Source: Chainalysis; Translated by: Tao Zhu, Golden Finance

Digital assets are rapidly changing the global financial ecosystem, providing new models for payments, investments and value exchanges. But with this innovation comes a series of familiar risks. Unfortunately, the same fraudulent means of targeting traditional finance (such as phishing, Ponzi schemes and impersonation) have also increasingly plagued the web3 and cryptocurrency ecosystems.

One of the most destructive types of fraud is authorized push payment (APP) fraud, where victims are tricked into voluntarily transferring funds to fraudsters. At present, APP fraud is the biggest threat to financial institutions, affecting reimbursement, operating costs, etc.

As we recently disclosed in our 2025 Crypto Crime Report, nearly $10 billion worth of cryptocurrencies were lost in 2024 due to various APP scams, although we estimate that number may be close to $12.4 billion, which will be a slight increase from the amount stolen in 2023.

Due to the decentralized nature of cryptocurrencies, transactions are fast, irreversible, and often anonymous—creating an ideal playground for APP fraud. Scammers use these characteristics to impersonate trusted entities, fabricate investment opportunities, or create a sense of urgency that forces victims to act before verifying the legitimacy of their counterparties. With the popularity of cryptocurrencies, understanding how app fraud works is key to maintaining protection.

Below, we will discuss the following topics and more:

What is authorized push payment fraud?

Types of APP Fraud

Why do APP Fraudsters target encrypted users

Prevent APP Fraud in Encryption

Supervision and Fraud Prevention

What is Authorized Push Payment (APP) Fraud?

Authorized Push Payment (APP) Fraud refers to the scammer manipulating the victim to voluntarily remit money using false pretexts. This type of fraud is different from unauthorized fraud (such as credit card fraud or account takeover) where criminals conduct transactions without the victim’s consent. Banks and payment service providers often refund unauthorized fraud victims, but unfortunately, victims of app fraud are less protected, especially in the cryptocurrency space.

APP Fraud Types

Scammers use a variety of means to manipulate victims to authorize crypto transactions. While some people may classify hacking as app fraud, in this blog we focus specifically on scams. Here are some of the most common scams:

Investment scams: Scammers promise over-return to investment, tricking victims into transferring cryptocurrencies to fake platforms or projects.

Pig killing: Scammers develop their victims emotionally for a long time, usually through dating apps or social media, and then convince them to “Invest in “Fake cryptocurrency opportunities.

Pull the carpet: Scammers start a project, collect the targeted funds, then abandon the project and disappear with the money. This scam usually occurs in the markets of decentralized finance (DeFi) and non-fungible tokens (NFT).

Live Scam: Scammers use hacked YouTube or social media accounts to broadcast fake gifts or impersonate well-known industry figures, urging viewers to send cryptocurrencies in exchange for “rewards.”

Impostor Scam: Scam impersonate customer support, Institutions or well-known figures, tricking victims into sending cryptocurrencies.

Address Poisoning: The attacker sends small transactions from wallet addresses similar to those in the user’s contact list, hoping that the victim will mistakenly copy and send funds to the wrong (malicious) address.

Employment scam: The scammer publishes fake job ads (usually in crypto-related fields) and tricks the victims into sending “start fees” or other fees during the onboarding process.

Fake airdrops and gifts: The scammer tricks the victims into sending cryptocurrencies in exchange for a promised reward that has never been fulfilled.

Business Email Breakout (BEC) Scam: The attacker hacks or forges corporate emails to trick employees into transferring crypto payments to fraudulent accounts.

See below, 2024 APP The loss of funds caused by fraud is mostly due to high-yield investment/trading scams (55.4%). Pig killing (36.7%) is also common.

APP Why scammers target crypto users

Frauders target cryptocurrency transactions specifically for the following reasons:

Irreversibility: Once a transaction is sent on the blockchain, it cannot be revoked or refunded like a credit card transaction.

Perceive anonymity: Although all transactions are publicly and immutable, the lack of direct personal identification information makes it easier for scammers to hide behind pseudonym wallet addresses.

Labor consumer protection: Traditional banks may compensate victims of fraud, But most crypto platforms do not offer such remedies.

Regulatory vulnerabilities: Inconsistent global regulations allow scammers to exploit vulnerabilities and weak enforcement efforts in certain jurisdictions. In addition, many crypto platforms used by scammers are not regulated or registered, complicating efforts to seek remedial.

Easy to access: Setting up crypto wallets and transferring funds is fast and simple, allowing scammers to create many accounts and transfer stolen assets with minimal friction.

Preventing from cryptocurrencies APP Fraud

As with any value transfer, cryptocurrency users should always verify their counterparties—especially when payment requests are sent through social media, email or messaging applications. It is also important to maintain high suspicion of anyone who promises to guarantee returns or uses a sense of urgency to pressure potential victims, two common red flags of fraud. In addition, users should useMulti-signature or additional authorization steps for wallets and avoid connecting to unknown sites or approving unusual transactions. Generally speaking, proper levels of suspicion and verification help prevent costly errors.

Exchanges and cryptocurrency companies can deploy fraud detection tools to monitor suspicious behavior in real time, identify risky wallet activity, and discover patterns related to known scams.

Regulation and Fraud Prevention

Countries around the world are taking a series of measures to address the threat of APP fraud, aiming to prevent and stop fraud, from public education activities to strengthening information sharing. In many cases, people are paying more and more attention to the fraud prevention responsibilities of regulated companies. If these responsibilities are not fulfilled, the company will bear the victim's losses. For example, by the end of 2024, the UK became one of the first to determine how to provide compensation to victims of APP fraud and fraud, requiring mandatory damages to victims through traditional payment channels (FPS and CHAP) where certain conditions are met.

Since then, we have also seen other , such as Australia’s launch of a framework for various types of APP fraud in early 2025, requiring financial institutions, digital platforms and telecom providers to prevent, detect, block and report fraud, otherwise face severe penalties for failing to protect customers. These efforts show that thinking about who will assume responsibility and costs of APP fraud is changing. In the future, such frameworks may also include crypto assets as their use in payments continues to grow, and the channels for fiat currency to enter cryptocurrencies are already operating under these rules.

At the same time, public-private partnerships continue to play a key role in combating APP fraud. Regulators are now working closer with blockchain analytics providers to better understand on-chain activity and detect fraud as early as possible. Fortunately, there is no longer a technological gap for private companies and public institutions.