Scams

The US Department of Justice, FBI, and Secret Service formed the Scam Center Strike Force on November 12, 2025, to target cryptocurrency fraud operations linked to Chinese transnational crime groups. The initiative addresses investment scams that defraud Americans of billions annually through fake crypto platforms, according to US Attorney Jeanine Ferris Pirro. Federal authorities have seized over $401 million in cryptocurrency assets to date.

Decentralized exchange Hyperliquid halted deposits and withdrawals on November 12, 2025, after a trader's leveraged positions on memecoin POPCAT triggered approximately $25 million in liquidations across 19 wallets. The platform's liquidity vault absorbed roughly $5 million in bad debt. The incident marked the second major manipulation event on the exchange in 2025.

Chinese officials have questioned potential U.S. involvement in a December 29, 2020 hack of the LuBian mining pool that resulted in the theft of 127,272 BTC, valued at approximately $3.5 billion at the time. The U.S. Department of Justice announced in October 2025 it had seized approximately 127,000 BTC and charged Chen Zhi, owner of Cambodia's Prince Group, in connection with the incident. The stolen cryptocurrency had remained inactive for nearly four years before the seizure.

China's National Computer Virus Emergency Response Center accused the United States of taking control of 127,272 Bitcoins stolen from the LuBian mining pool in December 2020. The coins, worth approximately $13 billion at current prices, were allegedly seized by U.S. authorities in 2024 after remaining dormant for four years, according to the Chinese agency's Sunday report.

Argentine federal authorities have frozen over $507,000 in assets as part of an investigation into the LIBRA meme coin scandal. The probe examines alleged connections between the token's collapse and individuals linked to President Javier Milei. Investigators estimate investor losses between $100 million and $120 million.

A prominent Polymarket trader has issued a warning about a phishing operation targeting users through the platform's comment sections. The scheme has reportedly stolen more than $500,000 by using fraudulent private market links to capture login credentials and deploy malicious scripts on victims' devices. The attackers purchase both Yes and No shares to ensure their comments remain visible, then post obfuscated URLs leading to fake sites that mimic Polymarket's interface.

Cybersecurity firm Koi Security has identified a sophisticated malware campaign targeting Visual Studio Code extensions that steals credentials for GitHub, Open VSX, and cryptocurrency wallets. The malware uses invisible Unicode characters to evade detection and leverages the Solana blockchain as its command-and-control infrastructure. Seven extensions were reinfected on October 17, accumulating 35,800 downloads, with ten infected extensions remaining publicly available.

Spanish crypto influencer Álvaro Romillo, known as CryptoSpain, was arrested Thursday and ordered held without bail on charges of orchestrating a $300 million fraud through Madeira Invest Club. Prosecutors allege Romillo defrauded approximately 3,000 investors of €260 million through a Ponzi scheme. A Singapore bank account containing €29 million linked to entities connected to Romillo raised flight risk concerns, prompting the detention order.

U.S. District Judge Jessica Clarke declared a mistrial on November 7, 2025, in the first criminal prosecution targeting maximal extractable value (MEV) manipulation on Ethereum. Brothers Anton and James Peraire-Bueno faced charges of exploiting the network's validator layer to steal $25 million. After three days of deliberation, the jury remained deadlocked and could not reach a unanimous verdict.

Elixir has permanently closed its deUSD stablecoin after Stream Finance, which controlled nearly 90% of deUSD's circulating supply, reported a $93 million loss. The stablecoin lost its dollar peg and fell to $0.09. Elixir processed approximately 80% of redemption requests at a 1:1 ratio and warned users not to purchase deUSD.