2025年,加密貨幣詐騙演化到前所未有的規模和複雜程度。隨著數碼資產市場衝上新高,騙徒把握機會,專攻市場熱情及貪婪心理。
其中一個明顯例子是,Ripple行政總裁Brad Garlinghouse於2025年年中在社交媒體警告YouTube上出現大量XRP贈送詐騙-不單有AI生成的他本人及管理層深偽模仿,更駭入知名YouTube頻道,用深偽聲畫擬真演出官方Ripple對話,向觀眾承諾「一億XRP」空投,只要先匯款給他們。Garlinghouse強調:「一如既往,每逢市場興旺,詐騙就加劇,千萬不要相信天掉下來的好事。」這個提醒反映現今加密詐騙已從老千把戲進展至主流危機,騙案融合最新科技與舊式詐術。
數字同樣令人警覺。2025年上半年,全球加密貨幣詐騙損失高達21億美元,超越2022年紀錄。美國FBI數據顯示,美國人在2024年因加密詐騙損失達93億美元,而2025年全球騙案活動呈持續上升。區塊鏈分析公司TRM Labs亦指出,帶有AI元素的詐騙報告於2024年中至2025年中期間暴增456%。今年的詐騙手法日益高明,手法不再單是一看即知的駭客攻擊或小兒科釣魚鏈,更是有組織運作、運用社交工程、科技漏洞及金融障眼法,連有經驗的幣圈用戶都可能中招。騙徒現時利用深偽視頻、語音模仿、惡意智能合約、跨鏈洗錢,甚至有「詐騙即服務」套裝廣招同黨。
本文將深入介紹2025年最猖獗、最危險的加密貨幣詐騙,包括手法、今年真實個案及數據,以及為何這些詐騙對整個加密生態構成重大威脅。由AI主導的社交媒體冒充騙局、損失過億元的殺豬盤愛情投資騙案,到DeFi地毯式套現及大型龐氏網絡卷款消失-各類型將逐一剖析。我們希望用事實和分析幫助有經驗的讀者識破騙局徵兆,走在騙徒前面。形勢複雜瞬息萬變,但萬變不離其宗:詐騙永遠借市場炒作、貪婪、恐懼及虛假合法性而生。只要拆解2025年詐騙運作方式,大家就可以為自己及社群加強防衛。正如Garlinghouse所說:在這個加密罪案不斷升級的年代,「保持警覺與二次核實」變得無比重要。
AI升級冒充騙局:深偽正式成為詐騙工具
2025年的加密詐騙新趨勢之一,是AI提升下的冒充騙術。騙徒利用深偽技術扮演可信人物騙取投資者。過去騙子已常在文字社交平台冒充Elon Musk、Vitalik Buterin或加密CEO,但現在已有AI合成視頻和聲音,「真口」講出「假話」。根據區塊鏈情報分析員,深偽加密詐騙成為AI詐騙中最常見的一種。這類騙局通常複製經典「先發幣給我,我返還雙倍」這種老套陷阱,但配合合成媒體技術威力大增。例如,騙徒駭入YouTube頻道,串流真實訪問Elon Musk、Garlinghouse、MicroStrategy的Michael Saylor等,再加詐騙疊圖及連結。自2024年中起,更進一步即時加入超擬真深偽視頻,讓受害者誤以為本人正在親自推薦詐騙網站或「送幣」活動。這些優質視頻能夠愚弄挑剔的觀眾——偽Elon Musk會盯住鏡頭承諾幫你翻倍比特幣,同步畫面掛著惡意連結。
這種AI冒充造成的損失持續增加。2024年6月,一宗深偽Elon Musk突襲YouTube「加密贈送」直播,20分鐘內已吸引多名受害人向詐騙錢包轉帳,騙子在2024年3月至2025年1月期間累計收到至少500萬美元。調查發現該金流經MEXC等交易所清洗,最後流入暗網市場,過程之快驚人。除了Elon Musk,Ripple的Brad Garlinghouse在2025年7月亦淪為目標,被AI合成視頻偽裝推廣XRP獎賞,後來由公司CTO澄清是假消息。此外,騙徒更曾用美國前總統特朗普的深偽視頻,在Twitter/X散播虛假送幣,政商界名人形象被徹底商品化。這些深偽視頻可信度離奇高,而社交媒體本已充斥假資訊,平台及用戶難以分辨真偽。
一張假冒Ripple YouTube直播截圖:聲稱送出一億XRP。騙徒駭入擁有17.6萬訂閱的頻道,佈置Ripple標誌及Garlinghouse的AI生成旁白,擬真極高。Ripple正牌YouTube賬戶(約8.2萬訂閱)隨即澄清「官方從不會要求用戶先傳XRP」,呼籲大家保持警惕。
深偽冒充不僅出現在公眾送幣騙局,更滲透私人和企業內部。保安專家指「深偽授權騙案」近日急升——騙徒偽裝高層於視頻通話中誘騙公司職員或合作夥伴。一宗案例中,騙徒假扮銀行合規主任,用深偽視頻及偽造法律文件,誆稱目標面臨法律風險,要其把款項轉入「託管戶口」(實為騙徒錢包)。這種以權威身份,結合高度仿真的聲畫,令傳統可疑訊號(如錯字、電郵可疑)完全不適用。業界現時被迫加強身份核實,例如要求大額交易再致電已知號碼或設定暗號,以應對深偽年代「眼見和聽見都未必真」。
另外,AI工具也大幅擴展詐騙規模。所謂AI Agents及大型語言模型可以自動尋找獵物、利用收集個人資料設計針對性釣魚,並以擬人化方式全天候即時溝通。騙徒可以部署一隊聊天機械人,冒充客服或網紅,與人對話騙財。機智與機械效率的結合令現今冒充局威力倍增。執法與平台疲於奔命——香港警方於2025年初就破獲31人詐騙集團(多屬學生),全靠AI換臉進行「殺豬盤」愛情詐騙,涉款約HK$3400萬元(約440萬美元),橫跨多地犯案,反映犯罪集團快速採用這類新技術。警方表示:「他們用AI換臉,冒充俊男美女博取信任,繼而發展感情騙財。」AI與詐術結合,對偵測帶來新難題-自動系統難以識破合成圖片與聲音,連人類審查員也可被騙。社交平台難免被批評落後。Ripple於2020年曾就YouTube詐騙提訴,雙方最終談妥合作提升打擊力度。雖然今日YouTube與X(Twitter)已加強內容審查及快速下架假視頻,但用戶和公司發現詐騙後仍須及時自行舉報。在此形勢下,最好的自保是多重查證來源、經官方渠道核實所有「太好」的優惠,以及謹記任何正規項目*都不會要求你預先匯款換取獎勵。
社交媒體冒充與假贈送活動
2025年,騙徒依然活躍於加密世界所有論壇、動態區及收件箱內,以社交媒體冒充為主,包括常見的假贈送、空投及冒名賬戶於Twitter(X)、YouTube、Facebook、Discord、Telegram等平台行騙。這類詐騙並非新鮮事,但隨著每次加密... market rally, often hijacking high-follower accounts or creating lookalike profiles to appear credible. The formula is straightforward and devastatingly effective: pose as a famous crypto figure or company, announce a generous giveaway (usually “send 1 BTC/ETH/XRP and get 2 back!” or a free airdrop requiring a “small deposit”), and then disappear with whatever funds naive users send. Impersonation scams accounted for $2.3 billion of crypto fraud losses in 2022, according to a TRM Labs report, and they remain a major threat in 2025.
隨住加密貨幣市場反彈,騙徒經常劫持大量粉絲的帳戶,或複製假冒名人帳號,令自己睇落可信。手法十分簡單但極之有效:冒充著名的加密貨幣人物或公司,公布慷慨送禮活動(通常話「畀1個BTC/ETH/XRP返2個!」或者係話免費空投但要先入細額按金),等易受騙嘅用戶畀咗錢就即刻消失走人。根據TRM Labs報告,單係2022年,冒充詐騙已經造成23億美元加密貨幣損失,而呢類詐騙去到2025年依然係重大威脅。
What has changed this year is the scale and polish of these campaigns. Scammers are hacking into legitimate social media accounts – often verified ones – to broaden their reach. For example, multiple YouTube channels with hundreds of thousands of subscribers have been stolen and rebranded to mimic official crypto company pages. These hijacked channels then run livestreams of old conference videos or interviews, overlaid with scam promotion text. Viewers see a familiar face talking crypto and a banner saying “Live: [Big Company] Official Giveaway!”, complete with the company’s logo – making it alarmingly easy to fall for. On X/Twitter, blue-check verified accounts (sometimes belonging to unrelated public figures) have been compromised to push fake token giveaways. Even high-profile crypto news accounts are not immune: in November 2024, the popular news feed Watcher.Guru’s Twitter account was hacked and briefly used to post a fraudulent XRP giveaway link. Though quickly taken down, it showed how even reputable sources can be weaponized.
今年變化最大嘅,係騙案規模同埋偽裝度都升級咗。騙徒而家會入侵合法、甚至已認證嘅社交媒體帳戶,擴大受害範圍。舉例,有好多幾十萬訂閱嘅YouTube頻道被盜並轉型成為假冒加密公司的官方頁面。呢啲被劫頻道就會播放以前嘅會議片段或者專訪片,再加埋詐騙推廣字眼。觀眾見到「老面口」講緊加密貨幣,又有橫額寫住「直播:[大公司]官方送禮!」仲有正版Logo,極容易中招。喺X/Twitter方面,藍剔認證帳戶(有時甚至同加密全無關係嘅公眾人物)都被入侵推假幣空投。就連大型加密新聞帳戶都唔例外:2024年11月,受歡迎新聞帳戶Watcher.Guru嘅Twitter被hack,短暫用來發佈假XRP送禮活動連結。雖然好快被刪除,但事件證明到就算最有信譽嘅來源都可以比人利用。
*A cybersecurity researcher’s warning about Google search ads leading to scam sites. Scammers buy ads for popular crypto keywords (like wallet names or DeFi platforms), using lookalike domains (via Punycode tricks) to impersonate real sites. In this example, searches for terms like “Aave” or “PancakeSwap” returned sponsored results labeled “【SCAM】”, which actually redirect users to phishing websites. Experts urge users to avoid clicking Google ads for crypto services and instead navigate directly, as search engines may inadvertently display fraudulent links at the top.
*有網絡安全研究員警告,Google搜尋廣告已成為衞詐騙網站入口。騙徒會買入熱門加密關鍵字(例如錢包名、DeFi平台),利用極似真網址(有時用Punycode技術偽造)假冒官方網站。好似你搜尋「Aave」、「PancakeSwap」時,頭幾個加咗「【SCAM】」嘅廣告,實際會將人帶去釣魚網站。專家呼籲:千祈唔好click Google所得加密廣告,最好直接去官方網站,因搜尋器有時會意外將詐騙內容頂上第一位。
In 2025, social media platforms struggle to balance openness with fraud prevention, and scammers exploit every gap. YouTube’s advertising system was abused as recently as July 2025, when a user reported seeing a paid ad for a fake Ripple XRP event only an hour after it went live. Ripple officials publicly lambasted YouTube for this lapse, highlighting that the scam ad even used Ripple’s branding and logos to appear authentic. Twitter/X is flooded with bot replies whenever a famous crypto personality tweets – many of these bots impersonate the original poster (using the same profile picture and name) and claim, “Thanks for the support! As a gift, visit this site for a giveaway.” In reality, the link leads to a phishing page that will steal your crypto. Meta (Facebook/Instagram) has also been contending with impostors; fake profiles of well-known traders on Instagram have lured victims into bogus investment schemes, while Facebook groups see posts from scammers pretending to be Binance or Coinbase offering “lottery winnings” to random users.
