaysia, and other Asian countries and regions. Characteristics of the criminal organization include:
Recruiting media professionals to build rich virtual identities and backgrounds;
Creating numerous phishing groups on Telegram to approach targets with "high education, gentle, friendly personas";
Inducing users to invest in fake platforms through "friendship → guiding investment → withdrawal obstacles" narratives;
Forging chat records/customer service dialogues/profit screenshots to create a sense of authenticity and trustworthy illusion;
Inducing continuous recharges under the guise of "activating computing power" and "withdrawal review" (Ponzi structure).
https://user.guancha.cn/main/content?id=1367957
(4) Deepfake + Zoom phishing
Scammers impersonate Zoom to send forged meeting invitation links, tricking users into downloading "meeting software" containing Trojans. During the meeting, "participants" use deepfake videos to impersonate executives or technical experts, manipulating victims to click further, authorize, or transfer funds. Once the device is controlled, scammers begin to remotely control the device, stealing cloud data or private keys.
https://x.com/evilcos/status/1920008072568963213
From a technical standpoint, scammers use AI synthesis tools like Synthesia, ElevenLabs, and HeyGen to generate high-definition audio and video in minutes and disseminate them through platforms like X/Telegram/YouTube Shorts.
Deepfake technology has become a core component of AI-driven scams. The credibility of visual and auditory content has sharply declined in the AI era. Users must verify asset operation-related "authoritative information" through multiple channels to avoid blindly trusting "familiar faces or voices." Meanwhile, project teams should recognize the brand risks posed by AI forgery, establish a uniquely trustworthy information dissemination channel, or use on-chain signature broadcasting for identity verification to mechanistically resist forgery attacks.
3.2 Social Engineering Strategies: Exploiting Psychological Vulnerabilities
Complementing high-tech means are low-tech but highly effective social engineering attacks. Human nature is the weakest and most easily overlooked link, leading many users to underestimate the threats posed by social engineering. Scammers often manipulate user behavior through disguise, guidance, and intimidation, gradually achieving their fraudulent goals by exploiting users' psychological weaknesses.
(1) AI arbitrage bot scams
AI has become a hallmark technology for enhancing productivity, and scammers quickly seized this trend, packaging scams with the label "ChatGPT generated" (a phrase that sounds cutting-edge and credible) to lower user vigilance.
The scam typically begins with a detailed video tutorial. In the video, scammers claim that the code for the arbitrage bot was generated by ChatGPT, which can be deployed on blockchains like Ethereum to monitor new token releases and price fluctuations, conducting arbitrage through flash loans or price differences. They emphasize that "the bot will automatically complete all logical operations for you; you just need to wait for profits to be generated." This statement aligns perfectly with many users' preconceived notion that "artificial intelligence = easy money," further lowering their vigilance.
Scammers guide users to access a highly realistic Remix IDE interface (which is actually a fake page) using language that lowers the technical barrier. At first glance, the interface is indistinguishable from the real one. Users are asked to paste the so-called "contract code written by ChatGPT." After deployment, users are told to inject starting funds into the contract address as initial arbitrage capital, while scammers imply that "the more you invest, the higher the returns." After completing these steps and clicking the "start" button, what users await is not a continuous stream of arbitrage profits, but a total loss of funds. This is because the code they copied and pasted already contains the scam logic: once the contract is activated, the injected ETH is immediately transferred to the scammers' pre-set wallet address. In other words, the entire "arbitrage system" is essentially a beautifully packaged money-making tool.
SlowMist's analysis indicates that such scams employ a "broad net, small bait" strategy, resulting in individual user losses ranging from dozens to hundreds of dollars. Although the amount scammed from each user is relatively small, scammers can still achieve stable and considerable illegal profits by widely disseminating tutorials and enticing numerous users to fall for the trap. Since the amount lost by each victim is not large and the operation appears to be "self-completed" rather than a direct fraudulent transfer, most victims choose to remain silent and do not investigate further. Even more concerning is that these scams can easily rebrand and relaunch: scammers only need to change the bot's name or swap a few page templates to continue their fraudulent activities.
