Common Types of Social Engineering Targeting Crypto Users

Major blockchains has rarely been hacked thanks to their security measures. The private keys, the wallets, the people behind them — that's where the losses usually happen. According to AMLBot, 65% of investigated crypto theft cases in 2025 involved social engineering — manipulation rather than technical exploits. Total crypto fraud reached an estimated $17 billion that year, according to Chainalysis. Understanding the tactics attackers use is the first step to not becoming part of that number.

Why Crypto Users Are a Prime Target

Social engineering works by exploiting trust, urgency, and fear rather than code. Crypto users face three compounding vulnerabilities that make these attacks especially effective:

Irreversibility. Blockchain transactions cannot be reversed. There is no fraud department, no chargeback, no 30-day window to dispute a transfer. The moment funds leave, they're gone.

Pseudonymity. Wallets are visible on-chain but not inherently tied to identities — which means both the attacker (hard to trace) and the target (hard to warn) operate with limited friction.

Blockchain transparency. Anyone can look up a wallet address on blockchain explorer and see its balance, transaction history, and DeFi activity. Attackers use this to identify targets and craft personalized attacks before making contact.

1. Phishing

Phishing is the most widespread form of crypto social engineering. Attackers create fake versions of legitimate platforms — exchanges, wallets, DeFi protocols — and drive users there via search ads, sponsored social posts, or email. The goal is either to steal login credentials or to prompt the user to sign a malicious transaction.

Crypto phishing has evolved beyond generic email blasts. Modern attacks are:

• Wallet-targeted: A fake dApp that mimics a legitimate protocol's UI and requests an approval transaction that drains the connected wallet
• Domain-spoofed: Near-identical URLs (e.g., coin98-wallet.io instead of coin98.com) designed to look authentic in a hurry
• Search-ad delivered: Malicious ads that appear above legitimate search results for popular wallets or DeFi tools

Q1 2026 saw $306 million in Web3 losses attributable to phishing, according to Hacken. AI phishing emails now evade spam filters in 68% of attempts, according to DeepStrike, making volume-based defenses less reliable.

2. Impersonation Scams

Impersonation attacks have become one of the fastest-growing threat categories in crypto. Chainalysis reported a 1,400% year-over-year increase in impersonation scam clusters, with the average payment severity rising over 600%.

Attackers impersonate:

• Exchange or wallet support agents on Telegram, Discord, or X — responding to public complaints or proactively DMing users
• Project team members — fake community managers, developers, or founders who offer "help" with transactions or wallets
• Influencers or celebrities — fake accounts promoting giveaways ("send 0.1 ETH, receive 0.5 ETH back")

The scale is significant: blockchain investigator ZachXBT tracked $65 million stolen from Coinbase users through impersonation-based social engineering in a two-month window between December 2024 and January 2025. Broader estimates for Coinbase impersonation losses throughout 2025 range into the hundreds of millions.

The defining feature of impersonation attacks is manufactured credibility — the attacker's account looks legitimate, the language sounds professional, and the scenario (a support issue, a special offer) feels plausible. The most reliable defense: legitimate support teams never initiate contact via DM.

3. SIM Swap Attacks

A SIM swap transfers a victim's phone number to a SIM card under the attacker's control by social engineering the victim's mobile carrier — typically by impersonating the account holder using personally identifiable information gathered from data leaks or social media.

Once the phone number is hijacked, the attacker receives all SMS two-factor authentication codes, enabling access to exchanges, email accounts, and any service tied to that number. SIM-swapping attacks on crypto holders caused an estimated $410 million in losses in 2025, according to CoinLaw.

The practical fix is replacing SMS-based two-factor authentication with an authenticator app on all crypto-related accounts. Phone numbers are one of the weakest authentication factors available and should not be the last line of defense.

4. Pig Butchering (Romance / Investment Scams)

Pig butchering is a long-form scam in which attackers build a relationship with the target over weeks or months — through dating apps, social platforms, or "wrong number" text messages — before introducing a lucrative investment opportunity.

The term comes from the practice of "fattening the pig before slaughter." The victim is gradually persuaded to deposit increasing amounts into a fake trading platform that shows fabricated returns. When the victim tries to withdraw, they're told to pay fees, taxes, or verification costs. The platform eventually disappears.