嚟到2025年,社交平台繼續喺開放性同防詐騙之間搵平衡,騙徒則把握住所有漏洞。YouTube嘅廣告系統就喺2025年7月又被人濫用,有用戶話就喺一個假Ripple XRP活動廣告出街一個鐘後就畀佢見到。Ripple高層公開鬧YouTube失職,仲指詐騙廣告將Ripple真logo都攞來用嚟加強真實感。X/Twitter方面,只要有名加密圈人物出post,就會即刻俾bot留言洗版,呢啲bot冒充原主,換埋一樣個人頭像同名字,聲稱「多謝支持!送你一份禮物,去呢個網站領獎。」但連結實際帶你去釣魚頁,專偷你嘅加密貨幣。Meta(Facebook/Instagram)亦力抗冒名者,IG上假冒著名交易員帳號誘騙用戶參與虛假投資計劃,Facebook群組裡面都成日有騙徒假冒Binance同Coinbase派「中獎金」畀用戶。
Another twist involves repurposing genuine content with malicious additions. Scammers have taken real interviews or live streams of crypto executives and appended QR codes or wallet addresses onto the video feed, as reported by Ripple in their warnings. A user might watch what appears to be a legitimate talk by a CEO, not realizing the address scrolling at the bottom was never put there by the content creator – it’s an overlay added by scammers who re-host the video. Such tactics create a false sense of urgency and legitimacy simultaneously (e.g., “Hurry, send funds to this address while the livestream is on!”). This blend of truth and lies makes it harder for novices to discern fraud.
另一花樣係攞真內容再加料惡搞。騙徒會攞真正嘅專訪或者直播,用剪接加插自己嘅QR code或者錢包地址(Ripple亦出過警告)。觀眾見到以為CEO親自直播,唔知螢幕下嗰條地址其實並唔係原創者加嘅,係騙徒重播時整入去。呢種手法一邊製造急迫感,一邊加強信譽(例如:「把握直播時間,快啲send錢去下面地址!」)。真真假假撈埋一齊,令新手愈嚟愈難分真假。
The industry and law enforcement have responded in various ways. In 2025, we’ve seen crackdowns such as Twitter implementing rate limits on new accounts to reduce bot swarms, and YouTube claiming improved AI detection for crypto scam streams. Yet, clearly, much slips through. Ripple’s 2020 lawsuit against YouTube (which was settled in 2021) did lead to better communication channels for takedowns, but Brad Garlinghouse noted that it’s still a game of “whack-a-mole” – as soon as one fake account is removed, another pops up. Some community-driven efforts like XRP Forensics help track and flag scam wallet addresses, and browser extensions (e.g., ScamSniffer) warn users of known phishing domains. In an X post, ScamSniffer revealed that search engine ads have been a major vector: simply Googling your favorite DeFi app could lead you to a pixel-perfect fake website due to scammers exploiting Punycode URLs (swapping characters in a domain name with similar-looking Unicode characters). Their advice was blunt: “Pro tip for DeFi users: Stop using Google search for crypto sites unless you enjoy playing Russian roulette with your wallet!”.
業界和執法部門都有行動。2025年,X/Twitter加咗新帳戶出帖速率上限減少bot洗版,YouTube就話AI已提升,可以辨識詐騙直播。即使如此,漏洞仍然多不勝數。Ripple 2020年告YouTube,雖然2021年和解,之後確實有多咗溝通處理假帳戶,但Brad Garlinghouse都承認,依然係「打地鼠」遊戲,一個刪咗又有新假冒帳戶出現。有啲社群自發組織(如XRP Forensics)專門追蹤和舉報詐騙錢包地址,部分瀏覽器擴展(好似ScamSniffer)會提示用戶某些域名係釣魚網站。ScamSniffer曾喺X發過,指搜尋器廣告係重災區:用戶上Google搵DeFi服務時,分分鐘會連結到幾乎一模一樣嘅假網站,因為騙徒識用Punycode(用相似unicode字元串改網址)。官方建議直接啟用書籤官方網址:「忠告DeFi用戶:想試下錢包俄羅斯輪盤遊戲,就繼續用Google搵加密站!」
For individuals, the best practice is to always verify through official channels. If you see a giveaway on YouTube or Twitter, check the official website or official social accounts of that project for any mention of it – 99.9% of the time, it’s not real. Remember that legitimate crypto firms do not ask for upfront payments to receive a prize. No real Elon Musk or CZ or Vitalik will randomly send you money – in fact, many companies (like Ripple) repeatedly broadcast that they never do giveaways. Treat unsolicited offers, especially those that require you to act fast or send crypto out, with extreme skepticism. In the crypto sphere, any promise of a “free” windfall in exchange for sending some coins is effectively certain to be a scam. The onus is partly on platforms to shut down fraudulent accounts, but ultimately, a healthy dose of doubt is a crypto user’s best friend on social media.
對普通用戶嚟講,最穩陣嘅做法係任何時候都要經官方渠道核實。例如見到YouTube或Twitter有送禮活動,千祈記得去返該項目官方網站或官方社交帳戶查下有無相關消息——99.9%都係假嘢。記住,正規加密公司唔會要求你先畀費用先攞獎品。無論係Elon Musk、CZ定Vitalik,真嘅唔會無啦啦send錢畀你,反而公司(如Ripple)多次公開聲明永不舉辦送禮活動。 對所有突如其來嘅優惠、尤其叫你要即刻行動或send幣出去嘅,一律要高度警覺。加密世界所謂「送」你,只係想呃你主動交錢出去。平台固然有責任封殺假帳戶,但最緊要係你自己心存疑心——「多疑」喺加密社交圈其實至係王道。
Phishing, Malware and Wallet Draining Schemes
While flashy deepfakes and hijacked YouTubes make headlines, plain old phishing remains a backbone of crypto fraud in 2025 – albeit in evolved forms tailored to the Web3 environment. Phishing in crypto typically aims to steal one of two things: user credentials (passwords, private keys, seed phrases) or transaction authorization to drain wallets. Scammers deploy emails, direct messages, fake websites, and even malicious smart contracts to achieve these ends, often by posing as trustworthy services or support personnel. The consequences can be immediate and devastating: unlike a stolen credit card that can be frozen, a stolen crypto private key or an approved malicious transaction can empty a wallet irreversibly within minutes.
雖然光怪陸離嘅deepfake、YouTube盜用屢上新聞頭條,但最基礎嘅釣魚詐騙,其實2025年仍係加密騙案嘅核心——只係玩法更針對Web3環境。加密圈釣魚主要目標有兩樣:1)套取用戶憑證(密碼/私匙/助記詞),2)呃用戶批出交易權限再清空錢包。騙徒會用email、私訊、假網站,甚至部署惡意智能合約,有時仲會假扮技術支援員。後果可以係即時致命——信用卡被盜可能凍結得返,但加密私匙被偷或你批左惡意合約走錢,分分鐘數分鐘之內成個錢包被清光,冇得追討。
One common scenario is the support scam on Discord or Telegram. A user seeking help for a crypto wallet or DeFi platform issue might post a question in a public forum; lurking scammers will swiftly message them privately, impersonating an “official support” rep. In a documented case, a DeFi user on Discord asked for assistance with the Arkadiko Finance protocol – a scammer, pretending to be a community moderator, DMed the user and provided a link to what looked like Arkadiko’s site. In reality, it was a pixel-perfect fake domain (ren.digl.live) designed to mimic the project’s interface. The phony support agent then instructed the victim to “verify your wallet” by entering their recovery seed phrase on the site. Unfortunately, the user complied. The site gave an error, and shortly after, the victim’s wallet was completely drained of funds (over $100,000 stolen). By the time the user realized what happened, the scammers had already moved the crypto through multiple addresses. This case highlights key red flags: real projects’ staff will never ask for your seed phrase, and private help should be viewed skeptically – official support usually directs users to open tickets or emails, not casual DMs.
其中一個好常見場境就係Discord或Telegram技術支援詐騙。有用戶如果搵加密錢包或DeFi平台幫忙,喺公開群組問問題,潛伏緊嘅騙徒就會極速私訊扮成「官方客服」DM你。曾被紀錄,有位DeFi用戶喺Discord搵Arkadiko Finance協助,一個假冒群主私訊佢,畀咗一條仿真公司網址(ren.digl.live,好似真)、要求受害人「驗證錢包」,叫佢輸入回復助記詞。慘係受害人真係信咗。網站出現錯誤後,冇幾耐就發現錢包畀人清袋,超過十萬美金被盜。當佢發現中招,騙徒早已轉移晒加密貨幣。 呢個案例重點提示:正規項目、員工或客服,永遠唔會問你要助記詞;收到私人協助DM都要警覺——官方只會叫你開ticket或發email,唔會閒聊DM搞掂。
Phishing emails targeting crypto holders have also become more persuasive. Scammers scrape data breaches and mailing lists to find people known to use certain exchanges or wallets. A typical phish email might spoof an exchange (e.g., Coinbase, Binance) and warn: “URGENT: Suspicious login attempt detected. Please verify your account immediately [link].” The link leads to a fake login page that steals credentials if entered. Or the email carries a malicious attachment masquerading as a “transaction receipt,” which if downloaded could deploy malware. Ransomware groups have been known to initially breach systems through crypto-themed phishing; once inside, they might steal any hot wallet keys and then encrypt the victim’s files, demanding a crypto ransom. In one California case, a victim clicked a fake crypto airdrop link that injected malware into their computer, compromising their hardware wallet and leading to ~$7,800 in crypto theft. The attackers then had the audacity to demand additional payments to “unstake” the remaining assets – a blend of extortion and phishing in one attack.
針對加密持有人嘅釣魚電郵亦變得更加高明。騙徒會用外洩資料庫同郵寄清單搵到用緊某啲交易所/錢包嘅人。常見電郵釣魚會假冒交易所(如Coinbase、Binance),警告你:「緊急!偵測到可疑登入,請即刻驗證帳戶[連結]」。條連結會帶你去一個假冒登入頁,一旦輸入資料會直接盜走你帳戶。又或者email會有夾帶「交易收據」嘅惡意附件,一下載就植入惡意軟件。有啲勒索軟件集團會先靠加密主題釣魚入侵系統,入到去之後偷熱錢包密匙,再encrypt你文件,要求加密贖金。加州一個案例,受害人係撳咗加密空投假連結,被植入惡意程式搞到硬件錢包都受控,結果被盜大約七千八百美金加密貨幣,對方仲粗暴要求佢再畀錢幫佢「解stake」餘下資產——只一次就「勒索+釣魚」混合攻擊。
Another increasingly prevalent threat is “ice phishing”, a term coined for tricking users into signing malicious blockchain transactions rather than stealing their login info. In ice phishing, scammers build websites or dApps that promise some benefit – often fake airdrops, token sales, or “one-time rewards” – and prompt users to connect their Web3 wallet (like MetaMask) and approve an action. The user, thinking they are just authorizing a legitimate contract, might unknowingly grant the contract permission to spend or transfer their tokens. These malicious smart contracts can be designed to immediately siphon assets once given approval. Notably, North Korea’s infamous Lazarus Group has employed such on-chain phishing techniques to great effect, using targeted emails to lure crypto company employees to malware-laced sites, and then deploying custom smart contracts to drain corporate wallets. The blend of
另一類愈來愈普遍威脅係所謂的「冰釣魚」(ice phishing)——目的唔係直接偷你帳號資料,而係呃你自己親手簽署一啲有問題嘅區塊鏈交易授權。騙徒會整一啲網站或去中心化應用(dApp),標榜空投、假幣發售、一次過獎賞之類,要求你連結MetaMask等Web3錢包並批核某行動。用戶以為只係批俾正規合約授權,實際已經批左將資產「任意支配」權畀該惡意智能合約。合約批核後,騙徒可即時將你資產搬走。最出名例子係北韓Lazarus集團用呢招非常得手,專針對email引誘加密公司員工去含惡意軟件網站,再用自訂合約瞬間盜空企業錢包。social engineering and technical exploit makes it hard to detect until it’s too late – a wallet may show a transaction request that looks routine (some even mimic known interfaces), but hiding in the code is a function that, once authorized, lets the attacker grab all tokens or NFTs from that wallet.
