Annual crypto crime has grown by an average of 25 percent in recent years and may have surpassed $51 billion last year, according to some estimates. Organised scammers use advanced technology and social engineering, such as romance or investment schemes, to manipulate victims across borders. This typically involves using AI-generated profiles, encrypted messaging, and obscured blockchain transactions to hide and move stolen funds.
The largest-ever US crypto scam was of $225 million involving theft of crypto currencies from more than 400 victims. In a scheme known as "pig butchering", the criminals used high-tech tools and old-fashioned emotional manipulation, including AI-generated audio or videos to impersonate CEOs, managers, or even family members in distress.
American federal agents used blockchain analysis and machine learning to track thousands of wallets used by the scammers. But it was a rare win, since the authorities must often play catch-up in a fast-changing digital world where criminals are outpacing enforcement by adapting ever faster. The tools used by the criminals range from laundering money through crypto and AI-enabled impersonation to producing deepfake content, encrypted apps, and decentralised exchanges.
It's not that bad actors have forsaken traditional finance ̶ money laundering still relies on banks, informal money changers, and cash couriers. But the old ways are being supercharged by technologies to thwart detection and disruption. Encrypted messaging apps, stablecoins, and regulated virtual asset platforms can hide bribes and embezzled funds. Bots deceive banks and evade outdated controls.
Of course, fraud has existed as long as human greed. Most scammers thrive on exploiting the fears and hopes of vulnerable and uninformed users. Victims can be tricked into believing that their loved ones ̶ impersonated through AI videos ̶ are in danger in some foreign country, or that they can be cured of some rare disease by a famous specialist - also impersonated. Others can be convinced to make an investment that will "surely" pay much more than their own stingy bank will pay.
But today, the scammers also impersonate bosses who give their subordinates instructions to move funds between bank accounts or to make fake payments or leak sensitive data, and the workers carry out their duty and do so. Over 105,000 such deepfake attacks were recorded in the US in 2024, costing more than US$200 million in the first quarter of 2025 alone. Victims often cannot distinguish synthetic voices or faces from real ones.
A Maltese retired medical professional admitted to a local newspaper that he paid almost €5,000 to a woman he met on Facebook. The 60-year-old academic got involved with the 'Syrian-Turkish woman' after she shared a post on social media, claiming she was in a refugee camp in Syria with her son and needed help to leave.
After first offering to help, the doctor soon became romantically involved. And even though he never spoke to the woman in a voice or video call, he was willing to take the risk for love. "If you're desperate, you fall for it," the doctor is reported to have said. Though he admitted he wasn't a very social person, Facebook offered him an opportunity to meet people and connect. He really wished to find someone and get married again.
In another case in Malta, a woman lost over €75,000 to a romance scam. A divorcee in her early 60s, she gave away her life savings when she fell for what she thought was the man of her dreams. Though she was too ashamed to show her face in an interview, she was willing to share her story, "to stop other women from going through this."
Some weeks ago, a 44-year-old Learning Support Educator from Ħaż-Żebbuġ was convicted of money laundering and receiving proceeds of crime after transferring thousands of euros linked to an international romance scam targeting an elderly woman. The 70-year-old woman was tricked into sending €38,650 to various bank accounts by a man posing as an American doctor stationed in Yemen. The victim believed she was helping him travel to Malta for both romantic and humanitarian reasons.
Romance scams have been on the increase in Malta. Over the past five years, the police received 37 reports of romance scams in which victims were defrauded of just under €1 million between them. According to the police, between 2019 and September 2023, the total losses incurred by some 37 victims were €911,000, ranging between €168 to €550,000. Only 11 of the 37 alleged scammers were charged in court.
Fraudsters with voice-cloning and fake-document generators bypass the verification protocols used by many banks and regulators. Victims are tricked into clicking links in phishing and smishing emails or text messages, leading to malware downloads, credential theft, or ransomware attacks.
Tech support scams often start with pop-ups on computer screens that warn of viruses or identity theft, urging users to call a number. Sometimes they begin with a direct cold call to the victim. Once the victim is on a call with the fake tech support, the scammers convince victims to grant remote access to their supposedly compromised computers. Once inside, scammers install malware, steal data, demand payment, or all three. Fake websites and listings are another current type of scam. Fraudulent sites impersonating universities or ticket sellers trick victims into paying for fake admissions, concerts, or goods.
Scamming innovation is growing even as compliance systems lag. While many governments recognise the threats, their responses are rather fragmented and uneven. For example, some are still to implement the Financial Action Task Force's (FATF's) "travel rule" to better identify those sending and receiving money across borders (Malta did it last December)..
Meanwhile, international financial flows are increasingly complicated by instant transfers, with most payments still going through multiple intermediaries, often layering cross-border transactions through antiquated correspondent banks that obscure and delay transactions while raising costs. This helps criminals exploit oversight gaps, jurisdictional coordination, and technological capacity to operate across borders, often undetected.
Several countries, with IMF guidance, are investing in machine learning to detect anomalies in cross-border financial flows, and others are tightening regulation of virtual asset service providers. Governments are investing in their own capacity to trace crypto transfers, and blockchain analytics firms are often employed to do that.
Governments must keep up. That means investing in regulatory technology, such as AI-powered transaction monitoring and blockchain analysis, and giving agencies tools and expertise to detect complex crypto schemes and synthetic identity fraud. Institutions must keep pace with criminals by hiring and retaining expert data scientists and financial crime specialists. Virtual assets must be brought under AML/CFT regulation, public-private partnerships should codevelop tools to spot emerging risks, and global standards from the FATF and the Financial Stability Board must be backed by national investments in effective AML/CFT frameworks.
What are the minimum precautions people can take? Technology has changed, but the basic principles remain the same: Never click on suspicious links or download attachments from unknown senders, and enter personal information only if you are sure that the website is legitimate. Avoid using third-party apps or links. Legitimate businesses have apps or real websites of their own.
Enable two-factor authentication wherever possible (receiving a code on your mobile before entering any site). It provides security against stolen passwords. Keep software updated to patch security holes ̶ if you haven't enabled automatic updates, do this before you go to sleep. Remember that a legitimate business will never ask for personal information or a money transfer. Such requests are a red flag.
For further guidance see:
https://www.takefive-stopfraud.org.uk/type-dont-tap/
https://socialsecurity.gov.mt/en/how-to-protect-yourself-from-phone-and-email-scams/