Bitget said it intercepted more than 150 million cyber threats, flagged over 13,000 high-risk IP addresses and helped recover $32.3 million between July 2025 and June 2026, as fraud campaigns across digital finance became more complex, more automated and increasingly powered by artificial intelligence.
The crypto exchange released the figures in its Anti-Scam Report 2026, titled “The Evolution of Fraud in the Multi-Asset Era,” developed with blockchain security firm SlowMist as part of the third year of Bitget’s Anti-Scam Month initiative.
The report examines how scams are changing as users move across crypto, tokenized assets, stocks, CFDs, wallets and AI-powered investment tools, warning that scams are becoming more coordinated as fraudsters follow users across platforms, products and communication channels.
Multi-asset trading opens new scam routes
According to Bitget Research, the share of active users participating across two or more asset classes rose from under 1% in mid-2025 to more than 10% by May 2026, widening the attack surface for fraud operators.
The report said scammers are no longer relying on a single fake website, phishing message or wallet compromise, but are instead guiding victims through longer sequences involving social media, messaging apps, investment groups, phishing infrastructure and wallet activity before funds are stolen.
Between July 2025 and June 2026, Bitget said its security systems intercepted more than 150 million malicious requests, identified over 13,000 high-risk IP addresses, handled 18,135 user protection cases and supported the recovery of $32.3 million linked to security incidents and fraud.
“Security challenges evolve alongside markets. As more users participate across crypto, stocks, tokenized assets and AI-powered products, fraud campaigns are becoming sophisticated in how they build trust and influence decision-making,” Bitget CEO Gracy Chen said.
AI turns scams into scalable operations
The report identified AI-generated investment personas, deepfake videos, voice-cloning attacks, synthetic trading communities, wallet drainers, malicious smart contracts and advanced phishing campaigns as key threats shaping the current fraud environment.
SlowMist’s investigations found that AI is lowering the cost of deception while increasing the scale of attacks. Fraudsters can now create fake advisors, produce synthetic videos, clone voices and populate online communities with fabricated investors, making fraudulent schemes appear more credible and harder to detect.
Among the cases cited was a deepfake investment scam impersonating Cypriot President Nikos Christodoulides, which used AI-generated video to promote a fraudulent investment platform.
The report also pointed to an AI-generated advertising campaign that reportedly defrauded thousands of Swedish investors, using fake profiles and fabricated endorsements to push fraudulent stock recommendations.
Another case, known as the “Truman Show” scam, involved an investment community built around roughly 90 fake investor identities, in which victims believed they were interacting with successful traders and ordinary participants while the group was largely manufactured to build social proof and trust.
Wallet drainers and phishing remain core threats
The report said wallet-level attacks remain one of the most persistent risks in digital finance because blockchain transactions are generally irreversible once approved.
SlowMist identified wallet drainers, approval scams, malicious smart contracts and cross-chain phishing as major threat categories.
Approval scams remain especially difficult because malicious permissions can stay active long after a user forgets the original transaction. The report said stolen assets are often moved within minutes, converted into stablecoins, split across wallets or sent across chains to complicate recovery.
In one case, the Rublevka Team operation embedded wallet-draining scripts into phishing landing pages designed to connect directly to victims’ wallets, showing how organized these operations have become.
User behavior becomes fraudsters’ new target
Bitget and SlowMist concluded that fraud in digital finance is entering a more complex phase as users spread across more products, platforms and asset classes, giving attackers new ways to build credibility before stealing funds.
The report said modern scams increasingly target human decision-making rather than only technical vulnerabilities, with attackers building urgency, authority, exclusivity and social proof before asking victims to transfer funds, connect wallets or approve smart contracts.
It added that the future of user protection will depend on stronger security habits, including multi-factor authentication, unique passwords, anti-phishing codes, careful review of wallet approvals and independent verification of investment claims, as AI makes scams cheaper, faster and harder to detect.
