2025 年,加密貨幣詐騙提升到前所未有的複雜規模。隨著數位資產市場屢創新高,詐騙分子便藉機利用社群的興奮與貪婪心理下手。
其中一個鮮明例子,是 Ripple 執行長 Brad Garlinghouse 於 2025 年中透過社群媒體警告 YouTube 上一波 XRP 假贈送詐騙──這些詐騙搭配人工智慧(AI)生成的他本人及其他高管的假冒影像。歹徒劫持熱門 YouTube 頻道,利用深偽技術製作音訊與影片,高度仿真 Ripple 官方溝通影片,向觀眾謊稱有“1 億 XRP空投”,要求先轉帳才能領取。Garlinghouse 提醒:「每每市場大漲、熱潮來臨,詐騙分子總會伺機加碼攻擊加密社群……老話一句,若聽起來好得不可思議,那它大概就是騙局。」他強調在高端詐騙下這項永恆警告,也點出了加密貨幣進入主流後,詐騙經濟已經成為社會危機,結合尖端科技與古老詭計。
數字令人警醒。僅 2025 年上半年,加密詐騙已造成 21 億美元損失,創下新高,超越 2022 年紀錄。對比之下,美國 FBI 資料顯示,美國人在 2024 年損失了 93 億美元於加密詐騙,而全球相關犯罪正持續上升。區塊鏈分析公司 TRM Labs 指出,2024 年中至 2025 年中期間,AI 驅動詐騙通報激增 456%。2025 年詐騙手法的可怕之處,在於越趨精密。許多套路不再是過去明顯的駭客行為或粗糙釣魚手法,而是由組織化團隊精心設計,巧妙結合社交工程、技術漏洞與金錢操作,連資深玩家都會誤中陷阱。詐騙分子如今運用深偽影片、語音複製、惡意智能合約、跨鏈資產洗錢,甚至“詐欺即服務”工具包,迅速擴大版圖。
本文將深入解析 2025 年最猖獗且危險的加密詐騙類型,說明其運作方式、年度真實案例及統計數據,以及為什麼會威脅整個加密生態圈。從 AI 操控的假冒社群帳號詐騙,到奪走受害者數百萬的“殺豬盤”愛情投資詐騙,以及 DeFi 卷款跑路和龐氏網路──我們將逐一剖析。目標是以事實分析,幫助有經驗的讀者辨識紅旗、領先詐騙分子一步。局勢變化迅速且複雜,但一項特點不變:詐騙滋生自炒作、貪婪、恐懼與官方假象。弄清這些 2025 年詭計的運作模式,才能保護自己與社群不成為受害者。正如 Garlinghouse 提醒,無數受害者都會同意:在變化迅猛的詐騙時代,謹慎查證至關重要。
AI 強化的假冒詐騙:深偽成為新型詐騙工具
2025 年最顯著的詐騙趨勢之一,是 AI 加持下的假冒行為,歹徒利用深偽技術偽裝成知名人士欺騙投資者。以往詐騙者會在社群媒體冒充 Elon Musk、Vitalik Buterin 或加密貨幣 CEO,如今卻能利用 AI 影片與語音,讓這些“本人”親口說話。區塊鏈情報分析師指出,深偽加密詐騙已成最常見的 AI 詐欺型態。這類套路常套用“你給我加密貨幣,我翻倍回贈”的老把戲,結合合成影像推波助瀾。例如,遭盜用的 YouTube 頻道用於直播加密名人(如 Musk、Garlinghouse、MicroStrategy 的 Michael Saylor 等)訪談,再疊加詐騙橫幅與連結。自 2024 年中起,詐騙者又加碼實時植入超逼真深偽影片,假裝知名人物親自背書假網站或假獎勵。這些高水準影片連有經驗的投資人都可能受騙──假 Elon Musk 直盯鏡頭承諾幫你翻倍比特幣,旁邊還掛著惡意連結。
AI 假冒造成的損失不斷攀升。2024 年 6 月,就有一個深偽 Musk 的影片用於 YouTube 直播“加密贈送”詐騙,觀眾紛紛將資金匯入指定錢包。僅僅 20 分鐘內,就有多名受害者轉帳,該詐騙錢包於 2024 年 3 月至 2025 年 1 月間匯集至少 500 萬美元。調查追蹤資金流向如 MEXC 交易所,甚至黑市,顯示這些不法所得洗錢速度極快。Musk 並非唯一受害人,Ripple 的 Garlinghouse 也於 2025 年 7 月被 AI 生成假影片汙名化,誤導觀眾參加假 XRP 回饋活動,公司 CTO 出面闢謠。詐騙者亦假冒前美國總統川普在推特(X)散佈加密贈送詐騙,將政治與商業領袖形象武器化。這些深偽影片極度擬真,而社群用戶本已被虛假資訊包圍,平台和受害人要辨識真偽亦更加困難。