社交工程同技術利用令到呢啲攻擊好難喺未太遲嘅時候發現——有時你個錢包會彈個睇落好普通嘅交易請求(有啲甚至會模仿你熟悉嘅介面),但實際上一啲隱藏嘅功能喺程式碼入面,一經授權,攻擊者就可以攞走晒你個錢包入面所有嘅代幣或者NFT。
To facilitate these operations, a whole underground market of “crypto drainer” tools and kits has emerged. A crypto drainer is malicious code – often sold as a service – that can be embedded in fake websites or browser extensions to automate the theft of assets when a victim interacts with it. In 2025, this has become Drainer-as-a-Service (DaaS), where anyone can purchase ready-made scripts that set up a phishing site and the associated smart contract to exfiltrate funds. Some sophisticated drainers even have customer support for the would-be scammer and features to evade anti-phishing filters. Security company Kaspersky reported a 135% surge in interest on dark web forums for crypto drainer kits at the end of 2024, indicating rising demand among cybercriminals. Essentially, the barrier to entry for crypto theft has lowered – one doesn’t need to be a coding genius; buying a $50 phishing kit and some website templates can be enough.
為咗促進呢啲非法活動,一個地下市場專門賣「加密掠奪器」(crypto drainer)嘅工具同套件應運而生。加密掠奪器係惡意程式碼——好多時以服務形式出售——可以嵌入假網站或者瀏覽器擴充功能,受害人一有互動,資產就會自動畀偷走。去到2025年,呢啲已經演變成「掠奪即服務」(Drainer-as-a-Service, DaaS),任何人都可以買到預先寫好嘅腳本,方便快速開設釣魚網站,連同智能合約,一條龍洗劫資金。有啲高級啲嘅掠奪器甚至有「客戶服務」俾騙徒問問題,並且有避開反釣魚系統嘅功能。安全公司Kaspersky表示2024年尾,暗網論壇上對加密掠奪器套件嘅需求激增咗135%,反映網絡犯罪分子需求大增。換句話講,犯案門檻大大降低——唔洗識寫程式,買個$50美金嘅釣魚套件加啲網頁模板已經足夠。
Case in point: in early 2025, a security audit revealed that over 500 scam websites were using nearly identical drainer code, all likely purchased from the same few sources. This mass-produced approach means even if each individual site only dupes a handful of people for a few thousand dollars, the collective haul is large – and it’s scalable. It’s a reminder that we’re not just dealing with lone scammers, but with what analysts call “fraud-industrial complexes”. Some groups even run fraud call centers or use AI chatbots, as mentioned earlier, to lure victims to these phishing traps.
舉個例:2025年年初,有一次安全審查發現超過500個詐騙網站用緊差唔多一樣嘅掠奪器代碼,好大機會全部都係向同一兩個供應商購買返嚟。呢種批量生產嘅做法,即使每個網站只係呃幾個人、每人呃幾千蚊,加埋總額都可以好可觀——兼且好易變得愈嚟愈大規模。呢個現象提醒我哋,其實唔只係同單獨嘅騙徒打交道,而係面對住分析師所謂嘅「詐騙工業複合體」。有啲集團甚至會開設詐騙呼叫中心,或者好似之前提過咁,用AI聊天機械人引誘受害人墜入釣魚陷阱。
How can users protect themselves? Firstly, never enter your wallet’s seed phrase or private key anywhere online except your official wallet app – no legitimate airdrop or support staff will require those. Be extremely cautious about connecting your wallet to new sites. If you’re testing a new Web3 application, consider using a separate wallet with only a small amount of funds. Always inspect what permissions a site is asking for – if a site requests unlimited spending access to your tokens, that’s a red flag unless it’s a known platform and you understand why. Use tools like MetaMask’s transaction simulation or Etherscan’s approval checker to review and revoke any suspicious permissions. Moreover, keep anti-malware software updated, and treat unexpected emails or messages about your crypto with skepticism. A healthy habit is to manually navigate to websites (e.g., type the exchange URL yourself or use a bookmark) rather than clicking links, especially if you weren’t expecting to receive one. The adage “don’t trust, verify” is vital: go slow and double-check URLs and requests, because one errant click or signature can be disastrous.
用戶應該點樣保護自己?第一,永遠唔好喺官方錢包app以外嘅線上地方輸入你個種子短語(seed phrase)或者私鑰——冇一個正當嘅空投活動或者客服需要你提供呢啲資料。連接錢包去新網站時要格外小心。如果要測試新Web3應用,可以用另一個只放少量資金嘅錢包。每次都要留意網站要求你賦予咩權限——如果個網站要求你畀無限額度使用你嘅代幣,除非係聲譽好又了解原因,否則要當心。用好似MetaMask啲交易模擬或者Etherscan啲權限審查工具,檢查並收回你唔識或者覺得可疑嘅授權。另外,要保持防毒軟件更新,對任何突如其來有關加密貨幣嘅email或訊息保持懷疑態度。最好習慣自己入網址(例如輸入交易所網址或用書籤),唔好亂咁撳link,尤其係啲你唔預期會收到嘅link。「唔信,核實」呢句老話好重要——慢慢嚟,複查清楚網址同請求,因為一個錯誤嘅click或簽名可能會搞出大鑊。
On the industry side, advancements are being made too. Blockchain analytics companies have started flagging wallets associated with phishing and tracking drainer patterns. Some wallet apps now warn users if they’re about to sign something unusual (like a transaction that transfers all your tokens). And exchanges cooperate to blacklist addresses tied to clear-cut scams, though criminals often quickly move funds through mixers or cross-chain bridges to obscure the trail. Still, as one cybersecurity expert put it, technical fixes alone won’t solve a fundamentally human problem – ultimately, scammers prey on curiosity, fear, and greed. Staying informed about the latest phishing ploys and maintaining good security hygiene is key for every crypto participant.
業界方面,其實都不斷進步。區塊鏈分析公司已經開始標記同釣魚或掠奪相關嘅錢包,並追蹤掠奪模式。有啲錢包app會提示用戶即將簽署可疑交易(例如要轉晒全部代幣出去嗰啲)。交易所都會聯手封鎖涉及明顯詐騙嘅錢包地址,雖然騙徒好多時都會用混幣服務或者跨鏈橋好快調走資金洗橫手。不過,正如一位網絡安全專家所講,技術解決方案始終解決唔到根本嘅「人性」問題——最終,騙徒就係利用人嘅好奇、恐懼同貪慾。緊貼最新釣魚手法同保持好嘅安全習慣,對所有加密參與者嚟講,都係必需。
“Pig Butchering” Romance & Investment Scams
##「殺豬盤」式愛情及投資騙局
Among the most psychologically damaging scams in recent years is the category known as “pig butchering” – a long-con fraud where scammers cultivate an online relationship with the victim (the “pig”), gain their trust and confidence over weeks or months (“fattening” the pig), and then orchestrate a massive financial exploitation (“slaughtering” the victim). Originating as a term from Chinese criminal networks (sha zhu pan), pig butchering scams have gone global, and 2025 shows they are not only persistent but evolving in new ways. These schemes often blend elements of romance scams, fake investment platforms, and even high-tech deception, making them among the hardest to recognize until it’s too late.
近年對心理傷害最大嘅騙案之一就係所謂嘅「殺豬盤」——呢種係一種長線欺詐行為,騙徒喺網上同受害人建立關係(即「養豬」),用幾個禮拜甚至幾個月時間慢慢贏取對方信任(「養肥」),然後部署一場大規模金錢搾取(「宰豬」)。「殺豬盤」呢個名最初來自中國嘅犯罪集團,但而家已經全球化,去到2025年,呢啲騙案唔單止繼續,仲愈來愈多花樣。呢類手法通常混合咗愛情騙案、假投資平台甚至高科技騙術,令到成件事更加難及早識破。
In a classic pig butchering scenario, it starts with a friendly outreach on social media or a dating app. The scammer might pose as an attractive person or a successful mentor figure. They don’t ask for money right away – instead, they engage the target in daily conversation, building an emotional connection or a sense of camaraderie. Only after trust is established do they introduce the idea of investing in cryptocurrency. “Have you ever traded crypto? I’ve been making great returns, I could show you,” they might say. In 2025, these fraudsters commonly direct victims to sophisticated fake platforms – often bogus crypto trading or mining apps that look legitimate and even show fake profit balances. The scammer (still in character as a friend or lover) will sometimes even let the victim withdraw a small amount of “profit” early on, to prove the system works. This hooks the victim into investing larger sums. It’s not unusual for the victim to see their account balance on the fake platform balloon to tens or hundreds of thousands of dollars on screen, reinforcing the belief that they’ve struck gold.
典型嘅殺豬盤騙局,通常由社交媒體或者交友App嘅一個「友善」訊息開始。騙徒可能會冒充俊男美女,或者成功人士等等。佢哋唔會一開始就攞錢——而係每日同目標傾計,建立情感連結或者朋友感覺。直至大家信任之後,先至會開始講關於加密貨幣投資。「你有冇玩過加密幣?我最近賺咗好多,可以教你呀。」佢可能會咁講。到2025年,呢啲騙徒會帶受害人去一啲精心設計嘅假平台——好多都係偽造嘅加密交易或挖礦Apps,睇落十足十真,仲會顯示虛假盈利數字。騙徒(依然扮演好友或者情人)有時甚至會畀受害者早期提取少量「盈利」,證明個系統「真係有效」。受害者一上鈎,就會愈投愈多。唔少受害人會見到假App入面個戶口結餘升到幾十萬甚至幾百萬美元,信以為真。
*Scammers often carry out pig butchering via social messaging, gradually convincing targets to join fake investment schemes. In this real example from an investigation, the scammer (left) touts an “AI intelligent trading” platform with arbitrage opportunities during a chat conversation, while on the right is a screenshot of the phony trading app interface they direct victims to. Everything is engineered to look professional and profitable – until the victim tries to withdraw funds, at which point the fraud becomes apparent and the scammers disappear with the money.