Other social engineering tactics include: job scam traps, fake interview programming tasks, phishing links in tweets/Telegram direct messages, similar address poisoning attacks, blocking the sale of "Pixiu" tokens, and fake staking platform rebate scams. These attacks continuously change their packaging forms through trust (private chat contact), greed (high return promises), or confusion (forged interfaces and chat records), leading to user fund losses in a concealed manner that encourages user cooperation.
3.3 Ponzi Schemes: Old Wine in New Bottles
The rapid development of the cryptocurrency ecosystem has not eliminated traditional Ponzi schemes, which continue to shadow it. They have undergone a "digital evolution" using on-chain tools, social viral growth, and AI-driven deepfakes to conduct their operations. These scams typically disguise themselves as DeFi/NFT/GameFi projects to raise funds, engage in liquidity mining, or stake platform tokens. The essence remains the Ponzi structure of "new money paying old debts," collapsing when cash flow breaks or operators abscond with funds.
The JPEX incident, which shook Hong Kong in 2023, is a typical case. The platform claimed to be a "global exchange," promoting its platform token JPC through offline advertisements and celebrity endorsements while promising "high stable returns," attracting a large number of users without regulatory approval or information disclosure. In September 2023, the Hong Kong Securities and Futures Commission marked the platform as "highly suspicious," and police arrested several individuals during "Operation Iron Gate." By the end of 2023, the case involved HKD 1.6 billion and over 2,600 victims, potentially becoming one of the largest financial fraud cases in Hong Kong's history.
Moreover, the typical patterns of on-chain Ponzi projects are continuously evolving. In 2024, blockchain analyst ZachXBT exposed a scam group deploying the Leaper Finance project on the Blast chain. This group had previously operated projects like Magnate, Kokomo, Solfire, and Lendora, stealing tens of millions of dollars. They forged identity verification documents and audit reports, pre-washed funds, and artificially inflated on-chain data to entice users to invest, quickly withdrawing liquidity once the TVL reached millions of dollars and absconding with the funds.
Even more shocking is that this group has repeatedly targeted multiple mainstream chains, including Base, Solana, Scroll, Optimism, Avalanche, and Ethereum, employing rapid "skin-changing and rebranding" scam methods.
For example, their lending project Zebra, deployed on the Base chain, once had a TVL exceeding $310,000; on Arbitrum, their Glori Finance project peaked at $1.4 million in TVL. Both projects are forks of Compound V2. These projects used funds extracted from other scams like Crolend, HashDAO, and HellHoundFi as seed capital, forming a closed-loop scam.
Compared to traditional Ponzi schemes, digital scams exhibit the following new characteristics:
More concealed technical disguises: Using open-source contracts/NFT packaging/on-chain data accumulation to create a false impression of "technological innovation," misleading users into believing these are legitimate and compliant DeFi products.
Complicated rebate structures: Concealing fund flows under the guise of "liquidity mining," "staking rewards," and "node dividends," while actually extracting funds through multiple layers and manipulating both internal and external markets.
Social viral propagation: Relying on WeChat groups/Telegram channels/KOL live broadcasts to drive user recruitment, forming a typical pyramid scheme propagation model.
Gamified interfaces and identity forgery: Many projects adopt game UIs and NFT project IPs to create a "youthful" and "legitimate" image. Some projects even combine AI face-swapping and deepfake technology to forge images or videos of project founders or endorsers, thereby enhancing credibility.
For instance, in February 2025, hackers hijacked Tanzanian billionaire Mohammed Dewji's X account, using deepfake videos to promote the fake token $Tanzania, raising $1.48 million within hours. Similar forgery techniques have been widely used to fabricate founder videos, create fake meeting screenshots, and forge team photos, making it increasingly difficult for victims to discern authenticity.