- 一張假冒 Ripple 並推廣虛假 1 億 XRP 贈送活動的 YouTube 直播截圖。詐騙分子劫持擁有 17.6 萬訂閱的頻道,利用 Ripple 品牌及 Garlinghouse 的 AI 語音包裝本次詐騙,看似由官方出品。Ripple 官方頻道(約 8.2 萬訂戶)不得不澄清:“Ripple 或我們高管絕不會要求用戶主動寄送 XRP”,並提醒大家提高警覺。
深偽冒充行為還滲透至私人渠道甚至企業內部。資安專家發現,“深偽授權詐騙”大增,歹徒通過深偽影片冒充高層主管,在視訊通話中欺騙加密公司員工或合作方。有案例顯示詐騙者假扮銀行合規主管,甚至持假法律函件,令人信以為真而將資金匯入“第三方保管帳戶”(其實是詐騙錢包)。AI 臉部與聲音精緻複製,令傳統警示不足;行為高度仿真遠甚於技術驗證。報告指出,過去大家常用的低劣語法、不明電郵等線索,遇上 AI 創作的真人外觀時,警覺力將大幅下降。這也迫使企業檢討認證流程,有些公司針對大額資金轉移直接要求二次驗證(如致電官方聯絡電話或使用安全暗語),因為在深偽時代光靠“所見即所信”早已不足。
此外,AI 工具也放大詐騙規模。所謂 AI 代理人、大型語言模型能自動尋找受害者、蒐集個資、設計個人化誘餌,甚至與目標互動話術極像真人。詐騙集團可部署大量聊天機器人,假冒客服、網紅 24 小時工作,用人性化回應圈套受害人。結合人類心機與機器效率,如今假冒詐騙威力不容小覷。執法人員及平台疲於應對──2025 年初,香港警方破獲 31 人詐騙集團(多為學生),該團以 AI 換臉技術經營殺豬盤愛情詐騙,受害者損失約 3400 萬港幣(約 440 萬美元)。這集團已跨國運作逾一年,犯罪手法跟上技術革新步伐。警方表示:「他們利用 AI 換臉技術假裝俊男美女,博取受害人好感進而詐財。」AI 結合詐騙的新型態,進一步挑戰傳統詐欺偵測手段──自動系統難以攔截合成媒體,真人審查員也會被擬真影像欺騙。社群平台因此屢遭抨擊。Ripple 2020 年控告 YouTube 並和解的案例,也凸顯使用者影片平台若無把關,易成詐騙溫床。雖然 YouTube、X(Twitter)等已改善內容審查與假冒通報處理速度,但最終仍仰賴用戶和企業迅速通報深偽騙局。在當下情況下,最佳防禦就是保持警覺心:檢查影片來源、透過官方管道查證任何“好得不像真的”優惠,並記住正規項目*絕對不會要求你先打款才能換取獎勵。
社群媒體冒充與假贈送活動
2025 年,詐騙分子依然潛行在各大加密社群論壇、動態與郵箱,以冒充帳號展開詐騙,包括推特(X)、YouTube、Facebook、Discord、Telegram 等平台上無所不在的假贈送、空投甚至偽裝官方帳號等手法。這些騙局雖非新鮮事,但隨著加密市場擴大更加猖獗。 market rally, often hijacking high-follower accounts or creating lookalike profiles to appear credible. The formula is straightforward and devastatingly effective: pose as a famous crypto figure or company, announce a generous giveaway (usually “send 1 BTC/ETH/XRP and get 2 back!” or a free airdrop requiring a “small deposit”), and then disappear with whatever funds naive users send. Impersonation scams accounted for $2.3 billion of crypto fraud losses in 2022, according to a TRM Labs report, and they remain a major threat in 2025.