*騙徒好多時都經社交訊息進行殺豬盤,慢慢說服受害人參與假投資計劃。以下係一宗真實調查個案:騙徒(左)喺聊天時推銷一個所謂有套利機會嘅「AI智能交易」平台,右邊係佢哋引導受害人使用嘅虛假交易App界面。成個過程刻意造得好專業又有利可圖——直到受害人試圖提現,詐騙真面目即時曝光,錢已經被騙徒捲走。
The scale of pig butchering operations is massive. According to some estimates, more than $75 billion may have been stolen worldwide via pig butchering scams since 2020. That figure, while hard to verify precisely, underscores that we are dealing with industrialized fraud networks. In April 2025, one high-profile case involved a Maryland, USA woman who lost over $3 million to a pig butchering scam. She was approached via a messaging app by someone who became a daily confidant and eventually guided her into what she thought was a lucrative crypto investment program. Each time she invested more, the platform showed her making extraordinary gains – but when she attempted to cash out, she was hit with phony “tax” and “fee” demands. She kept paying these extra charges, hopeful to unlock her earnings, until reality set in that it was all a ruse. Tragically, after her savings were wiped out, scammers targeted her again with a “recovery scam”, pretending to be a law firm that could help get her money back for an upfront fee. This secondary exploitation of victims – essentially kicking people when they’re down – is common. Fraudsters share lists of people who have already been scammed (or use the same alias to re-contact them later) under the assumption they may be desperate enough to fall for another trick.
殺豬盤規模極大。有啲報告話自2020年以嚟,全球殺豬盤詐騙總金額或超過750億美元。雖然難以精確計算,但都證明背後係工業化詐騙網絡。2025年四月,美國馬里蘭州有女士就曾經被殺豬盤騙咗超過三百萬美元。對方以即時通訊App接觸,日對夜對變咗心腹朋友,最後帶佢進入一個自以為好賺錢嘅加密貨幣投資計劃。每次追加投入,平台都顯示搵好多錢——但一想提現,就被要求先付假「稅金」、「手續費」。佢一直交錢,心思思以為可以解凍賺到嘅收益,最終醒覺原來成件事都係騙局。可悲嘅係,當佢全部積蓄都冇晒之後,騙徒再假冒「律師行」行兜兜轉「回收案」,呃收前期費。呢種落井下石式二次剝削好常見——騙徒會互相交換受害人名單,甚至用同一個假身份遲啲再聯絡對方,因為佢哋覺得喺絕望下更易上當。
Pig butchering rings often operate from overseas and can involve human trafficking and forced labor. Numerous reports have emerged of large scam compounds in Southeast Asia (Myanmar, Cambodia, Laos) where criminal gangs hold dozens or hundreds of workers, forcing them to run these online scams targeting victims around the globe. These workers are trained with scripts and even playbooks on how to gradually manipulate someone emotionally. It’s truly organized crime. Law enforcement agencies are trying to respond: in late 2024, Interpol and local police rescued some trafficking victims from scam centers, and in 2025 the U.S. FBI issued strong warnings and worked with tech companies to disrupt pig butchering networks. Telegram, a platform often used for initial contacts, has collaborated to shut down channels that scammers use for coordination. Yet arrests typically nab low-level operators; the kingpins, often protected by jurisdictions with lax cybercrime enforcement, remain elusive.
殺豬盤集團好多時喺海外運作,甚至牽涉人口販賣同強逼勞動。近年有唔少報道指東南亞(緬甸、柬埔寨、老撾)有大型詐騙工廠,黑幫囚禁幾十甚至幾百人,強迫佢哋日日做騙案,全球搵受害人。工人受到標準化劇本訓練,每一步同點樣慢慢玩弄情感都有指導——絕對係有組織犯罪。執法機關都有回應:2024年尾,國際刑警同本地警方救出咗一啲被販運去詐騙中心嘅受害者;2025年美國FBI仲向全美發出警告,聯同科技公司打擊殺豬盤集團。好多騙徒一開始會用Telegram聯絡,該平台近年都有同當局合作封殺相關頻道。不過,警方往往只捉到低層打手,幕後大佬因為躲喺無乜網絡罪行執法嘅地區繼續逍遙法外。
One way pig butchering has adapted in 2025 is by embracing DeFi and Web3 jargon. In the past, many such scams revolved around simple buy/sell crypto on a fake exchange. Now, scammers lure victims into more complex fake DeFi platforms – for instance, a sham yield farming or staking site where the victim believes they are earning 3% daily interest. The interface might show liquidity pools, NFT collectibles, or AI-powered trading bots, all fake but visually convincing. “Decentralized pig butchering” is the term some experts have used, because the scammer encourages the victim to use real decentralized apps (or at least something that mimics them) rather than just sending money outright. One reported case saw a victim introduced to a “new DeFi project” by a romantic interest; the platform had what looked like audited smart contracts and real-time market data, tricking the victim into believing it was legitimate. Early on, the victim could withdraw small amounts, but a hidden trapdoor in the code funneled larger withdrawals to the scammers’ wallet, which was only triggered after significant deposits. By blending technical deception with social manipulation, these hybrid scams blur the lines and exploit both emotional and technical trust.
殺豬盤去到2025年都開始用DeFi同Web3術語包裝。以前好多收錢手法都係假交易所上買賣加密幣。依家就引人入假DeFi平台——例如執到咩「假流動性挖礦」或者「假質押」網站,受害人以為每日賺緊3%利息。平台界面會有流動性池、NFT收藏品、AI交易機械人等,全部都係假但造得好真。業內有專家形容為「去中心化殺豬盤」,因為騙徒會鼓勵受害者用(或者以為用緊)真正嘅去中心化應用,而唔單止係轉錢。曾有個案,受害人畀情人介紹去一個「新DeFi項目」,介面有「審計」過嘅智能合約,仲有即時市價資訊,令人信以為真。初時畀你提取少少錢,但程式碼埋藏陷阱,一到大額提款就全部過咗去騙徒錢包。呢啲混合技術詐騙同社交操控,好易令人界線混淆,情感同技術信任一齊被利用。
For victims, the fallout is not just financial but deeply emotional. The betrayal by someone they considered a friend or romantic partner can cause shame, depression, and devastation. It’s not uncommon for victims to
對受害人嚟講,損失唔只係金錢上,更加係內心創傷。有人以為自己搵到朋友甚至共度一生伴侶,最後發現一切都係騙局,會感到羞愧、抑鬱甚至徹底崩潰。受害者中...Sure! Here is your translation in the requested format (markdown links skipped):
由於尷尬而唔願意出嚟報案——騙徒就係睇準呢點,利用受害人嘅羞恥心理來拖延警方介入。消費者保障機構一再提醒,其實任何人都可以成為受害者;呢啲騙徒極之有說服力同埋非常有耐性。一個重要預防貼士就係對於新認識嘅網上朋友主動提出嘅投資建議要提高警覺,無論佢幾咁友善或者似乎幾咁有專業知識。如果你只係同某個網上認識冇耐嘅人,佢就催你參加一個「超勁」加密貨幣機會——尤其係引導你離開大眾熟悉嘅交易所,去一啲冇人識嘅平台或App——呢啲就係極大紅旗。要自己做功課研究,千祈唔好畀第二個人遠程「教你」點投資你啲錢。再者,如果網友長期都唔肯視像通話甚至見面,亦好可疑(雖然家陣就算視像亦可以透過deepfake造假,正如我哋見過咁)。
驗證任何投資平台嘅合法性係非常重要:要睇下佢係咪註冊公司,亦可以查下有冇人報告過佢係騙局(例如Chainabuse或其他追蹤騙局資源都幫到手),一開始可以試下提早提走一小部份資金作測試(但要留意,有啲騙局都會容許你提過一次小錢嚟建立信任)。如果你或者身邊人唔小心中咗招,要記住好多時仲會引嚟「recover scam」(復原騙局),所以嚴格審查任何話可以收費幫你攞返錢或者自稱係執法人員喺Telegram或者WhatsApp主動聯絡你嘅人(真警察一般唔會咁做)。所謂「殺豬盤」尤其邪惡,因為佢同時針對人對聯繫同財務安全嘅需求。最有效嘅防禦就係提高警覺:識得呢種騙案,知道佢嘅手法,已經可以幫潛在受害人防疫於未然。
DeFi 一鋪清袋(Rug Pull)同埋迷因幣騙局
喺去中心化金融(DeFi)同加密貨幣代幣買賣自由放任嘅世界,「一鋪清袋(rug pull)」已經成為經常出現嘅危機。「Rug pull」基本上係「掉包騙案」:開發者推出新嘅代幣或項目,用宣傳吸引用家投資,之後突然撤資或者利用程式碼後門偷走資金——留低投資者手上啲一文不值嘅代幣。2024及2025年間,rug pull發生次數同形式都有所變化,但單論損失金額,仍然係加密貨幣世界最大宗嘅詐騙之一。
有趣嘅係,2025年雖然單筆rug pull事件比2024少,但每一單造成嘅損失都大得多。根據DappRadar數據,2024年年初有21宗明確記錄嘅rug pull事件,而2025年同期只得7宗——發生頻率大約下跌66%。但係,2025年呢7單合共造成近60億美元損失,係一個極誇張嘅跳升(比2024年初嘅9,000萬美元暴增超過65倍)。點解騙案次數少咗反而損失大咗咁多?原因係一單超巨型清袋案就可以遠遠超過幾十單細細地。「大約92%損失——即係約55億美金——就出現喺Mantra DAO嘅OM代幣崩潰事件。」(根據DappRadar報告),雖然項目創辦人否認有意「清袋」。Mantra的OM代幣因一次大型出售(據報係大戶拋貨)價值暴跌,市值蒸發數十億。無論係咪「內鬼搞局」,DappRadar都當佢為清袋範例——有效果上一樣。呢單案反映咗灰色地帶:有陣時,項目自己倒閉同騙案,表面睇好難分辨。無論如何,訊息就係:「清袋」騙案愈嚟愈少但愈嚟愈嚴重,有分析員形容為「少咗但殺傷力更大」。
2025年一個明顯趨勢係迷因幣(memecoin)成為清袋主角,超越咗2024年較多見嘅DeFi協議同NFT騙案。迷因幣——通常係狗狗主題、無實際用途但一夜爆紅嘅幣——提供咗完美「炒賣」同清袋環境。騙徒好叻利用「發達心態」同上網瘋傳新幣熱潮。他們會設計代幣合約暗藏惡意功能,或者透過多個錢包持有極大供應量。然後就靠Twitter、Telegram甚至「網紅」(有啲係收錢、或根本係假)大力炒作,吸引大眾注意力。當流動性同價格飆升到預定水平,騙徒隨即「走貨」:好似喺智能合約中自製大量新幣俾自己,或者直接抽走流動資金池,令幣價幾秒內歸零。
其中一個轟動例子係2025年年初阿根廷Libra幣事件。呢隻幣(同Facebook Libra冇關係)因阿根廷總統Javier Milei喺社交平台貼文力推,一度炒到市值數十億美金。好多投機者爭住入場,點知Milei之後靜雞雞刪除咗嗰條post,幣價即刻插94%,引發公憤同被質疑係總統post帶起嘅pump-and-dump(先升後潑)局。成件事究竟係內部策劃抑或純屬市場瘋狂後恐慌未見分明,但充分體現memecoin市場好脆弱。另一單矚目事件係Meteora(M3M3)迷因幣清袋案。控方案指出,幕後人在開盤數分鐘之內用150+錢包攞咗95%流通量,然後用假交易炒高價錢,引大眾搶買。等到人哋入晒場,佢哋就dump貨收割,外面投資者合共損失約6,900萬美金(2024年底至2025年初)。結果仲有人主張,以後咁啲持倉高迷因幣應當被定義為證券,方便監管。