The following fraud red flag checklist summarizes core warning signs and simple preventive measures for users' reference.
How to Ensure Security: Remain vigilant against suspicious or unknown content ------ whether through LinkedIn, Telegram, or email; do not run unfamiliar code or install unknown files (especially under the pretext of job tests or application demonstrations); bookmark official websites; use browser plugins like Scam Sniffer; do not connect wallets to unknown links. Trust in the crypto world must be actively verified rather than passively given.
4. Strengthening Digital Defenses: Bitget's Multi-Layer Security Architecture
In the face of increasingly complex digital asset threats, Bitget has built a comprehensive security framework aimed at protecting every platform user. This section introduces strategic measures implemented in account protection, investment review, and asset protection.
1. Account Protection: Real-Time Interruption of Unauthorized Access
Bitget employs a complete set of real-time monitoring tools to detect and alert users to any abnormal activities. When logging in from a new device, users receive detailed email notifications, including anti-phishing codes, verification codes, login locations, IP addresses, and device details. This immediate feedback allows users to promptly identify and address unauthorized access.
To mitigate impulsive actions that may arise from scams, Bitget has established a dynamic cooling-off period. This mechanism is triggered by indicators such as abnormal login locations or suspicious transactions, temporarily disabling withdrawals for 1-24 hours to allow users to reassess and confirm whether account activity is normal.
Additionally, Bitget provides an official verification channel, enabling users to verify communication content and effectively prevent phishing attacks.
2. Investment Review: Strict Evaluation of Digital Assets
Bitget recognizes the surge of high-risk tokens in the crypto market, thus establishing a detailed due diligence process for asset listings, which includes comprehensive background checks on project teams, in-depth analysis of token economics, valuation and allocation assessments, and evaluations of community engagement.
To further ensure assessment accuracy, Bitget has implemented a dual-layer security audit system. Internal blockchain security engineers conduct thorough code reviews to identify vulnerabilities. At the same time, third-party authoritative institutions conduct re-evaluations to ensure thorough scrutiny.
Once assets are listed, Bitget's proprietary on-chain monitoring system continuously monitors transaction and contract interaction in real-time. This system is designed to adapt to new security threats, evolving and updating its threat models to respond swiftly to emerging risks.
3. Asset Protection: Comprehensive Protection of User Holdings
Bitget employs a dual wallet strategy, utilizing both hot and cold wallets to enhance security. Most digital assets are stored in offline, multi-signature cold wallets, significantly reducing the risk of cyberattacks.
Furthermore, Bitget has established a substantial protection fund exceeding $300 million to compensate users in the event of security incidents related to the platform.
For Bitget Wallet users, the platform additionally employs several security features, including phishing website alerts, built-in contract risk detection tools, and the innovative GetShield security engine. GetShield continuously scans decentralized applications, smart contracts, and websites to detect potential threats before user interactions.
Through this multi-layered security architecture, Bitget not only protects users' asset security but also enhances users' trust in its platform, setting a benchmark for security standards in the cryptocurrency exchange industry.
5. On-Chain Fraud Fund Tracking and Marking
The previous sections of this report introduced how scammers deceive cryptocurrency users through various means, including the use of deepfake technology. Scammers typically attempt to transfer illicit funds and ultimately convert them into fiat currency. These fund flows can be tracked ------ blockchain analysis tools are crucial in this process. Such tools are mainly divided into three categories: transaction monitoring, address screening, and investigation tools. This section focuses on how transaction monitoring tools detect and mark fraud-related funds, increasing the difficulty of utilizing illicit funds.
Transaction monitoring tools have been widely adopted by cryptocurrency exchanges like Bitget. These tools identify and mark potential risks by scanning incoming and outgoing transactions. Typical application scenarios include checking all user deposits to identify potential risks. Most normal user deposits are not marked as high risk, and funds are automatically processed and credited to user accounts in a timely manner; however, if the source of the deposit funds is from known scam addresses, the funds will be marked as high risk.