市場行情大漲時,詐騙集團常劫持擁有大量粉絲的帳號,或建立高仿帳號來營造可信度。這種手法簡單卻極為有效:冒充知名加密貨幣人物或公司,宣佈提供大方贈品(通常是「發送1枚BTC/ETH/XRP,返還2枚!」或免費空投但需收取「小額押金」),然後在天真用戶匯款後瞬間消失。據TRM Labs報告,2022年因冒充詐騙造成的加密詐騙損失高達23億美元,到了2025年此類威脅依然嚴重。
What has changed this year is the scale and polish of these campaigns. Scammers are hacking into legitimate social media accounts – often verified ones – to broaden their reach. For example, multiple YouTube channels with hundreds of thousands of subscribers have been stolen and rebranded to mimic official crypto company pages. These hijacked channels then run livestreams of old conference videos or interviews, overlaid with scam promotion text. Viewers see a familiar face talking crypto and a banner saying “Live: [Big Company] Official Giveaway!”, complete with the company’s logo – making it alarmingly easy to fall for. On X/Twitter, blue-check verified accounts (sometimes belonging to unrelated public figures) have been compromised to push fake token giveaways. Even high-profile crypto news accounts are not immune: in November 2024, the popular news feed Watcher.Guru’s Twitter account was hacked and briefly used to post a fraudulent XRP giveaway link. Though quickly taken down, it showed how even reputable sources can be weaponized.
今年不同的是這些詐騙活動的規模和精緻度大幅提升。詐騙者開始入侵合法的社群媒體帳號——通常為已驗證帳戶——藉此擴大觸及。例如,有多個擁有數十萬訂閱者的YouTube頻道遭竊取,並被改名偽裝成官方加密貨幣公司專頁。這些被劫持的頻道會直播舊的會議或訪談影片,畫面上加上詐騙宣傳文字。觀眾看到熟悉的人臉談論加密話題,橫幅寫著「直播:【大公司】官方空投」,附帶公司標誌——極易讓人上當。在X/Twitter上,藍勾認證帳號(有時原本是無關公眾人物)也被攻陷來推廣假代幣贈送。就連知名加密新聞帳號也未倖免:2024年11月,熱門新聞專頁Watcher.Guru的Twitter帳號遭駭短暫貼出詐欺XRP空投連結。雖然很快被移除,卻證明連有信譽的來源也可能成為詐騙幫兇。
*A cybersecurity researcher’s warning about Google search ads leading to scam sites. Scammers buy ads for popular crypto keywords (like wallet names or DeFi platforms), using lookalike domains (via Punycode tricks) to impersonate real sites. In this example, searches for terms like “Aave” or “PancakeSwap” returned sponsored results labeled “【SCAM】”, which actually redirect users to phishing websites. Experts urge users to avoid clicking Google ads for crypto services and instead navigate directly, as search engines may inadvertently display fraudulent links at the top.
*有資安研究人員警告Google搜尋廣告會引導用戶進入詐騙網站。詐騙者會購買熱門加密關鍵字(如錢包名稱或DeFi平台),再用相似網域(透過Punycode技巧)仿冒真實網站。本案例中,搜尋「Aave」或「PancakeSwap」等詞會出現註明「【SCAM】」的贊助結果,其實會把用戶導向網路釣魚網站。專家強烈呼籲大家不要點擊加密服務的Google廣告,而應直接輸入網址,因為搜尋引擎常將詐騙連結排在最上方。
In 2025, social media platforms struggle to balance openness with fraud prevention, and scammers exploit every gap. YouTube’s advertising system was abused as recently as July 2025, when a user reported seeing a paid ad for a fake Ripple XRP event only an hour after it went live. Ripple officials publicly lambasted YouTube for this lapse, highlighting that the scam ad even used Ripple’s branding and logos to appear authentic. Twitter/X is flooded with bot replies whenever a famous crypto personality tweets – many of these bots impersonate the original poster (using the same profile picture and name) and claim, “Thanks for the support! As a gift, visit this site for a giveaway.” In reality, the link leads to a phishing page that will steal your crypto. Meta (Facebook/Instagram) has also been contending with impostors; fake profiles of well-known traders on Instagram have lured victims into bogus investment schemes, while Facebook groups see posts from scammers pretending to be Binance or Coinbase offering “lottery winnings” to random users.
2025年,社群平台在「開放性」與「防詐」之間拉鋸,詐騙者則把握一切破口。YouTube的廣告系統直到2025年7月都還遭濫用,有用戶回報僅開跑一小時就看到假冒瑞波XRP活動的付費廣告。瑞波高層公開抨擊YouTube疏失,指出詐騙廣告甚至盜用瑞波的品牌和標誌偽裝真實性。每當加密名人發推,X/Twitter的留言區就被機器人灌爆——許多機器人會冒充原Po(用同圖大頭貼和名字),宣稱「感謝支持!作為回饋,請上這網站領取贈禮」。實際上連結導向網釣頁面,盜走你的幣。Meta(Facebook/Instagram)同樣受冒名困擾;知名交易員的假帳號在IG誘騙投資詐騙,FB社團則常見冒充幣安、Coinbase等,假扮「抽獎中獎」隨機發給用戶。
Another twist involves repurposing genuine content with malicious additions. Scammers have taken real interviews or live streams of crypto executives and appended QR codes or wallet addresses onto the video feed, as reported by Ripple in their warnings. A user might watch what appears to be a legitimate talk by a CEO, not realizing the address scrolling at the bottom was never put there by the content creator – it’s an overlay added by scammers who re-host the video. Such tactics create a false sense of urgency and legitimacy simultaneously (e.g., “Hurry, send funds to this address while the livestream is on!”). This blend of truth and lies makes it harder for novices to discern fraud.
