Scams

On Dec. 27, CEO Brian Armstrong said Coinbase is working with Hyderabad Police in India after the arrest of a former customer support agent linked to an insider bribery and data theft scheme. Public filings show the breach was discovered in May 2025, ultimately affecting 69,461 people and leading Coinbase to recognize $355 million in related costs across Q2 and Q3 2025.

On December 28, 2025, Kaspersky's SecureList reported that stolen crypto accounts listed on dark-web markets fetch an average of $105, with individual prices ranging from $60 to $400. The data is harvested by phishing kits, exfiltrated via email, Telegram bots, or admin panels, and then monetized immediately or routed into broader resale pipelines.

On December 28, DeBot disclosed a wallet security breach involving compromised private keys and about $255,000 in unauthorized transfers. The team says it will fully compensate affected users, is monitoring impacted accounts, and warns against fake claim forms. Community responses urged moving funds to secure addresses as the attacker consolidates stolen assets.

On December 26, 2025, Coinbase CEO Brian Armstrong said a former customer service agent in India was arrested over a May 2025 data breach linked to a $20 million ransom demand. Remediation could reach $400 million, and the incident did not compromise cryptocurrencies or customer funds.

On December 27, 2025, Pakistani authorities said they dismantled a $60 million international crypto fraud network and arrested more than 34 suspects. The NCCIA targeted schemes promoted on social media that routed proceeds through bank accounts before conversion to digital assets. The action coincides with PVARA's licensing rollout, including NOCs for Binance and HTX.

SAX LLP, an accounting and advisory firm, says an unauthorized party accessed parts of its network, potentially affecting about 228,876 individuals and exposing names, Social Security numbers, dates of birth and certain financial details. Reported on December 27, 2025, regulators warned the incident could heighten risks of identity theft and financial fraud.

Since December 24, Grubhub users have received fraudulent emails from the b.grubhub.com subdomain promising to 10x any Bitcoin sent to a listed wallet. A Grubhub spokesperson called the issue isolated and under investigation, while the FBI recently warned of heightened holiday scams, including non-delivery and non-payment schemes.

Crypto exploit losses tied to TVL in 2025 have exceeded $2.53 billion, with social engineering responsible for 55.3% ($1.39 billion), according to Sentora. Chainalysis estimates $2.7–$3.4 billion was stolen across all theft categories this year, including $2.02 billion linked to DPRK-affiliated groups and an estimated $1.4 billion taken from Bybit.

On December 22, 2025, 18 US House lawmakers pressed the IRS to revisit staking reward taxation, while the Federal Reserve sought public comment on a new limited-use "payment account" with a 45-day window. On December 23, 2025, the SEC charged alleged fake crypto platforms and AI clubs over a $14 million retail fraud, and Arizona lawmakers advanced crypto tax exemption bills.

On Christmas Day, a coordinated exploit against Trust Wallet's browser extension version 2.68 led to around $7 million in user losses, with the company urging an urgent upgrade to version 2.89. Security researchers said the backdoor was prepared from early December, while Binance co-founder Changpeng Zhao pledged that affected users would be fully compensated. The incident has intensified debate over wallet security and potential insider involvement across the crypto industry.