Let's take a look at a practical case of transaction monitoring. The image below shows the analysis of user deposits at a cryptocurrency exchange by the transaction monitoring tool. As shown, a user's deposit was identified as a transfer from an address associated with a "pig-butchering" investment scam.
The tool gives a maximum risk score of 10/10, triggering a manual review process ------ user funds will not be automatically credited, and the activity will be handed over to the compliance team for manual verification.
Advanced criminal organizations are well aware of transaction monitoring mechanisms and often employ specific on-chain operations to obscure (i.e., hide) the paths of funds. A typical method is "fund layering": transferring illicit funds through multiple intermediate addresses in an attempt to sever their connection to the source. Advanced transaction monitoring tools can penetrate infinitely layered intermediate addresses, accurately pinpointing the source of criminal funds. Criminal organizations are also increasingly using cross-chain bridges, which will be analyzed in the next section.
5.1 Cross-Chain Bridges
In recent years, various blockchains have been launched in the market. Users may be attracted to a particular blockchain because it hosts specific cryptocurrencies or decentralized applications or other services. Cross-chain bridges enable users to transfer value across chains almost in real-time. While ordinary blockchain users are the primary users of cross-chain bridges, scammers are increasingly exploiting them to transfer illicit funds. Scammers typically have the following motivations for using cross-chain bridges:
To obtain obfuscation opportunities: Specific obfuscation tools only support certain blockchains (e.g., most mixing websites only handle Bitcoin). Criminal organizations often cross-chain to target blockchains to use obfuscation services before transferring to other blockchains.
To increase tracking difficulty: Cross-chain transfers significantly complicate the tracking of funds. Even if investigators can manually track a single cross-chain action, repeated cross-chain operations will greatly delay the investigation process, and if the funds are split, the feasibility of investigators manually tracking all leads will also decrease (the following case shows that dedicated tools can achieve seamless cross-chain fund tracking).
Criminal organizations are aware that some automated transaction monitoring tools will cease tracking at cross-chain bridges. The upper part of the image below shows how such tools stop at cross-chain bridges when identifying illegal activities, causing exchanges to only see funds from bridging addresses without being able to trace the preceding paths. The lower part of the image shows the transaction monitoring tool used by Bitget, Elliptic, which automatically penetrates cross-chain bridges to fully restore the fund paths, exposing related illegal entities.
The following case study describes how illegal entities utilize a series of cross-chain bridges and blockchains to systematically and plannedly attempt to launder cryptocurrency, and how to identify this activity using certain tools.
Case Study: The screenshot of the Elliptic investigation tool below shows how a criminal organization uses cross-chain bridges to transfer funds across multiple blockchains and ultimately deposits the funds into a cryptocurrency service platform.
Funds are initiated from the Bitcoin chain (left), cross-chain to Ethereum, with Ethereum switching addresses for internal transfers, cross-chain to Arbitrum, then cross-chain to the Base chain, and finally deposited into a cryptocurrency service platform. The image also highlights two other instances with the same pattern. Although not fully displayed, the same tactics appeared more than a dozen times, reflecting the systematic nature of the laundering behavior.
The purpose of this behavior is twofold: to delay investigators' tracking speed or to cause interference; to prevent the receiving exchange from identifying the illegal source of the funds. However, blockchain investigation tools that support automated cross-chain bridge tracking can seamlessly restore the complete path. Transaction monitoring tools with cross-chain tracking capabilities (such as the Elliptic system used by Bitget) can automatically identify the connection between funds and criminal organizations.
5.2 How to Use Behavior and Patterns to Investigate Fraudulent Funds
The previous case relied on known illegal cryptocurrency address labels (such as pig-butchering addresses), which typically come from victim reports, law enforcement collaboration, and other multi-channel data collection. However, the expansion of fraud (coupled with low reporting rates from victims) makes it impossible to cover all addresses.