另一種招數則是修改真實內容叠加惡意資訊。瑞波曾發布警告,有詐騙者把加密高層的真實專訪或直播節目重新上架,並加上QR Code或錢包地址,畫面底部滾動顯示。觀眾可能以為自己在看一場CEO的正牌直播,卻不知底下的轉帳地址根本不是原主加上的——是詐騙者另行疊加。這種手法同時製造迫切感與權威假象(例如「直播期間快把資金轉到這個地址!」),真假參半讓新手更難分辨詐騙。
The industry and law enforcement have responded in various ways. In 2025, we’ve seen crackdowns such as Twitter implementing rate limits on new accounts to reduce bot swarms, and YouTube claiming improved AI detection for crypto scam streams. Yet, clearly, much slips through. Ripple’s 2020 lawsuit against YouTube (which was settled in 2021) did lead to better communication channels for takedowns, but Brad Garlinghouse noted that it’s still a game of “whack-a-mole” – as soon as one fake account is removed, another pops up. Some community-driven efforts like XRP Forensics help track and flag scam wallet addresses, and browser extensions (e.g., ScamSniffer) warn users of known phishing domains. In an X post, ScamSniffer revealed that search engine ads have been a major vector: simply Googling your favorite DeFi app could lead you to a pixel-perfect fake website due to scammers exploiting Punycode URLs (swapping characters in a domain name with similar-looking Unicode characters). Their advice was blunt: “Pro tip for DeFi users: Stop using Google search for crypto sites unless you enjoy playing Russian roulette with your wallet!”.
產業界和執法部門也提出各種對策。2025年出現的措施包括Twitter針對新帳號實施速率限制,減少機器人湧入;YouTube則宣稱已提升AI對加密詐騙直播的識別能力。然而顯然仍有許多漏網之魚。瑞波在2020年對YouTube提告(於2021年和解),確實讓通報違規下架機制更順暢,但Brad Garlinghouse直言這仍是「打地鼠」遊戲——剛剛清掉一個假帳號,馬上又冒出下一個。也有社群自發專案如XRP Forensics協助追查、標記詐騙錢包;部分瀏覽器擴充(如ScamSniffer)會警告用戶常見釣魚網域。ScamSniffer在X上就揭露,搜尋引擎廣告已成為重大攻擊向量:用戶只需Google自己最愛的DeFi應用,就可能點進一個「像素等級仿真的假網站」,原因是詐騙者透過Punycode技術將網域名用近似字元替換。他們給出直白建議:「DeFi用戶小技巧:別再用Google搜尋加密網站了,除非你喜歡玩俄羅斯輪盤賭錢包!」
For individuals, the best practice is to always verify through official channels. If you see a giveaway on YouTube or Twitter, check the official website or official social accounts of that project for any mention of it – 99.9% of the time, it’s not real. Remember that legitimate crypto firms do not ask for upfront payments to receive a prize. No real Elon Musk or CZ or Vitalik will randomly send you money – in fact, many companies (like Ripple) repeatedly broadcast that they never do giveaways. Treat unsolicited offers, especially those that require you to act fast or send crypto out, with extreme skepticism. In the crypto sphere, any promise of a “free” windfall in exchange for sending some coins is effectively certain to be a scam. The onus is partly on platforms to shut down fraudulent accounts, but ultimately, a healthy dose of doubt is a crypto user’s best friend on social media.