DeFi協議型清袋一樣有。好典型例子就係2023年Kokomo Finance案(雖然早啲,但同類做法而家都見)。Kokomo係架設喺Optimism(一條以太坊二層)之上的借貸協議,突然消失連同500萬多美元用戶資產走佬。初時開發者真係寫左啲正路智能合約,甚至做過初步審計冇發現大問題。但到後來改合約或者用upgrade功能加埋惡意Code,令佢哋可以直接將資金清袋。最後刪咗網站、社交帳號——典型走佬證據。呢種「兩面人/掉包程式碼」手法而家愈嚟愈多:開頭裝專業、甚至過audit,時機到就用未被理會嘅後門或管理權限下手。有啲仲「慢走」幾個月,特登建立社區同吸外部資本,等人鬆懈至適時行動。仲會埋啲治理投票、延時合約等迷惑大眾,投票通過時資金已經進袋,人都消失。
對加密貨幣投資者來講,有幾個紅旗同小心位要留意。團隊匿名、冇清晰發展藍圖或者產品、承諾不切實際(如「包賺100倍」)——都要提防。冇外部審計、或者幾乎冇歷史痕跡嘅新項目都好危險。不過就算審計咗都唔保證萬無一失(邪惡開發者有辦法避開)。同時要留意代幣分配情況——幾個錢包控制晒供應或者流動性低過市值,極高風險。有啲工具可以查代幣合約有冇內置古怪功能(例如管理員可新增代幣、鎖定交易等),Token Sniffer或鏈上安全報告有參考價值。DappRadar分析員指,無故活動錢包或交易量暴增都或有操縱跡象。相反,如果一個項目GitHub冇任何紀錄、一夜爆紅都要小心。
好嘅係,依家用戶意識增強。好多時社交平台加密社群只要一懷疑就會即時發出警告。不過「恐失症」(FOMO)下仲有人唔理勸告中伏。監管機構亦愈來愈多行動,例如美國在2023/24年以投資詐騙罪名起訴過幾宗Defi / NFT rug pull,證明執法部門肯追查。但由於加密世界多用化名,要事後追回極難,預防勝於治療。DappRadar總結:「Rug pull永遠未必可以徹底消除,但有正確資訊,用戶自己可以極大減少中招損失。」換言之,頗懷疑同做足功課係你於代幣交易「野蠻西部」中保命符。淨係投資大路項目,永遠假設新Token都當佢係騙局直到證明唔係,你就可以避過大部分清袋陷阱。至於朋友或KOL猛勸你「呢隻新幣快D入場啦」,記得「炒熱」正正係騙徒最有力武器——千祈唔好畀興奮沖昏頭腦忘記查證。
庞氏騙局與高息「投資計劃」
唔係所有加密貨幣騙案都要靠高深技術,其實好多都係傳統嘅「老千」——以加密行頭包裝嘅龐氏/金字塔騙局。手法都係老掉牙:承諾投資者超高甚至包贏回報,往往用「獨家算法交易」、「礦機包賺」等名目...operation, or arbitrage opportunity. Early participants may receive some payouts (often using funds from newer investors) to build credibility. But inevitably, the structure collapses when the operators decide to vanish with the funds or when recruitments dry up. Despite the crypto community’s awareness of infamous Ponzis like BitConnect (which imploded in 2018) and OneCoin (which was exposed as a multi-billion dollar fraud), new iterations continue to emerge, sometimes incorporating the latest buzzwords to seem legitimate.
運作,或者套利機會。早期參與者可能會收到少量回報(通常其實係用新入場投資者嘅錢),用嚟建立「信譽」。但呢種結構始終會崩潰,一係搞手拎晒啲錢走佬,一係冇新人入場。雖然加密社群對BitConnect(2018年爆煲)同OneCoin(揭發為超過數十億美元嘅詐騙)呢啲臭名遠播嘅龐氏騙局都好有警覺,但新嘅變種依然層出不窮,有時仲會用上最新流行詞嚟扮到好正經。
In 2024 and 2025, regulators and investigators have cracked down on several large crypto Ponzi schemes, yet others still operate under the radar. The U.S. Securities and Exchange Commission (SEC) in 2024 charged the founders of HyperFund/HyperVerse, an alleged crypto mining and investment pyramid, claiming it defrauded investors of around $1.7 billion. HyperFund enticed people with the promise of daily returns from cryptocurrency “mining pools” and had a multi-level referral system – classic Ponzi indicators. The scale (nearly two billion dollars) shows these schemes can grow huge before authorities intervene. In another case, CBEX, a supposed trading platform mostly targeting Africa, collapsed in April 2025 leaving millions of dollars in losses and thousands of victims in its wake. CBEX presented itself as a cutting-edge crypto exchange offering lucrative investment plans, but it appears to have been a scam that unraveled when withdrawals stopped and the operators disappeared.
2024同2025年,監管機構同埋調查人員打擊咗幾個大型加密龐氏騙局,不過仲有其他繼續潛伏運作。美國證券交易委員會(SEC)喺2024年起訴咗HyperFund/HyperVerse啲創辦人,指佢哋經營加密挖礦、投資金字塔騙局,呃咗投資者大約十七億美金。HyperFund用所謂「加密礦池每日回報」吸引人入場,又有多層推介制度-經典龐氏騙局特徵。金額之大(近20億美元)證明呢啲局可以好誇張咁膨脹至被查封。另一單CBEX嘅案例,呢個以非洲為主要目標嘅虛假交易平台喺2025年4月爆煲,留下幾百萬美金損失同幾千名受害者。CBEX自稱前沿加密交易所,提供高回報投資計劃,結果當提款停咗、搞手蒸發,大家先發現原來係騙局。
A hallmark of modern crypto Ponzis is the use of contemporary tech jargon to lure the tech-savvy while masking the lack of real business. You’ll hear terms like “AI-powered trading bot,” “liquidity mining,” “DeFi arbitrage,” or “Web3 cloud mining” in their marketing. In reality, as one analysis put it, they’re just slapping buzzwords onto the age-old “give us your money and we’ll magically make more for you” pitch. For example, a scheme might claim it uses an AI to exploit crypto market inefficiencies 24/7, yielding 5% per day, and all you have to do is deposit your Bitcoin and let it work. These stories sound plausible to those who are aware of AI and crypto but not deeply versed in their limits. Scammers often operate slick-looking websites and apps, sometimes even registering shell companies to appear legitimate. They’ll have referral programs, VIP tiers, and maybe a Telegram community full of botted testimonials. Everything is fine until one day – often without warning – withdrawals are “temporarily halted” due to some excuse (system upgrade, regulatory issue, etc.), which is quickly revealed to be permanent as the organizers exit with the funds.
現代加密龐氏騙局嘅特色,就係成日用最潮科技字眼去呃識科技嗰班人,同時掩飾背後根本冇做緊乜嘢生意。你會喺佢哋啲宣傳見到「AI自動交易機械人」、「流動性挖礦」、「DeFi套利」或者「Web3雲挖礦」之類嘅字眼。其實,正如有評論所講,根本就係將一堆潮語黐落「畀我哋你啲錢,我幫你不停生錢」呢個老套噱頭度。例如,有啲計劃聲稱用AI日夜24/7監測加密市場低買高賣,保證每日回報5%,你只要存入Bitcoin等佢幫你搵錢就得。呢啲故事,對有啲理解AI同加密嘅人聽落似係真,但其實對行業限制唔甚清楚。騙徒通常有埋靚仔網站同apps,有時亦會註冊空殼公司扮正規。佢地有推廣朋友入場攞分紅嘅制度、VIP會員級別、甚至喺Telegram有幾萬個假用戶對公司彈琴。直到有一日,通常冇預警,提款話因為「系統升級」、「監管」原因暫停,實際上係搞手劫走晒錢,事件就咁「完結」。
Even smaller-scale “investment manager” scams abound. These are often individuals posing as successful crypto traders or portfolio managers. They will, for instance, promise to take your 1 ETH and, through their special strategy, return 2 ETH in a week. On platforms like Instagram, it’s common to see scammers flaunting luxury lifestyles and trading screenshots to entice followers into sending them crypto to invest. Of course, once sent, the money is gone. In one 2025 example, an Australian man was contacted via the Signal app by someone offering an investment opportunity; he started with $500 and saw supposed profits, so he invested more and more, ultimately losing about $64,000 when he realized the entire thing was fake and he couldn’t withdraw his funds. Similarly, a 57-year-old woman in Cyprus was duped into a crypto investment scheme over a couple of months, losing €37,000 (~$41,600) after the scammers invented reasons she couldn’t withdraw and needed to pay more. These stories highlight that you don’t need to be a complete crypto novice to fall victim – sometimes basic financial trust and the lure of high returns can cloud judgment, especially when the scammers patiently groom their marks (overlaps with pig butchering techniques).
細規模啲嘅「投資經理」騙局都好氾濫。好多都係假冒成功加密操盤手或者資產經理,聲稱你畀1 ETH俾佢,靠「獨家策略」一星期變返2 ETH畀你。喺Instagram嗰啲平台,成日見到騙徒炫耀豪華生活、交易盈利截圖,呃人匯加密貨幣去「代投」。錢一出手就冇回頭。有2025年案例,一個澳洲男人喺Signal app收到投資機會,開初落$500後,見到帳面「賺錢」,跟住愈投愈多,最終損失咗約$64,000美金,點知全部都係假、根本攞唔返錢。塞浦路斯有位57歲婦人畀人騙咗兩個月,話參與加密投資,最後因為「未達條件」、「要再補錢」諸如此類理由,損失€37,000(約$41,600美金)。呢啲例子證明,你未必要完全不懂加密都中招-有時好基本嘅信任加上高回報誘惑已經足夠令人判斷失準,尤其係騙徒慢慢「養豬」咁鋪排(同殺豬盤有重疊)。
One interesting variant reported in 2025 involves fake crypto mining operations. We saw a hint of this in the aforementioned Vietnam case, where a group ran a fraudulent “BitMiner” website, selling mining machine contracts and education, which turned out to be a scam netting them around $157,000. Globally, many consumers are still unfamiliar with how crypto mining works, making them susceptible to scammers offering cloud mining packages or asking them to invest in mining hardware that will supposedly generate steady crypto income. Often these operations pay out tiny amounts at first (to appear real) and then suddenly cease payouts and support.
