The U.S. government is working to return $7 million to victims of a sophisticated scam where fraudsters used social engineering techniques to trick them into transferring funds to fake cryptocurrency investment platforms.
According to a statement from the U.S. Attorney’s Office for the Eastern District of Virginia on March 21, the scammers approached victims, built trust, and then directed them to websites disguised as legitimate cryptocurrency investment platforms.
Once the victims transferred their funds, the money was funneled through more than 75 bank accounts under the names of shell companies before being sent overseas. These transactions were falsely labeled as domestic transfers, despite the funds actually being routed to a bank outside the United States.
The U.S. Attorney’s Office emphasized, “The fraudulent websites misled victims into believing their investments were generating significant returns.” When victims attempted to withdraw funds, the scammers pressured them to deposit more money, claiming they owed taxes on their supposed profits.
In 2023, the U.S. Secret Service seized a portion of the stolen funds from a foreign bank and initiated civil forfeiture proceedings by filing a claim with the U.S. District Court. However, the bank also requested reimbursement of the cash. Eventually, the U.S. government reached a settlement agreement, securing $7 million from the seized funds. Victims were encouraged to contact the Secret Service to file compensation claims.
In its 2025 Crypto Crime Report, blockchain analytics firm Chainalysis noted that crypto crime has entered a professional era, dominated by sophisticated cybercriminal organizations.
On March 21, the Australian Federal Police reported that they had to warn 130 individuals about a scam targeting cryptocurrency users through text messages. The scam impersonated the “sender ID” of legitimate crypto exchanges such as Binance to deceive users.
Earlier, on March 14, users on X reported another series of scam messages impersonating Coinbase and Gemini. The scammers attempted to trick users into setting up new wallets using pre-generated recovery phrases controlled by the fraudsters.
On March 18, cybersecurity firm Malwarebytes issued a warning about a group using new crypto-stealing malware hidden inside a “cracked” version of TradingView Premium.
Additionally, on March 17, Microsoft’s Incident Response Team reported discovering a new remote access trojan targeting cryptocurrency stored in 20 browser extensions for Google Chrome wallets.