至於一般用戶,最好的習慣就是一律從官方管道驗證。若在YouTube或Twitter看到空投活動,請一定回官方網站或官方社群查詢有無公告——99.9%都是假的。請牢記,合法加密貨幣公司不會要求你先付款才能領獎,更不會有真正的Elon Musk、CZ或Vitalik突然要發錢給你——許多公司(如瑞波)甚至一再強調,他們從不做這種贈送活動。對於任何主動找上門的空投、特別是要求你火速行動或轉出資金者,務必高度懷疑。在加密圈,凡是號稱「你先匯一點比特幣就能拿免費大禮」絕對100%是詐騙。平台當然該嚴格把關假帳號,但終究最可靠的武器,仍是「懷疑一切」這種用戶本能。
Phishing, Malware and Wallet Draining Schemes
網路釣魚、惡意程式與錢包掏空詐騙
While flashy deepfakes and hijacked YouTubes make headlines, plain old phishing remains a backbone of crypto fraud in 2025 – albeit in evolved forms tailored to the Web3 environment. Phishing in crypto typically aims to steal one of two things: user credentials (passwords, private keys, seed phrases) or transaction authorization to drain wallets. Scammers deploy emails, direct messages, fake websites, and even malicious smart contracts to achieve these ends, often by posing as trustworthy services or support personnel. The consequences can be immediate and devastating: unlike a stolen credit card that can be frozen, a stolen crypto private key or an approved malicious transaction can empty a wallet irreversibly within minutes.
雖然浮誇的AI仿冒影片與YouTube劫持常見於新聞標題,但最傳統的網釣仍是2025年加密詐騙的骨幹——只是已針對Web3演化變形。加密釣魚的目標通常有二:盜走用戶憑證(密碼、私鑰、助記詞),或獲得交易授權將錢包資產洗劫一空。詐騙者會寄送電子郵件、私訊、偽造網站,甚至用惡意智能合約,假冒可信服務或客服人員來下手。一旦得逞,後果極為嚴重:和遭盜刷的信用卡不同,你的加密私鑰一旦外流、惡意交易一旦獲得批准,幣包往往在幾分鐘內被清空,無法追回。
One common scenario is the support scam on Discord or Telegram. A user seeking help for a crypto wallet or DeFi platform issue might post a question in a public forum; lurking scammers will swiftly message them privately, impersonating an “official support” rep. In a documented case, a DeFi user on Discord asked for assistance with the Arkadiko Finance protocol – a scammer, pretending to be a community moderator, DMed the user and provided a link to what looked like Arkadiko’s site. In reality, it was a pixel-perfect fake domain (ren.digl.live) designed to mimic the project’s interface. The phony support agent then instructed the victim to “verify your wallet” by entering their recovery seed phrase on the site. Unfortunately, the user complied. The site gave an error, and shortly after, the victim’s wallet was completely drained of funds (over $100,000 stolen). By the time the user realized what happened, the scammers had already moved the crypto through multiple addresses. This case highlights key red flags: real projects’ staff will never ask for your seed phrase, and private help should be viewed skeptically – official support usually directs users to open tickets or emails, not casual DMs.
常見的案例之一是在Discord或Telegram上的客服詐騙。用戶為了解決加密錢包或DeFi平台問題,會在公開頻道詢問,埋伏的詐騙者則會立刻假扮「官方客服」私訊聯絡。曾有個DeFi用戶在Discord詢問Arkadiko Finance協議相關求助,一名詐騙者假扮社群版主與其私訊,給了一個幾可亂真的Arkadiko仿冒網站網址(ren.digl.live)。對方接著指示受害者進站「驗證錢包」並輸入助記詞。受害者照做,該站回報錯誤;沒多久他整個錢包(價值超過十萬美元)就被洗劫一空。等受害人發覺已太遲,詐騙資金早已轉移多個帳號。該案凸顯了重要警訊:官方團隊永遠不會要求你給助記詞,且任何私訊協助皆須懷疑,正式客服都會要求開工單或發信,而非隨意私訊。
Phishing emails targeting crypto holders have also become more persuasive. Scammers scrape data breaches and mailing lists to find people known to use certain exchanges or wallets. A typical phish email might spoof an exchange (e.g., Coinbase, Binance) and warn: “URGENT: Suspicious login attempt detected. Please verify your account immediately [link].” The link leads to a fake login page that steals credentials if entered. Or the email carries a malicious attachment masquerading as a “transaction receipt,” which if downloaded could deploy malware. Ransomware groups have been known to initially breach systems through crypto-themed phishing; once inside, they might steal any hot wallet keys and then encrypt the victim’s files, demanding a crypto ransom. In one California case, a victim clicked a fake crypto airdrop link that injected malware into their computer, compromising their hardware wallet and leading to ~$7,800 in crypto theft. The attackers then had the audacity to demand additional payments to “unstake” the remaining assets – a blend of extortion and phishing in one attack.
