Sumsub’s latest report uncovers the growing threat of crypto fraud and tactics such as identity theft by crypto scammers.
In a recent crypto fraud case from South Korea, a popular financial YouTuber with 620,000 subscribers, known only as “Mr. A”, had been exposed as the mastermind behind a well-planned cryptocurrency scam. He engaged in identity fraud by impersonating officials from the Financial Supervisory Service, luring victims into fraudulent investments.
Between December 2021 and March 2023, the Youtuber and his team defrauded over 15,000 people of a total of 325.6 billion Korean won. Their scheme involved promoting investments in 28 cryptocurrencies, six of which they created and manipulated for profit. The operation targeted middle-aged and elderly individuals, leveraging personal phone numbers gathered from Mr. A’s YouTube channel to expand their scam.
Unfortunately, this high-profile case is only part of a growing trend, which is the use of identity fraud as a tactic in cryptocurrency schemes. According to the Sumsub Identity Fraud Report 2024, the crypto industry is among the top five most affected sectors, with a fraud rate of 2.2%. While digital assets become more popular as their prices rise, so does the method used by fraudsters, underscoring the critical need for vigilance and regulatory action.
What is Identity Fraud?
According to the Office of the Australian Information Commissioner (OAIC), identity fraud occurs when someone uses another individual’s personal information without consent, often to gain a benefit or engage in illegal activities. This might include opening bank accounts, obtaining credit cards, applying for passports, or conducting criminal operations.
Personal information can be stolen in several ways. A thief may access sensitive data from documents or glean details from public sources like social media. Profiles often reveal critical information such as dates of birth, family connections, and photographs, all of which can be pieced to forge an identity.
The cryptocurrency space is especially vulnerable to identity fraud, with scammers frequently impersonating trusted entities to exploit unsuspecting users. For example, a verified YouTube account was rebranded to impersonate SpaceX, broadcasting a livestream with a deepfake of Elon Musk soliciting for cryptocurrency deposits through a QR code.
The growing prevalence of artificial intelligence (AI) has made identity fraud even more sophisticated. The use of deepfakes is becoming common in crypto fraud to mimic high-profile individuals and reputable organisations. As these technologies evolve, they pose significant challenges for users and platforms alike when it comes to differentiating what is real, and what is not.
The Crypto Industry and Digital Fraud
In 2024, five primary types of fraud are shaping the identity fraud landscape.
1. Fake Documents
According to the report by Sumsub, fake documents account for 50% of all fraud attempts, with forged IDs, passports, and proof of address being the most commonly exploited.
This surge is due to the growing reliance on document verification systems and the increasing ease with which criminals can forge documents, aided by accessible technology. ID cards are the most frequently targeted, making up 70% of fraudulent activities involving identity documents.
2. Chargebacks
Fraudsters take advantage of loopholes in the chargeback process, disputing legitimate transactions to secure refunds. This type of fraud is both costly and difficult to prevent, especially for businesses with high transaction volumes, making it a persistent challenge for the crypto industry and beyond.
3. Account takeovers
Cybercriminals gain unauthorised access to users’ accounts, then use them for criminal activities such as theft or fraudulent transactions. The number of account takeover incidents surged by 155% in 2023, and is expected to rise further.
4. Deepfakes
By creating highly realistic manipulated images, crypto scammers often impersonate trusted individuals during verification processes. The deepfake problem extends beyond personal fraud, with significant impacts on electoral campaigns, high-profile scams, and corporate losses, such as the $25 million lost by Arup due to deepfake-related attacks.
5. Fraud Networks
These organised networks coordinate various fraud schemes, leveraging different tactics to exploit businesses and individuals. While less common, fraud networks can still cause substantial damage, particularly through large-scale operations.
AI and Digital Fraud
AI has significantly reshaped the landscape of digital fraud, making it easier and more accessible for criminals to execute sophisticated schemes. In 2024, it has become a tool widely available to cybercriminals, enabling the execution of complex and large-scale fraud operations at a fraction of the cost.
AI-powered tools are now commonly used to create deepfakes that impersonate trusted individuals during verification checks. These AI-generated images make it difficult to distinguish between legitimate and fraudulent actors. As the technology continues to advance, the quality of deepfakes is expected to improve further.
Fraudsters also use AI-driven bots to scrape personal data from social media, dark web marketplaces, and phishing campaigns to create new identities that can bypass traditional verification methods. This ability to generate synthetic identities makes it increasingly difficult for crypto exchanges and projects to authenticate users.