Investment scams — pig butchering being the dominant variant — accounted for approximately $7.2 billion of total 2025 crypto fraud losses, the single largest category, according to CoinLaw. The emotional manipulation involved makes these attacks particularly damaging; many victims are reluctant to report them.

5. AI-Enabled Scams

Artificial intelligence has significantly raised the ceiling on what social engineering attacks can achieve. Key capabilities now available to attackers:

• Voice cloning: A short audio sample is enough to generate a convincing clone of a known person's voice — used to impersonate executives, founders, or support staff
• Deepfake video: Synthetic video of public figures endorsing fake investments — AI firm Sensity found that Elon Musk is the most commonly impersonated public figure in deepfake crypto scams globally
• Personalized outreach at scale: AI agents can generate hundreds of tailored phishing messages per hour, referencing specific wallets, recent transactions, or public social posts

Operations linked to AI tools generated approximately $3.2 million per operation in 2025, compared to $719,000 per operation for non-AI scams, according to Chainalysis — roughly 4x the yield per campaign. The FBI logged 22,364 complaints related to AI-assisted crypto fraud, totaling approximately $893 million in reported losses.

6. Airdrop and Giveaway Scams

Attackers send small amounts of tokens or NFTs — often with malicious URLs embedded in the token's name or metadata — to a large number of wallets. When the recipient tries to claim, trade, or interact with the token, they're directed to a fake site or prompted to sign a transaction that grants the attacker access to their wallet.

This technique (sometimes called a "dusting attack") can also be used to identify high-value wallets via on-chain data, which then become targets for follow-up phishing or impersonation attacks. The on-chain visibility of holdings makes wallet owners a pre-profiled target pool.

The standard guidance: never interact with tokens you didn't request, and verify any airdrop claim through the project's official channels before connecting your wallet.

How Coin98 Wallet Helps

Coin98 Super Wallet includes features designed to reduce social engineering exposure. The built-in Wallet Approval tool lets users scan and revoke token permissions granted to smart contracts — removing the standing access that approval-based phishing relies on. The wallet's DApp browser lets users interact directly with verified protocols without navigating to URLs manually, which reduces exposure to domain-spoofing attacks.

For high-value holdings, separating assets across wallets by purpose is a reasonable practice: a cold storage address that never interacts with dApps, a trading wallet for active use, and a separate address for new protocol testing.

FAQ

What is social engineering in crypto?
Social engineering in crypto refers to attacks that manipulate people — rather than exploiting code — into revealing private keys, signing malicious transactions, or transferring funds to attackers. It includes phishing, impersonation, SIM swapping, romance scams, and AI-enabled tactics.

Why are crypto users targeted more than traditional finance users?
Blockchain transactions are irreversible, wallets are pseudonymous, and on-chain data is public. These features that make crypto decentralized also make it harder to recover funds and easier for attackers to identify targets and disappear after a theft.

What is pig butchering in crypto?
Pig butchering is a long-form investment fraud where attackers cultivate a relationship with the victim before introducing a fake trading platform. Returns appear real until the victim attempts to withdraw — at which point the platform imposes impossible conditions or disappears entirely.

How do I know if a support account is real?
Legitimate support for crypto wallets and exchanges never initiates contact via DM. If someone reaches out offering help unsolicited — regardless of how official their account looks — treat it as an impersonation attempt. Contact official support through the product's verified website or app only.

Can AI-generated deepfakes be detected?
Detection is increasingly difficult and unreliable as the technology improves. A more practical defense is skepticism: independently verify investment opportunities and urgent requests through official channels, regardless of how convincing the source appears.

Conclusion

Social engineering accounted for the majority of crypto losses in 2025 not because blockchain security is weak, but because human psychology is a consistent target. Recognizing the six main attack types — phishing, impersonation, SIM swapping, pig butchering, AI-enabled scams, and airdrop traps — is the foundation of any practical defense. Pair that awareness with good hygiene: authenticator apps instead of SMS, verified official channels for any support contact, and tools like Coin98 Wallet Approval to manage standing permissions.