2025年有個幾特別嘅新變體,就係假加密挖礦計劃。我哋見到越南嗰單「BitMiner」網站都係賣挖礦機合約同「培訓」,結果呃咗大約$157,000美金。全球仲有唔少人根本唔識挖礦係咩玩法,騙徒就乘虛而入,賣所謂「雲挖礦」服務或者話要買礦機入股,保證穩定加密被動收入。一開始都會派返極少數錢嚟呃信心,之後忽然就停咗派錢同客服。
To guard against Ponzi-style schemes, individuals should remember a few cardinal rules. Guaranteed high returns are a red flag – no legitimate investment in crypto or elsewhere can promise, say, “1% daily growth” or other absurd consistency. If someone claims to have a fail-proof system, it’s likely a fraud. Verify the entity: Is the company or fund registered with any financial authority? Do they provide audited financial statements or transparency about their operations? In crypto, plenty of legitimate projects are unregulated of course, but then they usually don’t solicit you with guaranteed returns – they’ll talk about risk and market fluctuations, whereas scammers downplay risk entirely. Be wary of referral-heavy models: If you’re being encouraged to bring in friends to earn bonuses, and those friends need to bring in more friends, that’s the pyramid structure revealing itself. Also, check if what they’re supposedly doing with your money makes sense – for instance, if it’s arbitrage, why do they need your funds instead of using their own to quietly make a fortune? If it’s mining, are they actually posting technical details about their mining farms? Often a quick internet search of a scheme’s name plus “scam” will yield warnings on forums or reports by others. Scammers depend on reaching people who haven’t heard about previous scams, which is why they often hop from region to region or community to community (we see a lot of cross-border targeting – e.g., a scam run out of one country targeting victims in another where news of it hasn’t spread).
要防範龐氏騙局,記住幾個重點規則:包賺高回報一定係紅色警號-冇任何正規投資(唔論係加密定其他)可以保證「每日1%增長」咁荒謬;有人話有「穩贏系統」幾乎肯定係呃你。查清楚實體:公司、基金有冇註冊金融監管?有冇發表審計報表或業務透明度?雖然加密圈唔少真項目都冇受監管,但佢地唔會主動向你包保證回報-佢地會講風險、市況波動,騙徒反而成日扮到滴水不漏冇風險。再者,對朋友推介、下線愈多愈賺嘅模式最危險-其實係金字塔結構。諗下佢聲稱點樣幫你賺錢合唔合理-例如,如果真係做套利點解要用你嘅錢,自己唔低調賺?如聲稱挖礦,佢地有冇公開礦場細節?最簡單,上網查一查個計劃加埋「scam」字,網上論壇早有無數警告。騙徒靠咩?就係搵啲冇聽過之前啲騙局嘅新目標,所以成日換區換圈搞(見唔少跨境騙案-例如一國開局,專針對另一國受害人,當地又未有人揭穿)。
Ponzi schemes can run for a surprisingly long time if fresh money keeps coming in – OneCoin lasted several years, defrauding victims of over $4 billion, before it fell apart. In 2025, with crypto markets rebounding, the environment is unfortunately ripe for such schemes to catch those who feel they missed out on the latest bull run and are hungry for outsized gains. Thus, education and skepticism are crucial. Remember that legitimate crypto investing is usually a slow, research-intensive process – any shortcut offered to you on a platter is likely a trap. If friends or family get pulled into something that sounds like a Ponzi, it’s important to have open conversations and share information (not always easy, as psychology of these scams can create cult-like belief among participants). Regulators worldwide have increased public advisories about crypto investment scams; even so, enforcement is tricky when scammers hide behind anonymity and jurisdictional gaps. That’s why the crypto community’s internal immune system – skepticism, whistleblowing, and information-sharing – is so vital to counter these high-yield frauds.
龐氏騙局可以運行好幾年,只要有新血不斷湧入-OneCoin好似玩咗幾年,呃走咗超過40億美元先爆煲。2025年加密市場回暖,市面尤其多呢啲騙局瞄準一班追牛市、怕錯過大升浪嘅人。因此,最重要係教育同懷疑精神。記住,正規加密投資通常係一個需要大量研究、慢慢發展嘅過程-有人話有捷徑,多數都係陷阱。如果朋友或家人被疑似龐氏扯入,要坦白開放咁同佢溝通、多分享資訊(唔易,因為騙局心理會養成古怪「信仰」)。全球監管都不停呼籲公眾警惕加密騙局;但騙徒靠匿名、跨區域執法難,依然難防。呢個時候就靠行內自我免疫力-懷疑、多揭發、多交流,對抗呢啲高回報詐騙。
Targeting the Most Vulnerable: Extortion, “Crypto ATM” Scams, and Recovery Fraud
專搵最脆弱群組埋手:勒索、「加密ATM」騙案同「搵返失錢」詐騙
While many crypto scams prey on investors’ greed, some of the most predatory scams prey on fear, urgency, or simple lack of technical awareness. These often target demographics like the elderly or those who have already been victimized once. A prominent example is the crypto ATM scam (a variation of impostor scams), which authorities around the world have been warning about. Here’s how it works: A scammer, often posing as a government official, bank fraud investigator, or even a distressed relative, calls an unsuspecting individual. They create a sense of panic – perhaps claiming “Your bank account is compromised by criminals” or “Your grandson is in jail and needs bail money” – and insist the only safe or fast way to pay is through a cryptocurrency ATM. The victim is instructed to go to a Bitcoin ATM (which are in many convenience stores and malls now), insert cash, and send crypto to a provided address to resolve the situation. Of course, once the crypto is sent, it’s untraceably gone to the scammer.
好多加密騙局玩人性貪婪,但最無良嗰啲係專搵啲驚慌失措、冇乜科技知識嘅人落手,尤其係老人家或曾經中招嘅人。一個好出名嘅例子就係加密ATM騙案(其實係冒充騙局變體),全球執法機構都不停警告。流程通常係:騙徒冒充「政府人員/銀行防詐調查員/親戚遇難」等身份打俾受害者,製造緊急恐慌(例如話「你銀行戶口畀黑客入侵」或「你孫仔俾人拉咗要保釋金」),聲稱唯一可以即刻安全處理方式就係經加密貨幣提款機付款。受害人就會被指示去便利店或商場嗰啲Bitcoin提款機,入現金,打去指定錢包「解決問題」。事實當然係,一送出加密幣就搵唔返。
This con has sadly cost victims tens of millions of dollars. In the U.S. alone, seniors have been defrauded of over $65 million in the first half of 2024 via such crypto ATM phone scams, often involving someone impersonating a law enforcement officer or pretending to be a grandchild in trouble. The combination of a threatening phone call and the novelty of crypto ATMs can bewilder people who are not familiar with cryptocurrency. Police departments have tried to raise awareness; for instance, the Springfield Police in Massachusetts issued a warning in January 2025 stating: “If you receive a phone call with someone demanding a payment in cryptocurrency or Bitcoin, please hang up”. They noted an uptick in scammers directing victims to insert cash into crypto machines to send to the scammer’s wallet. Some crypto ATMs themselves have started placing warning stickers or requiring users to confirm they’re not sending funds to a scam (some machines in the U.S. ask if the payment is due to a call claiming IRS/tax issues, etc., and advise the user it’s likely fraud). Still, in moments of panic, people often comply – scammers are very skilled at keeping victims on the phone and coaching them through the process, sometimes even telling them what to say if a store clerk or family member intervenes.
呢類詐騙害人慘蝕千萬美元。單係美國,2024年上半年老人家就因為加密ATM電話騙案損失超過$6,500萬美金,通常都係有人冒認執法人員或孫仔被困。緊張既來電再加加密提款機新鮮感,分分鐘搞到唔識Crypto嘅老友記蒙查查。警隊都有努力教育,例如馬薩諸塞州Springfield警察喺2025年1月警示:「如果有人打嚟話要比Cryptocurrency或Bitcoin,掛線!」佢地都留意到愈來愈多騙徒叫人去提款機存錢入指定加密錢包。有啲提款機廠商開始貼警告標籤,或者問用戶確認唔係為騙案打錢(美國有啲甚至問係咪有人自稱IRS/稅務問題等,警告對方可能騙你)。但現實係,一驚慌好多人仲係會跟住騙徒指使,一路電話旁邊手把手教埋流程,有時連店員或家人阻止都教埋你點呃佢。
Another heinous crime is sextortion, which increasingly intersects with crypto. In sextortion scams, fraudsters target typically younger individuals (including teens), often through social media, by tricking them into sharing intimate photos or videos. Then the scammer
另一種令人髮指嘅犯罪就係加密勒索(色情敲詐),近年同加密貨幣愈走愈埋。在呢類「色情敲詐」騙局入面,通常專搵年青人(包括青少年),多數係社交媒體下陷阱,呃對方分享親密相片或影片。跟住騙徒……threatens to release the material publicly or send it to the victim’s friends/family unless a ransom is paid, frequently demanded in Bitcoin or Monero for anonymity. The psychological toll is immense, as victims feel shame and fear exposure. Crypto is used because it’s easier for the criminal to remain anonymous compared to bank transfers. In some cases, the scammer may not even have real compromising material – they might just claim to, or use a compromised social account to convincingly pose as someone with nudes. The FBI and other agencies have flagged a surge in sextortion cases, and because they tend to be underreported (victims are embarrassed or afraid to speak up), it’s an insidious problem. The advice from law enforcement is that you should not pay; instead, involve authorities – many police have units to handle these, and paying often leads to more extortion, not relief.
威脅會公開這些資料,或者傳送給受害人的朋友或家人,除非對方支付贖金,而贖金經常要求用比特幣或門羅幣支付以確保匿名。心理壓力極大,受害人會覺得羞恥和怕被揭發。用加密貨幣,就是因為比起銀行過數,罪犯更容易保持匿名。有時騙徒根本冇真正掌握什麼不雅材料 — 佢哋可能只係聲稱有,或者用入侵咗嘅社交賬戶假扮有人擁有裸照。FBI同其他機構都已經提出性愛勒索個案大幅增加,因為好多受害人都唔敢講出嚟或覺得尷尬,所以個問題其實好嚴重。執法部門嘅建議係千祈唔好俾錢,應該即刻搵警方處理 — 好多警察都有專隊跟進呢啲案件,而俾錢通常淨係會令被勒索嘅情況變本加厲,唔會帶嚟解脫。
Then we have the twisted offshoot known as recovery scams. These specifically target people who have already lost money in a previous scam, promising to help them recover their lost funds – for a fee upfront. For example, if you lost $50,000 in a rug pull or pig butchering, you might later get an email or LinkedIn message from a “Asset Recovery Specialist” or a law firm claiming they can trace and get back your crypto. They will often cite the victim’s specific loss (scammers share data, or that info might even be public in some form), which adds credibility. They’ll ask for a retainer fee or some kind of payment for legal expenses. Desperate to get their money back, victims pay these fees, which can be thousands of dollars, only to find out this “firm” was just another scammer exploiting their hope. It’s a particularly cruel con because it double-victimizes individuals who are already emotionally and financially hurting. Elliptic’s research noted that recovery scam websites have popped up sufficiently that the FBI seized some in 2024. These sites often had official-sounding names and even fake testimonials from “clients” they helped. One was shut down by U.S. authorities and revealed to be entirely bogus. Real asset recovery is extremely challenging in crypto, and law enforcement agencies don’t charge victims upfront – beware of anyone asking for money to help you retrieve money.
