CertiK Releases Cryptocurrency ATM Fraud Report: $330 Million Loss, AI Scams and Cross-Border Money Laundering Pose Major Threats

On March 12, CertiK, the world’s largest Web3 security company, released the “Skynet Cryptocurrency ATM Fraud Report.” The report shows that in 2025, losses caused by this kind of scam reached $330 million, up about 33% year over year, and has become one of the fastest-growing categories of financial crime in the United States.

The report notes that as the number of cryptocurrency ATM devices around the world continues to grow, and criminal organizations constantly upgrade their scam methods by leveraging social engineering and AI technologies, this criminal pattern has evolved from scattered cases into a highly organized, cross-border scam industry.

Total losses from cryptocurrency ATM fraud

Cryptocurrency ATMs become a “fast lane” for transferring scam funds

Cryptocurrency ATM fraud refers to situations where scammers use phone calls, text messages, or online social channels to诱导 victims to withdraw cash and deposit the funds into a cryptocurrency ATM, after which the funds are converted into digital assets and transferred to a wallet address controlled by the scammers.

At present, there are about 45,000 cryptocurrency ATM machines worldwide, with 78% located in the United States. Users can typically complete the cash-to-cryptocurrency exchange and send a transfer within 5 minutes, which makes it an ideal channel for scam groups to move funds.

Unlike traditional cryptocurrency attacks, these crimes do not rely on account takeovers or hacking attacks. Instead, they诱导 victims to take action themselves through social engineering tactics. Once a transaction is recorded on-chain, the funds are almost impossible to recover.

From the technical architecture perspective, a cryptocurrency ATM only serves as a front-end terminal that connects to the backend cryptocurrency application server (CAS). All fund transfers are carried out through the operator’s hybrid hot wallets. On-chain records only show the operator wallet transferring funds to the target address, without recording the depositor’s identity information. This structure creates a “traceability gap,” bringing enormous challenges to law-enforcement evidence collection and forensic work.

Older adults account for 86% of total losses; protective warnings are essentially meaningless

The most alarming data in the report points to the extreme vulnerability of older adults in this type of fraud. The data shows that in 2025, among all cryptocurrency ATM fraud losses in the United States, 86% came from people aged 60 and over. In a lawsuit filed by the U.S. Attorney General in Washington, D.C. against cryptocurrency ATM operator Athena Bitcoin, the lawsuit stated that 93% of deposits made at local ATMs by the company were related to fraud crimes. The victims’ median age was as high as 71, and the median loss per transaction reached $8,000.

The report outlines the current mainstream types of fraud. Its core goal is to pull victims into intense emotional swings and deprive them of rational judgment; to isolate the victims from potential helpers; and to provide real-time guidance to complete the entire process of exchanging cash for cryptocurrency.

Classification of methods used in cryptocurrency ATM fraud

“When victims are on a real-time call with scammers, the warning prompts on the screen basically cannot play any protective role.” The report says that the protection measures at the ATM machine level are effectively meaningless. Scammers stay connected in real time throughout the entire process of the victim withdrawing and operating the ATM. They not only guide victims to bypass the screen warnings, but also prearrange standardized talking points so that victims can respond to questions from bank staff with reasons such as home renovations or household emergencies—completely cutting off outside intervention.

AI technology is changing scam methods

The report also notes that AI technology is accelerating upgrades to scam tactics. In 2025, the profit-making ability of AI-driven scams was about 4.5 times that of traditional methods. Criminal organizations have started using AI voice cloning, deepfake videos, and automated scripts to carry out more targeted social engineering attacks.

At the same time, to evade transaction-limit policies that regulators are gradually rolling out in different places, scam networks are also adopting a “divide-and-conquer” strategy:诱导 large numbers of victims to make small transactions on different ATMs. In doing so, they maintain the overall scale of criminal profits while still bypassing regulatory scrutiny and checks.

Industrialized operations of cross-border criminal networks

The report reveals that cryptocurrency ATM fraud has evolved from scattered cases into highly organized cross-border criminal organizations. These criminal organizations adopt an industrialized operating model and build detailed division-of-labor structures, covering multiple stages including data collection, social engineering scams, and fund transfers and money laundering.

The increased efficiency of the money-laundering stage further amplifies the harm caused by this type of crime. In 2025, Southeast Asia money-laundering networks handled about $16.1 billion in illegal cryptocurrency fund flows, accounting for 20% of the globally traceable illegal cryptocurrency ecosystem. These networks coordinate operations via Telegram and can complete large-amount transaction settlement within two minutes. After victims deposit cash, the funds move through multiple layers of concealment within minutes via mixing services, cross-chain bridges, and decentralized exchanges. Often, before victims hang up the scam phone call, the funds have already left the traceable scope of the regulatory system.

Transaction endpoints become key points for prevention and control

In response to the current threat landscape, the report concludes with systematic prevention-and-control recommendations. It clearly states that the only effective intervention node in the cryptocurrency ATM fraud chain is the transaction entry at the CAS layer—before the transaction is recorded on-chain, the operator must complete real-time screening of the target wallet address and perform risk verification.

Meanwhile, the report proposes specific measures for consumers, operators, and law-enforcement agencies: consumers need to be alert to any unsolicited calls requesting payment through a cryptocurrency ATM; operators need to implement tiered KYC, share intelligence across the entire industry, and conduct pre-transaction risk verification; law-enforcement agencies need to strengthen capability-building for blockchain analysis and promote unified legislation as well as cross-border law-enforcement cooperation.

“Losses of $330 million in the 2025 report only reflect a small part of the iceberg of actual harm.” In its conclusion, the report warns that as new tactics such as AI deepfakes, automated cross-chain money laundering, and “divide-and-conquer” small transactions become more widespread, the threat of cryptocurrency ATM fraud will continue to escalate. Only by forming coordinated efforts across technology, regulation, and law enforcement can the criminal chain be severed within the continuously shrinking intervention window, protecting the property safety of financial consumers—especially older adults.

Report link: https://indd.adobe.com/view/bfb98f74-c308-4f0d-b9eb-c3bdb86e2785