針對加密持有人的釣魚郵件也更加有說服力。詐騙者從資料外洩庫和郵件名單蒐尋有使用特定交易所或錢包的人,再以偽造的交易所(如Coinbase或Binance)寄信,內容寫「緊急:偵測到可疑登入,請立即驗證您的帳號 [連結]」。點進去是仿真的登入頁,一旦輸入資料等於自投羅網。抑或郵件帶有稱為「交易憑證」的惡意附件,用戶下載即感染惡意程式。有勒索軟體集團甚至先用加密釣魚滲透,取得熱錢包私鑰後加密受害者電腦,並要求支付加密贖金。在加州,有人誤點假空投連結而遭植入惡意軟體,硬體錢包被入侵,損失約7800美元。駭客甚至厚顏索討額外款項,聲稱要「解鎖」剩餘幣種,這起案例將勒索與釣魚合而為一。
Another increasingly prevalent threat is “ice phishing”, a term coined for tricking users into signing malicious blockchain transactions rather than stealing their login info. In ice phishing, scammers build websites or dApps that promise some benefit – often fake airdrops, token sales, or “one-time rewards” – and prompt users to connect their Web3 wallet (like MetaMask) and approve an action. The user, thinking they are just authorizing a legitimate contract, might unknowingly grant the contract permission to spend or transfer their tokens. These malicious smart contracts can be designed to immediately siphon assets once given approval. Notably, North Korea’s infamous Lazarus Group has employed such on-chain phishing techniques to great effect, using targeted emails to lure crypto company employees to malware-laced sites, and then deploying custom smart contracts to drain corporate wallets. The blend of
另一類日益猖獗的威脅是「冰釣」(ice phishing),意指詐騙者誘使用戶簽署惡意區塊鏈交易,而不是單拿走你的登入資訊。冰釣通常是打造一個看似有利可圖的網站或dApp(往往是假空投、假代幣銷售或「一次性獎勵」),引導用戶連結Web3錢包(如MetaMask),並授權某個動作。使用者以為僅僅是授權合法合約,實際卻給了合約提款、轉幣的全面許可。這類惡意智能合約一旦取得授權,就可立刻掏空資產。值得注意的是,北韓著名駭客組織Lazarus Group就曾大規模運用鏈上釣魚攻擊,透過針對性郵件誘騙加密公司職員進入植入木馬的站台,接著部署客製智能合約,把公司錢包洗劫一空。這種...social engineering and technical exploit makes it hard to detect until it’s too late – a wallet may show a transaction request that looks routine (some even mimic known interfaces), but hiding in the code is a function that, once authorized, lets the attacker grab all tokens or NFTs from that wallet.
社交工程與技術漏洞的結合使這類攻擊極難察覺,往往等到為時已晚。一個錢包可能顯示出一筆看似正常的交易請求(其中一些甚至會仿造知名介面),但實際上程式碼中隱藏著某個功能,一旦授權,攻擊者就能將該錢包所有的代幣或 NFT 一網打盡。
To facilitate these operations, a whole underground market of “crypto drainer” tools and kits has emerged. A crypto drainer is malicious code – often sold as a service – that can be embedded in fake websites or browser extensions to automate the theft of assets when a victim interacts with it. In 2025, this has become Drainer-as-a-Service (DaaS), where anyone can purchase ready-made scripts that set up a phishing site and the associated smart contract to exfiltrate funds. Some sophisticated drainers even have customer support for the would-be scammer and features to evade anti-phishing filters. Security company Kaspersky reported a 135% surge in interest on dark web forums for crypto drainer kits at the end of 2024, indicating rising demand among cybercriminals. Essentially, the barrier to entry for crypto theft has lowered – one doesn’t need to be a coding genius; buying a $50 phishing kit and some website templates can be enough.
為了促成這些行動,已經出現一整個地下市場,專門販售所謂「加密抽水機」工具與套件。加密抽水機是一種惡意程式碼 —— 經常以服務方式銷售 —— 可以嵌入在假冒的網站或瀏覽器擴充套件中,當受害者與之互動時,自動盜取資產。到了 2025 年,已經發展成「抽水機即服務」(Drainer-as-a-Service, DaaS),任何人都能購買現成指令碼,輕鬆架設網路釣魚網站及其相關智能合約,以將資金竊取轉走。某些進階抽水機甚至還提供「客服」給詐騙者,同時具備規避反詐騙過濾器的功能。資安公司卡巴斯基報告,2024 年底時暗網論壇上對加密抽水機套件的搜尋興趣激增 135%,顯示網路犯罪分子的需求水漲船高。換句話說,加密資產竊盜的門檻大幅降低 —— 不需要是程式高手,只要花 50 美元買一個釣魚套件跟網站模板,就足以犯案。
Case in point: in early 2025, a security audit revealed that over 500 scam websites were using nearly identical drainer code, all likely purchased from the same few sources. This mass-produced approach means even if each individual site only dupes a handful of people for a few thousand dollars, the collective haul is large – and it’s scalable. It’s a reminder that we’re not just dealing with lone scammers, but with what analysts call “fraud-industrial complexes”. Some groups even run fraud call centers or use AI chatbots, as mentioned earlier, to lure victims to these phishing traps.