跟住落嚟就有叫做「追回資產騙局」呢種變種。呢啲針對啲已經中咗之前騙局、蝕咗錢嘅人,聲稱可以幫你追回損失,但要預先收費。例如你喺拉地氈或殺豬盤度輸咗五萬美金,過唔耐就會收到啲「資產追討專家」或者律師樓電郵/LinkedIn訊息話可以追蹤返啲加密貨幣。佢哋往往仲會講得好詳細,指明你蝕失具體金額(因為騙徒會交換資料,或者啲資料本身喺某啲地方已經公開),增加可信度。然後會話要先俾訂金或者律師費。受害人諗住搏返啲錢返嚟,就肯俾錢,可能畀幾千蚊美金,最後先發現呢間「公司」根本係第二輪騙局,專攻失意人。呢種騙局特別狠,等於再踩多腳一啲已經失去金錢同自信心嘅受害人。Elliptic嘅研究話,呢啲「追回平台」騙網站多到FBI喺2024年都要封咗幾個,啲名又好official、又有假客戶見證。美國政府清拆咗其中一個平台,發現全係假嘢。實際上,要喺Crypto世界度追回損失極之困難,執法部門唔會要求受害人預俾錢 — 只要有人話幫你追錢要先俾錢,十居其九都係騙案。
There are also miscellaneous frauds that hit vulnerable people, such as employment scams (where a fake crypto employer sends a check and asks for some back in crypto – the check bounces later), or tech support scams where scammers pretend to be helping fix a computer issue and then steal crypto from a wallet on the device. Another niche but notable scam: fake charity or investment opportunities tailored to religious or immigrant communities, playing on trust within those circles. The key connecting tissue is the exploitation of trust and the target’s lack of familiarity with the nuances of crypto.
仲有好多針對弱勢社群嘅雜項騙案,例如招聘騙局(假冒加密公司請人,寄個支票先俾人工,然後要求將部分人工用Crypto返還—但支票後尾會彈票),又或者技術支援詐騙(假冒電腦支援,幫你修電腦時順手偷咗你device入面wallet嘅Crypto),或者宗教團體、移民社群為目標嘅假慈善或投資局,專門食信任。共通點就係玩信任同受害人唔熟Crypto細節。
It’s worth noting that not all victims in these categories are completely un-crypto-savvy. Sometimes, people who have been in crypto for a while can still get alarmed by a scenario (like a call saying their exchange account was hacked) and be manipulated into rash action. High stress can short-circuit our better judgment. Thus, awareness campaigns stress never resolve a financial issue through unconventional means on a single call. If someone on the phone – no matter who they claim to be – directs you to withdraw cash and deposit it into a cryptocurrency ATM, or buy gift cards, or anything odd like that, it’s almost certainly a scam. Government agencies do not demand crypto payments. Utilities and banks do not resolve problems via Bitcoin ATMs. And if a “relative” is calling for bail via crypto, verify their identity through another channel.
值得一提唔係所有受害人都完全唔識行Crypto。有時做開Crypto嘅人都會遇到驚慌場面(好似有人打電話話你交易所賬戶被黑),結果中計衝動行事。壓力大時人嘅判斷能力會短路。所以教育推廣經常提醒,千祈唔好係電話度一次解決財務問題,特別係用奇怪手段。如果有人打嚟叫你攞現金去Crypto ATM入錢、或者叫你買禮品卡之類,幾乎肯定係呃你。政府部門唔會要你用Crypto付款,水電煤銀行都唔會叫你去Bitcoin ATM搞掂問題。如果「親戚」話要交保釋金比Crypto,記得要用其他方法確認佢真身。
The encouraging aspect is that law enforcement globally has ramped up public education and crackdowns on some of these fronts. For instance, in late 2024, Hong Kong police arrested a ring that used AI-enhanced romance scams (we discussed), and Vietnamese police took down a crypto mining scam ring – demonstrating international efforts to curb various frauds. The U.S. Federal Trade Commission (FTC) and FBI periodically release alerts about current scam tactics, which help reach non-crypto audiences. Crypto companies, too, are trying to educate users: exchanges send emails about common scams, and wallets have warning pop-ups.
欣慰嘅係,全球執法機構加快咗推廣教育同打擊某啲詐騙。例如2024年底,香港警察拉咗一個用AI強化嘅網戀騙案集團(我哋之前講過),越南警方亦搗破咗一個加密貨幣挖礦騙局。呢啲都證明唔同國家聯手打擊騙案。美國聯邦貿易委員會(FTC)同FBI都不時發佈最新詐騙手法通告,幫助唔玩Crypto嘅大眾認清陷阱。Crypto公司都落力教育用戶:交易所會發電郵講常見騙案,wallet app仲會有警告提示。
Ultimately, protecting the most vulnerable comes down to spreading awareness and fostering an environment where victims or targets can talk about what’s happening without stigma. Scammers rely on secrecy and shame – they often tell victims “Don’t tell anyone or the deal is off” or “Don’t inform the bank teller what this is for”. Breaking that isolation by consulting with a friend, family member, or law enforcement before taking unusual actions can stop many scams in their tracks. For those of us in the crypto community, it’s important to look out for less experienced friends/relatives who might be targeted. A five-minute conversation explaining that “no, the IRS will never ask for Bitcoin” can literally save someone’s retirement savings.
最終,保護最容易中招嘅人,其實最重要都係推廣認知、營造一個受害人可以無負擔講出遭遇嘅環境。騙徒最怕人講開口,佢哋成日叫受害人「唔好同人講,唔然交易就冇」或者「唔好同銀行職員講你做咩」。只要異常情況前肯同朋友、家人、或者警察商量,就可以阻止好多詐騙繼續。對我哋啲玩開Crypto嘅人嚟講,都係時候提醒啲唔熟盤嘅親友,免得中招。同佢解釋五分鐘「稅局永遠唔會問你攞Bitcoin」,真係幫人保住退休金都有份。
The Ongoing Battle: Platforms, Law Enforcement, and Community Response
As crypto scams have proliferated in 2025, so too have efforts to combat them – yet it often feels like a cat-and-mouse game, with scammers quickly adapting to new defenses. Social media and tech platforms, after years of being used as scam vectors, are under pressure to do more. YouTube, for instance, has faced lawsuits and public shaming for the prevalence of crypto scam streams and videos on its site. After Ripple’s lawsuit and settlement in 2021, YouTube agreed to improve anti-scam measures; it now uses better machine learning models to detect known scam video formats and has a dedicated team to respond to crypto scam reports. Despite that, as Garlinghouse’s recent warnings show, plenty slips through. One issue is the sheer volume – YouTube has billions of users and hours of content uploaded every minute. Scammers only need a short window of being live to snag victims. Platforms like Twitter (X) have similarly ramped up detection of fake giveaway tweets and impersonation accounts. In mid-2023, Twitter introduced a policy specifically targeting financial scams, and community initiatives like Twitter Community Notes sometimes flag suspicious posts. But scammers exploit any gap: for example, they might use Unicode tricks in names to evade detection (like “VitalikB\u0131terin” with a dotless i to impersonate Vitalik’s handle).
去到2025年,Crypto騙案愈嚟愈多,防範措施都跟住提升,不過感覺上依然係貓捉老鼠,因為騙徒適應得好快。社交同科技平台用咗好多年比人做詐騙溫床,家陣已經受壓要做多啲。好似YouTube,因為平台入面Crypto詐騙片同直播太多,已被人告過同公審過。Ripple官司同2021年的和解後,YouTube同意加強防詐騙措施,家下用更勁嘅機械學習模型嚟捉可疑詐騙格式,亦有專隊跟進報告。不過就算咁,正如Garlinghouse都最近話,好多漏網之魚。最大問題係數量,YouTube用戶幾十億,每分鐘上傳片都以小時計。騙徒只要開幾分鐘直播就夠釣到人。Twitter(X)都加強咗打假抽獎tweet同冒認帳戶。2023年中,Twitter推咗針對金融詐騙新政策,而Twitter Community Notes等社群計劃有時亦會標示可疑post。但騙徒好醒目,例如會用unicode喺名度玩花樣,避開監察(例子:「VitalikB\u0131terin」用無點i字去扮Vitalik)。
There’s also a balancing act with free expression – platforms don’t want to over-censor and accidentally take down legitimate content or falsely accuse users. Scammers exploit this hesitation, often hiding in plain sight until reported. Garlinghouse’s comment in 2025 that social platforms are now “acknowledging their role” but need to lead the charge rather than playing whack-a-mole was a call for more proactive stance. Some ideas floated include verified video messages (so a deepfake would be harder to pass off if there was a verification watermark) or required disclosure for crypto giveaway promotions. But implementing these is tricky.
仲要平衡言論自由 — 平台又唔想下下過份審查、刪咗正當內容或者誤中無辜。騙徒就係利用平台猶豫,明目張膽直到有人報案。Garlinghouse 2025年呼籲平台「肯認自身責任」但應該主動做事唔好只係打地鼠,係想大家更主動。坊間有啲方法,例如強制推行經認證嘅video message(有水印令deepfake冇咁易過骨)、或者規定Crypto抽獎要公開資料。不過實際落實唔容易。
Law enforcement has scored some wins. Besides the arrests mentioned earlier, agencies like the U.S. Department of Justice set up crypto crime task forces, and Europol coordinates cross-border investigations of major fraud rings. Interpol’s Trafficking in Scams initiative is focusing on pig butchering compounds and working with Southeast Asian nations to rescue scam workers and bust operations. On the legal front, the SEC, CFTC, and other regulators have pursued not just Ponzis but also celebrities who facilitated scams (for example, charging influencers who promoted fraud tokens). The message is that authorities are increasingly crypto-literate and watching this space. Yet, enforcement is inherently reactive – by the time a case is built, the money is often long gone and victims harmed. International cooperation is also patchy; some countries are safe havens for these criminals, or lack extradition treaties.
執法方面都有戰果。除咗頭先提過嘅拘捕,美國司法部設立咗加密貨幣罪案特別組,Europol協調跨國調查大型騙局。國際刑警有針對殺豬盤嘅專項行動,聯同東南亞國家救人同拆局。法律上,SEC、CFTC等監管機構唔止告Ponzi,更起訴幫兇(例如揸Fit人推介呃人token都告)。訊息好明顯,政府部門愈嚟愈識Crypto,唔係hea做。但執行天生反應慢 — 案件正式開始時,錢多數已經唔見晒,人受害。國際合作又唔齊,有啲國家根本係罪犯天堂,或者係冇引渡協議。
The blockchain itself provides some tools for justice, albeit limited. All transactions are typically traceable on public ledgers, so investigators can follow the money. In some cases, if funds move to a centralized exchange, law enforcement can freeze accounts – that’s happened for certain ransomware and scam proceeds. There are also efforts like scam wallet blacklists and even smart contract-level protections (for example, some token standards now can have circuit breakers if a massive dump is detected – though purists argue against those for being centralized features). Chainalysis, Elliptic, TRM Labs, and others have developed behavioral analytics that automatically flag likely scam patterns, such as clustering wallets that repeatedly receive funds from known phishing links. This is used by exchanges and compliance teams to block or investigate suspect funds.
區塊鏈本身都有啲追查工具,雖然效力有限。所有交易記錄公開,所以查案可以「跟錢走」。有時如果錢流入咗中心化交易所,警方可以凍結賬戶 — 有啲勒索同騙案錢係咁先追回返。亦有人做詐騙黑名單,甚至智能合約層面防護(例如啲token標準家下可以設有緊急開關,如果發現大量dump就斷咗合約功能 — 純潔派就話咁係變中央化)。Chainalysis、Elliptic、TRM Labs等已做咗自動分析工具,會「標示」出有機會係騙案pattern,例如一班wallet成日收已知釣魚link啲錢,交易所同合規部會根據啲data block或者查嫌疑錢。
Meanwhile, an interesting counter-development is the rise of scambaiting and vigilante hacker interventions. Some tech-savvy individuals infiltrate scam call centers or pig butchering groups, leaking information that can help potential victims or identify ringleaders. Others write bots that flood scam crypto addresses with warning messages encoded in tiny transactions (a technique to alert when someone’s about to send funds to a known scam address). There have been a few stories of white-hat hackers stealing back funds or disrupting scam smart contracts – though these vigilante actions are legally gray and rare.