Therefore, some advanced transaction monitoring tools introduce behavioral detection as a supplementary defense line. By automatically analyzing behaviors and patterns, the system can infer whether a specific address is conducting on-chain operations consistent with fraud characteristics and mark related interactions for risk. Such behavioral analysis is usually performed by specialized behavioral detection models (some using machine learning techniques). As of now, Elliptic's behavioral detection can identify over 15 types of fraud (including pig-butchering, address poisoning, ice fishing attacks, etc.), and its detection capabilities are continuously expanding.
The example below demonstrates how behavioral detection can prevent users from transferring funds to scam addresses: in this example, there are three addresses associated with pig-butchering scams. The top and bottom addresses were identified and confirmed through victim reports. The address in the middle, although not reported, was marked by the behavioral detection model as a potential pig-butchering related address.
This address subsequently received a transfer from a cryptocurrency exchange. If the exchange had enabled behavioral detection alerts, the risk could have been identified before the transfer, thus preventing user fund losses. Ultimately, all three pig-butchering addresses funneled funds to the same address, which was later frozen by Tether officials and blacklisted. All USDT held by that address were frozen, further confirming the illegal nature of the funds involved.
Click here to learn how Bitget improved its risk interception rate by 99% after integrating Elliptic's blockchain analysis tools ------ this industry-leading tool supports over 50 blockchains and has automated cross-chain bridge tracking and behavioral detection capabilities.
6. Protection Recommendations and Best Practices
In the face of continuously evolving scam technologies, users need to establish clear self-protection awareness and technical identification capabilities. To this end, SlowMist proposes the following core anti-fraud recommendations:
(1) Enhance the ability to verify social media content
Never click on any links in the comments section or group chats ------ even if they appear "official." When performing key actions such as wallet binding, claiming airdrops, or staking, always verify through the project's official website or trusted community channels. It is recommended to install security plugins like Scam Sniffer to detect and intercept phishing links in real-time, reducing the risk of accidental clicks.
(2) Be wary of new risks introduced by AI tools
With the rapid development of large language model technology (LLM), various new AI tools have emerged. The Model Context Protocol (MCP) standard has become a key bridge connecting LLMs with external tools/data sources. However, the proliferation of MCP also brings new security challenges. SlowMist has published a series of MCP security research articles, recommending relevant project teams conduct self-checks and strengthen defenses in advance.
(3) Effectively use on-chain tools to identify risky addresses and Ponzi characteristics
For suspected runaway or fraudulent token projects, it is recommended to use anti-money laundering tracking tools like MistTrack to verify project-related address risks, or quickly assess using GoPlus token security detection tools. Combine with platforms like Etherscan/BscScan to check victim comment sections for warnings. Maintain a high level of vigilance towards high-yield projects ------ abnormally high returns often come with extremely high risks.
(4) Do not blindly trust "scale effects" and "success stories"
Scammers often create an atmosphere of huge profits through large Telegram groups, fake KOL endorsements, and forged profit screenshots. Generally, the credibility of a project should be verified through transparent channels such as GitHub code repositories, on-chain contract audits, and official announcements. Users need to cultivate the ability to independently verify information sources.
(5) Prevent social trust-based "file inducement" attacks
Increasingly, attackers are using platforms like Telegram, Discord, and LinkedIn to send malicious scripts disguised as job opportunities or technical test invitations, enticing users to operate high-risk files.
User protection guidelines:
Be wary of suspicious job or freelance invitations that require downloading/running code from platforms like GitHub. Always verify the sender's identity through the company's official website or email, and do not be easily swayed by "limited-time high-return tasks."
When handling external code, strictly review the project source and author background, and refuse to run unverified high-risk projects. It is recommended to execute suspicious code in a virtual machine or sandbox environment to isolate risks.
Exercise caution when handling files received from platforms like Telegram/Discord: disable automatic downloads, manually scan files, and be wary of script execution requests under the guise of "technical tests."