以 2025 年初為例,一次資安稽核揭露,超過 500 個詐騙網站使用幾乎一模一樣的抽水機程式碼,極有可能都來自同幾家供應商。這種大量複製的手法表示,即便每個網站只騙到少數人、每次詐得幾千美元,整體加總下來還是巨額收益 —— 而且規模彈性極高。這提醒我們,眼前不僅僅是單打獨鬥的小騙徒,而是分析師所謂的「詐騙工業複合體」。有些團伙甚至還經營詐騙客服中心或利用 AI 聊天機器人(如前所述)來引導受害者落入釣魚陷阱。
How can users protect themselves? Firstly, never enter your wallet’s seed phrase or private key anywhere online except your official wallet app – no legitimate airdrop or support staff will require those. Be extremely cautious about connecting your wallet to new sites. If you’re testing a new Web3 application, consider using a separate wallet with only a small amount of funds. Always inspect what permissions a site is asking for – if a site requests unlimited spending access to your tokens, that’s a red flag unless it’s a known platform and you understand why. Use tools like MetaMask’s transaction simulation or Etherscan’s approval checker to review and revoke any suspicious permissions. Moreover, keep anti-malware software updated, and treat unexpected emails or messages about your crypto with skepticism. A healthy habit is to manually navigate to websites (e.g., type the exchange URL yourself or use a bookmark) rather than clicking links, especially if you weren’t expecting to receive one. The adage “don’t trust, verify” is vital: go slow and double-check URLs and requests, because one errant click or signature can be disastrous.
那使用者該如何自保?首先,永遠不要在官方錢包應用程式以外的任何網路頁面輸入你的助記詞或私鑰 —— 絕對沒有合法的空投活動或客服人員會要求這些資訊。連結錢包到陌生網站時,務必格外小心。若要測試新 Web3 應用,建議使用僅放少量資金的獨立錢包。一定要仔細檢查網站要求的權限 —— 若網站請求「無限額」動用你的代幣,除非是你熟知的平台且明確理解原因,否則絕對是重大警訊。可善用如 MetaMask 交易模擬、Etherscan 許可查詢與撤銷工具來檢查和移除可疑權限。此外,保持防毒軟體更新,對收到任何有關加密貨幣的突襲郵件或訊息都應提高警覺。良好的習慣是手動輸入網址(例如自己鍵入交易所網址或使用書籤),而非直接點擊連結,尤其是當你沒預期會收到該訊息時。「不要信、要驗證」這句格言很重要:動作要慢、務必反覆核查網址和各種請求,因為一次誤點或盲簽就可能釀成災難。
On the industry side, advancements are being made too. Blockchain analytics companies have started flagging wallets associated with phishing and tracking drainer patterns. Some wallet apps now warn users if they’re about to sign something unusual (like a transaction that transfers all your tokens). And exchanges cooperate to blacklist addresses tied to clear-cut scams, though criminals often quickly move funds through mixers or cross-chain bridges to obscure the trail. Still, as one cybersecurity expert put it, technical fixes alone won’t solve a fundamentally human problem – ultimately, scammers prey on curiosity, fear, and greed. Staying informed about the latest phishing ploys and maintaining good security hygiene is key for every crypto participant.
產業面也在積極進展。區塊鏈分析公司已經開始標記跟釣魚詐騙相關的錢包,同時追蹤抽水機的作案模式。有些錢包應用在用戶即將簽署異常交易(如一口氣全額轉出所有代幣)時會發出警告。交易所之間也合作封鎖明顯詐騙地址,雖然犯罪分子經常透過混幣器或跨鏈橋迅速洗錢掩蓋資金流向。不過,誠如一位資安專家所說,單靠技術手段無法徹底解決本質上的人性問題 —— 騙徒終究是利用人們的好奇心、恐懼與貪婪。時刻掌握最新釣魚詐騙手法,維持良好的資安習慣,是每位加密參與者的關鍵。
“Pig Butchering” Romance & Investment Scams
「殺豬盤」情感與投資詐騙
Among the most psychologically damaging scams in recent years is the category known as “pig butchering” – a long-con fraud where scammers cultivate an online relationship with the victim (the “pig”), gain their trust and confidence over weeks or months (“fattening” the pig), and then orchestrate a massive financial exploitation (“slaughtering” the victim). Originating as a term from Chinese criminal networks (sha zhu pan), pig butchering scams have gone global, and 2025 shows they are not only persistent but evolving in new ways. These schemes often blend elements of romance scams, fake investment platforms, and even high-tech deception, making them among the hardest to recognize until it’s too late.