另一方面,一啲新型「以暴制暴」行動都起緊。例如有啲識技術嘅人會滲透騙徒call center或者殺豬盤組織,爆料畀網民或公開主腦身份。亦有人寫bot不停send幾分錢交易去詐騙wallet地址,傳遞警告message(即有人send錢去已知騙戶口會自動收到警報)。間中都有白帽駭客偷返啲錢或者搞亂詐騙智能合約,不過呢啲做法就灰色地帶而且罕有。
From a cultural perspective, an essential piece is education and destigmatization. The crypto community frequently shares “PSA” threads about current scams, which is great. Projects like Bitcoin.org and Ethereum.org host pages on avoiding scams. Some victims have bravely come forward to tell their stories (like the Maryland woman in the CBS interview), whichhelps others realize how convincing these scams can be. Alex, a contributor at Built In, pointed out that fraud thrives in cultures of silence and shame; encouraging open discussion and reporting is key. If employees at a company can report that they were targeted by a deepfake call without fear of blame, the whole company can shore up defenses. Likewise, in online communities, people shouldn’t ridicule victims but rather use those incidents as lessons.
幫助其他人了解這些騙局有多具說服力。Built In 的撰稿人 Alex 指出,詐騙之所以猖獗,正是因為沉默與羞恥的文化;鼓勵公開討論和舉報是關鍵。如果公司員工能無懼責難地報告他們曾被 deepfake 電話針對,就能加強整間公司的防禦。同樣地,在網上社群,大家不應嘲笑受害者,而是應該將這些事件視為經驗教訓。
Resilience against scams will require collective effort. The crypto industry is innovating in defense as much as criminals innovate in offense: there are now AI tools that can detect deepfake artifacts, browser extensions that auto-warn of known scam URLs, multi-signature wallets and timelocks that can prevent one wrong click from immediately draining all funds, etc. Exchanges implement stricter Know-Your-Transaction (KYT) monitoring to catch suspicious deposits (like someone who suddenly got a huge amount from a freshly funded address – could be a scammer cashing out). Some jurisdictions are even considering mandatory risk warnings; for example, the UK requires banks to sometimes quiz customers on why they’re withdrawing large sums (after a rash of transfer scams, not specific to crypto but similar concept).
要對抗騙局,需要大家共同努力。加密行業一邊守一邊攻,防守創新一點都不比騙徒落後:市面上已有 AI 工具可偵測 deepfake 痕跡、有瀏覽器擴充套件可自動警告已知騙局網址、有多重簽名錢包和時鎖功能,可以防止一個錯誤點擊就馬上「洗櫧」所有資金等。交易所亦加強「認識您的交易」(KYT) 監控,攔截可疑存款(例如某人突然由新啟用地址收到巨款──可能是騙徒正打算套現)。部分司法轄區甚至考慮強制風險警告;例如英國規定銀行有時要主動詢問客戶提取巨款的原因(在一連串匯款詐騙案發生後,雖非只針對加密幣,但原理相似)。
At the end of the day, crypto’s promise is to democratize finance – but that democratization comes with the responsibility for individuals to navigate safely in a world without traditional gatekeepers. It’s a bit like the early Wild West of the internet: tremendous opportunity, but also many pitfalls until users get savvier and protective measures mature. In 2025, we see both extremes – cutting-edge scams and increasingly sophisticated countermeasures – dueling in real time. As one blockchain investigator noted, “Fraud detection must become collaborative, decentralized and proactive. The best defense will always be a community that shares intelligence, validates identities and supports those who fall victim – not with blame, but with action.”.
說到底,加密貨幣的承諾是讓金融民主化——但這種民主化也將導航的責任落到每一個人頭上,因為這個世界已經沒有所謂的傳統守門人。有啲似互聯網早期的「狂野西部」:機會多多,但陷阱不少,要等到用家變得精明和防護措施成熟。去到2025年,一方面見到前所未有的精密騙局,同時又有愈來愈高階的防騙措施,雙方同步較量。有區塊鏈調查員就指出:「詐騙偵查必須變得協作化、去中心化和主動。最好的防守,其實係一個能分享情報、認證身份,以及支援受害者(不是指責,而是採取行動)的社群。」
Final thoughts
From AI-crafted deepfakes to old-school Ponzi schemes rebranded in crypto jargon, the spectrum of scams in 2025 demonstrates how fraud continually adapts to the trends of the day. Whenever the crypto market surges or a new technology emerges, scammers are quick to capitalize – yet the core techniques they exploit are often as old as fraud itself: greed, fear, urgency, trust, and ignorance. This year has shown that even highly informed investors can be momentarily deceived by a slick fake video or a very personal social engineering plot. The costs are not just financial (though those are huge, with billions stolen) but also reputational and emotional, eroding trust in the crypto ecosystem and shattering lives of victims.
從 AI 打造的 deepfake 到舊式龐氏騙局換上加密術語,2025 年的詐騙花樣反映騙徒如何不斷因應新潮流演變招數。每次加密市場飆升或有新技術出現,騙徒總係第一時間把握機會——不過,他們用嘅核心技倆,其實與古老詐騙無異:貪婪、恐懼、急迫感、信任同無知。今年就證明,即使最醒目嘅投資者,都有機會一時失手,中計一條靚 fake 片或一單非常私人化嘅社會工程攻擊。損失唔單止財政上(雖然金額都十分龐大,幾十億被盜),仲有聲譽同情感上,動搖加密圈嘅信任,甚至令受害人生活徹底破碎。
However, 2025 has also been a year of growing resilience and awareness. Industry leaders like Brad Garlinghouse publicly sounding the alarm, researchers mapping scam networks, governments coordinating crackdowns, and grassroots efforts educating newcomers – all these are crucial countermeasures. The crypto community is increasingly treating scams not as isolated mishaps but as a collective threat that requires an “all hands on deck” response. Every user has a role to play, whether it’s reporting a suspicious account, warning a friend, or simply practicing good security hygiene so as not to become the next link in a scammer’s chain.
然而,2025 同時見證了抗壓力和警覺性的提升。業界領袖如 Brad Garlinghouse 公開警告、研究人員繪製詐騙網路地圖、政府聯手打擊、基層組織教育新手——這些全部都是不可或缺的反制措施。加密社群愈來愈當騙局係集體威脅唔係單一意外,要大家齊心協力應對。每位用戶都有角色,無論係舉報可疑帳號、提點朋友,定係單純做好網絡安全衛生,唔好成為騙徒鏈條嘅下一環。
For readers of this report – largely crypto-savvy individuals – the takeaway is to stay informed and remain vigilant. The specific scam names or tactics may change with the seasons, but if you internalize the red flags and principles discussed here, you can apply them no matter what new twist emerges. Always verify identities and offers through secondary channels. Be extremely skeptical of anything that promises a guaranteed profit or asks for secrecy. Use the security tools at your disposal: hardware wallets, two-factor authentication, blockchain scanners, reputable sources for information. When in doubt, pause. Scammers often win when they rush you; taking a moment to double-check can be the difference between safety and disaster.
本報告嘅讀者(大多數對加密有認識)應該記住:要持續吸收資訊,保持警覺。騙局名稱或手法可以隨時轉,但只要你認真記住上文提及嘅紅旗同原則,面對新花樣都能應付。所有身份同優惠都應通過其他渠道查證。對任何包保回報或者要求保密的東西都要非常懷疑。善用身邊的保安工具︰硬件錢包、雙重認證、區塊鏈掃描器,以及可信資訊來源。如有懷疑,記得暫停。騙徒最常「逼急你」時得逞,多花一秒 double check,可能就差天共地。
It’s also important to acknowledge that while technology can improve security, there is no magic solution that will eliminate scams overnight. Much like antivirus software must constantly update for new viruses, our anti-scam strategies must evolve. AI may help catch deepfakes, but AI can also make better deepfakes. Regulations can deter some Ponzi operators, but others will move to more permissive locales. This dynamic means the crypto community must cultivate a culture of continuous education and healthy skepticism. An investor who avoided phishing five years ago by not clicking strange emails might now need to learn how to scrutinize a smart contract before approving a transaction. We’re all learning as we go.
同時大家要明白,科技雖然有助提升安全,但冇任何一招可以即刻根治所有騙局。正如防毒軟件要不斷更新病毒碼,我哋的防詐策略都必須持續進化。AI 可以幫手捉 deepfake,但 AI 亦可以製造更真嘅 deepfake。法規或可嚇退部分龐氏骨幹,但其他人可能會搬去法規寬鬆的地區運作。這種動態變遷意謂加密圈必須營造持續學習同健康懷疑的文化。五年前投資者透過唔亂開陌生電郵就避過釣魚詐騙,今時今日就要學識批判智能合約條款先至批准交易。大家都係一邊玩一邊學。
Lastly, if you have been a victim of a crypto scam, know that you’re not alone and that it’s not the end of the road. Report it to relevant authorities (many countries have fraud reporting portals and crypto crime units). Sometimes funds can be traced or even recovered, especially if law enforcement steps in early. At the very least, your report can help prevent others from falling into the same trap and contributes to the fight against the scammers. The ethos of crypto often emphasizes personal responsibility – which is empowering – but it doesn’t mean you can’t seek help or that falling for a scam is a personal failing. These criminals are professionals at deception, and anyone can have a vulnerable moment.
最後,如果你曾不幸成為加密騙案受害者,記住你絕不是孤單,更加唔是世界末日。記得即刻通知有關當局(好多國家設有網上詐騙舉報平台或專責加密罪案部門)。有時資金可以追蹤或追回,尤其初期有執法介入機會更大。最少你的舉報能幫人防止重蹈覆轍,亦為反擊騙徒出一分力。加密圈重視個人責任(亦能令人賦能),但並不代表你唔可以求助,也不代表中計是個人失敗。這班騙徒是專業行騙高手,任何人都有失守的一刻。
In summary, the landscape of crypto scams in 2025 is challenging, but not insurmountable. Armed with knowledge, a bit of caution, and the support of the community, crypto enthusiasts can continue to explore the opportunities of this technology while sidestepping the pitfalls laid by bad actors. As Garlinghouse aptly put it, “We will keep reporting these – please do the same… If it sounds too good to be true, it probably is.” That time-tested wisdom, combined with the insights detailed throughout this article, will hopefully keep you safe in the thrilling and sometimes treacherous world of crypto. Stay safe, stay skeptical, and happy hodling.
總結來講,2025 年加密騙案環境雖然險峻,但絕非不可戰勝。只要有知識、加點警覺、再加上社群支持,加密愛好者可以繼續探索這項新科技,同時避過惡人設下的陷阱。正如 Garlinghouse 所說:「我哋會繼續舉報這類事件——請大家都做同一樣嘢……如果聽落好得過大多數時都係假嘅。」這句歷久常新的智慧,加上本文深入分析,希望可以保護你在這個刺激又暗藏危機的加密世界。多加防範,保持懷疑,繼續好好 hodl!