Postmortems can’t stop AI-powered crypto fraud

Opinion by: Danor Cohen, co-founder and chief technology officer of Kerberus

In 2025, crypto risk is a torrent. AI is turbocharging scams. Deepfake pitches, voice clones, synthetic support agents — all of these are no longer fringe tools but frontline weapons. Last year, crypto scams likely hit a record high. Crypto fraud revenues reached at least $9.9 billion, partly driven by generative AI-enabled methods.

Meanwhile, in 2025, more than $2.17 billion has been stolen — and that’s just in the first half of the year. Personal-wallet compromises now account for nearly 23% of stolen-fund cases.

Still, the industry essentially responds with the same stale toolkit: audits, blacklists, reimbursement promises, user awareness drives and post-incident write-ups. These are reactive, slow and ill-suited for a threat that evolves at machine speed.

AI is crypto’s alarm bell. It’s telling us just how vulnerable the current structure is. Unless we shift from patchwork reaction to baked-in resilience, we risk a collapse not in price, but in trust.

AI has reshaped the battlefield

Scams involving deepfakes and synthetic identities have stepped from novelty headlines to mainstream tactics. Generative AI is being used to scale lures, clone voices and trick users into sending funds.

The most significant shift isn’t simply a matter of scale. It’s the speed and personalization of deception. Attackers can now replicate trusted environments or people almost instantly. The shift toward real-time defense must also quicken — not just as a feature but as a vital part of infrastructure.

Outside of the crypto sector, regulators and financial authorities are waking up. The Monetary Authority of Singapore published a deepfake risk advisory to financial institutions, signaling that systemic AI deception is on its radar.

The threat has evolved; the industry’s security mindset has not.

Reactive security leaves users as walking targets

Security in crypto has long relied on static defenses, including audits, bug bounties, code audits and blocklists. These tools are designed to identify code weaknesses, not behavioral deception.

While many AI scams focus on social engineering, it’s also true that AI tools are increasingly used to find and exploit code vulnerabilities, scanning thousands of contracts automatically.

The risk is twofold: technical and human.

When we rely on blocklists, attackers simply spin up new wallets or phantom domains. When we depend on audits and reviews, the exploit is already live. And when we treat every incident as a “user error,” we absolve ourselves of responsibility for systemic design flaws.

Related: Crisis management for CEX during a cybersecurity threat

In traditional finance, banks can block, reverse or freeze suspicious transactions. In crypto, a signed transaction is final. And that finality is one of crypto’s crowning features and becomes its Achilles’ heel when fraud is instantaneous.

Moreover, we often advise users: “Don’t click unknown links” or “Verify addresses carefully.” These are acceptable best practices, but today’s attacks usually arrive from trusted sources.

No amount of caution can keep pace with an adversary that continuously adapts and personalizes attacks in real time.

Embed protection into the fabric of transaction logic

It’s time to evolve from defense to design. We need transaction systems that react before damage is done.

Consider wallets that detect anomalies in real time and not just flag suspicious behavior but also intervene before harm occurs. That means requiring extra confirmations, holding transactions temporarily or analyzing intent: Is this to a known counterparty? Is the amount out of pattern? Does the address indicate a history of previous scam activity?

Infrastructure should support shared intelligence networks. Wallet services, nodes and security providers should exchange behavioral signals, threat address reputations and anomaly scores with each other. Attackers shouldn’t be able to hop across silos unimpeded.

Likewise, contract-level fraud detection frameworks scrutinize contract bytecode to flag phishing, Ponzi or honeypot behaviors in smart contracts. Again, these are retrospective or layered tools. What’s critical now is moving these capabilities into user workflows — into wallets, signing processes and transaction verification layers.

This approach doesn’t demand heavy AI everywhere; it requires automation, distributed detection loops and coordinated consensus about risk, all embedded in the transaction lanes.

If crypto doesn’t act, it loses the narrative

Let regulators define fraud protection architecture, and we’ll end up constrained. But they’re not waiting. Regulators are effectively preparing to regulate financial deception as part of algorithmic oversight.

If crypto doesn’t voluntarily adopt systemic protections, regulation will impose them — likely through rigid frameworks that curtail innovation or enforce centralized controls. The industry can either lead its own evolution or have it legislated for it.

From defense to assurance

Our job is to restore confidence. The goal is not to make hacks impossible but to make irreversible loss intolerable and exceedingly rare.

We need “insurance-level” behavior: transactions that are effectively monitored, with fallback checks, pattern fuzzing, anomaly pause logic and shared threat intelligence built in. Wallets should no longer be dumb signing tools but active participants in risk detection.

We must challenge dogmas. Self-custody is necessary but not sufficient. We should stop treating security tools as optional — they must be the default. Education is valuable, but design is decisive.

The next frontier isn’t speed or yield; it’s fraud resilience. Innovation should flow not from how fast blockchains settle, but from how reliably they prevent malicious flows.

Yes, AI has exposed weak spots in crypto’s security model. But the threat isn’t smarter scams; it’s our refusal to evolve.

The answer isn’t to embed AI in every wallet; it’s to build systems that make AI-powered deception unprofitable and unviable.

If defenders stay reactive, issuing postmortems and blaming users, deception will continue to outpace defense.

This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.