AMLBot found that social engineering accounted for 65% of all crypto incidents the company investigated in 2025. The results of the blockchain analytics and compliance platform, based on about 2,500 internal cases, show that human manipulation, not code flaws, is now the main way attackers target those who own digital assets.
AMLBot’s Investigation Scope
The company’s analysts reviewed many reported and discovered events that occurred during the year. Their research found that around two-thirds of the issues were caused by access-control issues and user behavior, not by breaking blockchain protocols or smart contracts. Compromised devices, inadequate verification processes, and delayed detection let attackers triumph when technical exploits failed.
A Breakdown of The Different Types of Attacks
Investment scams were the most common type of fraud, making up 25% of all cases. Phishing attacks ranked second at 18%, and device breaches ranked third at 13%. Pig-butchering scams accounted for 8% of the total, over-the-counter fraud for another 8%, and chat-based impersonation for 7%.
These numbers show how fraudsters used psychological pressure, fake links, and fake identities to get private keys and wallet credentials.
A Big Effect on Finances
The economic damage has been huge. In the last three months, AMLBot has linked at least $9 million in stolen digital assets to schemes that use impersonation. January was the worst month for crypto scams, with losses totalling $370 million, the biggest amount in 11 months. Phishing attacks were responsible for $311 million of that amount. One social engineering attack cost a single victim over $284 million.
Expert Opinion
Slava Demchuk, the CEO of AMLBot, talked about the trend in very clear terms. “Attackers keep using and tricking victims in a cruel game of charades, pretending to be trusted people. “Sometimes they’re exchange support teams, investment partners, project managers, or reps,” he said. Demchuk said that impersonation is one of the most harmful types of social engineering.
Recommendations for Crypto Users
Demchuk said people should adjust their behaviour immediately to limit their exposure. Investors should never give out their private keys or recovery phrases, and they should be very suspicious of any urgent requests for financial transfers or wallet access. These requests are often the first step in social engineering schemes.
The paper says that while protocol-level security improvements are vital, they can’t entirely protect consumers when scammers go around technology and go after people directly. To stay safe, you need to be more careful, get into the habit of verifying things more often, and use platform-level safeguards against impersonation.
As 2025 comes to an end, AMLBot’s data is a clear warning: in the crypto world, the person with the keys is typically the weakest link. The best way to protect yourself against an enemy that exploits human error is to be more vigilant and follow strict security protocols.
