Human Error Overtakes Technical Flaws in Crypto Crime

Social engineering has emerged as the leading cause behind crypto-related losses, overtaking smart contract bugs and protocol exploits. According to a new report from blockchain analytics firm AMLBot, nearly two-thirds of the crypto incidents it investigated in 2025 stemmed from scams that targeted people rather than technology.

Based on around 2,500 internal investigations conducted over the year, the company found that 65 percent of cases involved access and response failures. These included compromised devices, weak identity checks, delayed detection, and users being manipulated into giving away sensitive information. AMLBot cautioned that its findings reflect only its own casework and should not be treated as a complete picture of the global crypto crime landscape.

The results underline a growing concern across the industry that even well-secured blockchain systems remain vulnerable when attackers bypass safeguards by exploiting trust, urgency, and human behavior.

Common Tactics Used by Scammers

The report shows that most attacks did not involve breaking code or exploiting blockchain infrastructure. Instead, scammers relied on familiar but effective methods such as phishing links, fake investment opportunities, and impersonation through messaging apps and social platforms.

Crypto phishing, one of the most common schemes identified, does not require technical hacking. Attackers lure victims into clicking fraudulent links or interacting with fake websites that appear legitimate. Once trust is established, victims are tricked into sharing private keys, recovery phrases, or approving malicious transactions, giving scammers full control over their wallets.

Device compromise was another frequent entry point. In many cases, users unknowingly installed malicious software after engaging with scammers through chat-based schemes. These compromises allowed attackers to monitor activity or directly access wallets without triggering immediate alarms.

Investment and Phishing Scams Dominate Case Numbers

Investment scams made up the largest share of AMLBot’s investigations, accounting for 25 percent of cases. These scams typically involved promises of guaranteed returns, insider access, or exclusive opportunities, often backed by fake credentials or fabricated success stories.

Phishing attacks followed closely at 18 percent, while device compromises accounted for 13 percent. Together, these categories represented the most frequent and damaging types of attacks by volume.

A second tier of scams included pig butchering schemes at 8 percent, over-the-counter fraud at 8 percent, and chat-based impersonation at 7 percent. While smaller in number, these scams often involved higher individual losses and longer periods of manipulation before victims realized what had happened.

Impersonation Drives Recent High-Value Losses

Among all social engineering tactics, impersonation stood out as the most financially damaging. AMLBot traced at least $9 million in stolen digital assets over the past three months to impersonation-related scams alone.

Attackers frequently posed as trusted figures such as exchange support staff, project managers, investment partners, or company representatives. By mimicking official communication styles and using lookalike accounts, scammers were able to convince victims that their requests were legitimate.

Slava Demchuk, CEO of AMLBot and Slava Demchuk, said attackers continue to rely on deception rather than technical sophistication. He warned that scammers often create a sense of urgency to pressure victims into making quick decisions. Requests for immediate fund transfers or wallet access are usually the first step in these schemes, he said.

Demchuk urged users never to share private keys or recovery phrases and to pause whenever a message demands urgent action involving funds or account security.

January Spike Highlights Scale of the Threat

The broader crypto security landscape also reflected a surge in scam activity at the start of the year. According to data from crypto security firm CertiK, scammers stole $370 million in January alone, marking the highest monthly loss in 11 months.

Phishing scams accounted for $311 million of that total. One particularly severe social engineering attack resulted in a single victim losing approximately $284 million, highlighting how devastating these schemes can be when they succeed.

The figures reinforce AMLBot’s conclusion that improving protocol-level security is not enough on its own. As long as attackers can manipulate users directly, crypto investors remain exposed to significant risk.

Security Depends on Awareness, Not Just Code

AMLBot’s findings suggest the next phase of crypto security must focus more on user education, faster response systems, and better verification processes. While blockchains may be resistant to direct attacks, the people using them often are not.

As scammers continue refining their psychological tactics, the industry faces a challenge that technology alone cannot solve. For investors, vigilance, skepticism, and patience remain some of the strongest defenses against social engineering driven crypto crime.