Enable multi-factor authentication and regularly change high-strength passwords to avoid cross-platform password reuse.
Do not click on meeting invitations or download links from unknown sources; develop the habit of verifying domain authenticity and confirming the source of official platforms.
Use hardware wallets or cold wallets to manage large assets, reducing the exposure of sensitive information on connected devices.
Regularly update operating systems and antivirus software to guard against new malicious programs and viruses.
If you suspect your device has been infected, immediately disconnect from the internet, transfer funds to a secure wallet, remove malicious programs, and reinstall the system if necessary to minimize losses.
Enterprise protection guidelines:
Regularly organize phishing attack and defense drills to train employees to recognize forged domains and suspicious requests.
Deploy email security gateways to intercept malicious attachments and continuously monitor code repositories to prevent sensitive information leaks.
Establish a phishing incident response mechanism that integrates technical defenses with employee awareness. This multi-layered strategy helps minimize the risks of data breaches and asset losses.
(6) Remember the "basic principles" of investment judgment
High return promises = high risk: Any platform claiming "stable high returns" or "capital preservation profits" should be regarded as high-risk.
Growth based on recruitment is a typical red flag: projects that set up recruitment rebate mechanisms or "team profit" tier structures can be preliminarily identified as pyramid schemes.
Use on-chain analysis tools to identify abnormal fund flows: platforms like MistTrack can track large abnormal fund movements and analyze team cash-out paths.
Verify audit institutions and team transparency: Be wary of "fake audit reports" provided by some projects or the formal endorsements of small auditing firms; users should confirm whether smart contracts have been audited by trusted third parties and whether reports are publicly available.
In summary, cryptocurrency scams in the AI era have evolved from simple "exploitation of technical vulnerabilities" to "technology + psychology" dual manipulation. Users must enhance their technical identification capabilities and strengthen psychological defenses:
Verify more, act less impulsively: Do not lower your guard due to "familiar faces, authoritative videos, or official backgrounds."
Question more, transfer less: Always delve into the underlying logic of asset operations, verify sources, and confirm safety.
Avoid greed, maintain skepticism: The more enticing a project's "capital preservation profit" promise, the more vigilant you should be.
It is recommended to read the book “The Dark Forest Self-Rescue Manual” by SlowMist founder Cos to master basic skills for on-chain anti-fraud and enhance self-protection. If theft occurs, users can seek assistance from the SlowMist team here.
Only by thoroughly understanding the mechanisms of fraud, enhancing information discernment, strengthening awareness of security tools, and standardizing operational habits can one safeguard asset security in the wave of risks in the tempting and perilous digital age. Security protection cannot be a one-time effort; it requires continuous attention. Building a complete cognitive system and basic defensive habits is the only beacon for steadily advancing and avoiding fraud traps in the digital age.
7. Conclusion: Future Path Planning
Five years ago, fraud prevention meant "do not click suspicious links"; today, it means "what you see is not necessarily real."
As AI-generated videos, fake recruitment processes, and tokenized Ponzi schemes turn trust into a means of harming users, the next phase of cryptocurrency security relies not only on intelligent technology but also on collective defense. Bitget, SlowMist, and Elliptic are building a joint defense network through shared threat intelligence, automated fund tracking, and cross-ecosystem risk marking.
The conclusion is clear: security cannot rely on isolated measures; it must build a networked, continuous, and user-centered system.
To this end, Bitget will vigorously promote three major directions:
AI Red Team Attack and Defense Drills: Simulating new scam methods to test system vulnerabilities.
Collaborative Compliance Data Network: Partnering with regulatory bodies and compliance partners to build an intelligence-sharing ecosystem.
Promoting Security Education: Empowering users with real-time threat awareness through the Anti-Scam Center.
Scammers continue to evolve, and we must also upgrade and iterate. In this industry, the most precious currency has never been Bitcoin, but trust.
To download the complete report, please click here.
Risk warning
Risk warning
