
Chainalysis reports $14B in on-chain scams for 2025. Approval phishing losses per victim surged 253%. AI-enhanced scams 4.5x more lucrative. Operations Spincaster and Atlantic froze millions in proceeds.
Scammers drained at least $14 billion from crypto users through approval phishing and other on-chain scams in 2025, Chainalysis reported. The blockchain analytics firm said the total could reach $17 billion as more addresses are linked to illicit activity. Average losses per victim jumped 253% compared to the prior year, while operations enhanced by artificial intelligence proved 4.5 times more lucrative.
Approval phishing works by tricking a user into signing a smart-contract approval transaction. Once that approval is granted, the attacker can spend the victim's tokens at any time – immediately or after waiting for more deposits. Chainalysis described the social engineering behind it as elaborate. Fraudsters pose as financial mentors or romantic partners, building trust over weeks. They coach victims to move assets off regulated exchanges into self-custodied wallets, then pressure them into approving a routine-looking action like a trade or a small transfer. The approval gives the scammer unlimited access to the wallet's tokens.
Blockchain transactions cannot be reversed, Chainalysis noted, which makes prevention the only line of defense. The firm said tracking these schemes is feasible because criminals reuse infrastructure. The same consolidation wallets, spender contracts, and exit addresses appear across multiple victims, enabling automated detection.
Law enforcement and private-sector collaborations have scaled up responses. Operation Spincaster in 2024 processed thousands of leads and addressed $162 million in potential losses, Chainalysis said. In some cases, approvals were revoked before the final drain. Operation Atlantic, a joint effort by the UK, US and Canada, identified over 20,000 affected users, froze more than $12 million in proceeds, and traced an additional $45 million linked to related frauds.
Chainalysis recommended that crypto platforms integrate detection earlier in their monitoring systems rather than relying solely on victim reports. Cross-sector information sharing between banks and crypto exchanges can strengthen defenses. For individual users, the firm advised verifying URLs before connecting a wallet, downloading applications only from official sources, and pausing when a stranger pressures quick action on a transaction.
By leveraging the pattern of infrastructure reuse, Chainalysis said the crypto ecosystem can shift from reactive investigations to proactive disruption. The firm added that more coordinated efforts are turning isolated signals into broader network exposures.
Prepared with AlphaScala editorial tooling from the source reporting linked above. Indexable analysis may include a cited Alpha Score value. Publishing checks screen each story before release. Educational coverage, not personalized advice.