Moreover, AI algorithms are automating account takeovers by testing vast combinations of stolen credentials across multiple platforms. These bots exploit weak security systems and scale up attacks rapidly, making it harder for businesses to defend against unauthorised access.
Evolving Fraud Economics
Fraud services have become commoditised with the rise of Fraud as a Service (FaaS). FaaS allows fraudsters with minimal technical expertise to outsource key aspects of their fraudulent operations, using readily available tools and services to scale their schemes.
This includes purchasing phishing kits, malware, stolen credentials, and other fraud-related tools from dark web platforms. As a result, fraudsters can now execute sophisticated attacks with less effort, targeting larger volumes and operating more efficiently than ever before.
What’s worse is that these frauds are lucrative. A fraudster group with fifty browsers running continuously for one year would incur $12,000 in costs, but each fraud event could yield $300,000 in revenue, which could be multiplied by one hundred fraudulent attempts per year. This results in a potential fraud income of $2.5 million per month.
FaaS has undoubtedly lowered the barrier to entry for malicious actors, making fraud at scale more difficult to combat.
Fraud Prevention Strategy
To effectively combat digital fraud, companies need a comprehensive strategy that includes secure onboarding and a well-defined management plan. This strategy should incorporate AI-driven threat detection, along with proactive monitoring to stop fraud before it impacts operations.
1. AI vs Digital Fraud
AI can be used to detect threats with behavioural analytics to flag suspicious behaviour. However, fraudsters are increasingly exploiting AI by manipulating documents to confuse detection systems. To stay ahead, businesses may need to continuously train AI models to identify both overt fraud signs and subtle manipulative tactics for effective fraud detection.
2. Cyber-Fraud Fusion
Cybersecurity and fraud prevention teams need to collaborate and address the growing blend of cyber threats and fraud tactics. Traditional silos between these functions are now less effective, and a unified approach that integrates tools like API inspection and real-time behaviour mitigates threats more effectively across the entire customer journey.
3. Global Fraud Regulations
Global regulations are evolving to tackle digital fraud. The European Union’s AI Act, which came into effect in August this year, ensures transparency and cybersecurity for high-risk AI systems. Singapore has also introduced laws like the Elections (Integrity of Online Advertising) Bill and the Online Criminal Harms Act to combat deepfakes and scams. These regulations reflect a growing commitment to combat digital fraud worldwide.
What Does This Mean for Crypto Fraud in 2025?
The fraud landscape in 2025 may look something like this according to the report:
- AI-generated deception and increasingly complex fraud schemes, where AI will be used to create fake identity documents, synthetic voices, and chatbots that impersonate real users
- The use of stolen personal data will rise, with fraudsters exploiting genuine credentials to bypass security checks
- Money mules will remain a persistent threat as fraudsters hire individuals to help launder stolen funds
- Hybrid fraud attacks, combining AI-driven tactics like deepfakes with social engineering, will become more common
- The ongoing battle between AI-powered fraud and fraud prevention systems will escalate, and regional differences in fraud vulnerability will create more challenges for current regulatory frameworks
But bleak as this list may seem, the rise of complex crypto frauds could also speed up the development of countermeasures and AI regulations too. These include:
- Stronger government regulations to ensure security within the crypto space pushing for enhanced Know-Your-Customer (KYC) and Anti-Money Laundering (AML) protocols
- The investment and development of AI-driven fraud detection systems, with multi-layered security mechanisms to counter these threats
Crypto Fraud Is Going Up, but so Are Countermeasures
Should we be worried about crypto fraud becoming more prevalent? The answer is yes. As fraud tactics continue to evolve, powered by AI and other technological advancements, the risk of crypto fraud is set to increase.
However, blockchain technology is also playing a key role in combating these threats. While blockchain’s transparency and immutability offer strong defences against fraud, its integration into anti-fraud solutions is still evolving.
During our roundtable discussion with Sumsub, the team acknowledged that current limitations in blockchain technology presents challenges to fully realising its potential in combating crypto fraud. Nevertheless, there is potential for the decentralisation of identity verification and fraud prevention.
Looking ahead, the future of crypto fraud prevention may lie in the integration of artificial intelligence (AI) and Web3 technologies, particularly blockchain-based identity verification systems.
By leveraging both AI’s capabilities in detecting patterns and blockchain’s decentralised nature for verifying identities, novel solutions could arise which would pave the way for a more secure and trustworthy digital economy.
Stay updated on the crypto space by following our socials below! 👇