近年來,最具心理傷害性的詐騙之一就是所謂「殺豬盤」:這是一種長期誘騙,詐騙者透過網路花數週甚至數月與受害者(「豬」)建立感情、博取信任(即把「豬」養肥),之後再進行大規模的金錢剝削(「殺豬」)。「殺豬盤」這個名詞起源於中國犯罪集團(「殺豬盤」),目前這類詐騙已經全球化,並在 2025 年出現更多變化與進化。這種詐騙通常結合了愛情詐騙、假投資平台,甚至高科技欺騙手法,因此往往很難及早識破。
In a classic pig butchering scenario, it starts with a friendly outreach on social media or a dating app. The scammer might pose as an attractive person or a successful mentor figure. They don’t ask for money right away – instead, they engage the target in daily conversation, building an emotional connection or a sense of camaraderie. Only after trust is established do they introduce the idea of investing in cryptocurrency. “Have you ever traded crypto? I’ve been making great returns, I could show you,” they might say. In 2025, these fraudsters commonly direct victims to sophisticated fake platforms – often bogus crypto trading or mining apps that look legitimate and even show fake profit balances. The scammer (still in character as a friend or lover) will sometimes even let the victim withdraw a small amount of “profit” early on, to prove the system works. This hooks the victim into investing larger sums. It’s not unusual for the victim to see their account balance on the fake platform balloon to tens or hundreds of thousands of dollars on screen, reinforcing the belief that they’ve struck gold.
典型的殺豬盤劇本通常從社群媒體或交友軟體發送親切訊息開始,詐騙者可能假扮成有吸引力的人,或是成功導師。對方一開始不會要錢,而是每天主動問候,與目標談天,慢慢培養感情或默契。只在建立足夠信任之後,才會引導對方投資加密貨幣。例如會說:「你有投資過加密貨幣嗎?我最近都賺很多,要不要一起做做看?」到了 2025 年,這類詐騙者很常把受害者導向高度擬真的偽冒交易平台或礦機 App,這些網站看起來專業還會秀出假獲利餘額。詐騙者(依舊扮演朋友或戀人)有時甚至會讓受害者初期提領少量「獲利」,以證明平台「真的賺錢」。這招讓對方對該系統高度信任,開始加大投入。受害者在假平台內看到的帳戶餘額常常會膨脹到數萬、甚至數十萬美元,強化了自己「發財夢成真」的幻覺。
*Scammers often carry out pig butchering via social messaging, gradually convincing targets to join fake investment schemes. In this real example from an investigation, the scammer (left) touts an “AI intelligent trading” platform with arbitrage opportunities during a chat conversation, while on the right is a screenshot of the phony trading app interface they direct victims to. Everything is engineered to look professional and profitable – until the victim tries to withdraw funds, at which point the fraud becomes apparent and the scammers disappear with the money.
詐騙者通常會利用社交聊天軟體推行殺豬盤,循序漸進說服目標參與假投資方案。在某次調查中的真實案例,詐騙者(左)於對話中推薦一個標榜「AI 智能套利」的投資平台,而右圖則是該假冒交易 App 的介面截圖。所有設計都看似專業且穩賺不賠 —— 直到受害人欲提領資金時,詐局才會暴露,而騙子也隨即人間蒸發。
The scale of pig butchering operations is massive. According to some estimates, more than $75 billion may have been stolen worldwide via pig butchering scams since 2020. That figure, while hard to verify precisely, underscores that we are dealing with industrialized fraud networks. In April 2025, one high-profile case involved a Maryland, USA woman who lost over $3 million to a pig butchering scam. She was approached via a messaging app by someone who became a daily confidant and eventually guided her into what she thought was a lucrative crypto investment program. Each time she invested more, the platform showed her making extraordinary gains – but when she attempted to cash out, she was hit with phony “tax” and “fee” demands. She kept paying these extra charges, hopeful to unlock her earnings, until reality set in that it was all a ruse. Tragically, after her savings were wiped out, scammers targeted her again with a “recovery scam”, pretending to be a law firm that could help get her money back for an upfront fee. This secondary exploitation of victims – essentially kicking people when they’re down – is common. Fraudsters share lists of people who have already been scammed (or use the same alias to re-contact them later) under the assumption they may be desperate enough to fall for another trick.
殺豬盤犯罪的產業規模極大。有估計指出,自 2020 年以來,殺豬盤詐騙在全球竊取的資金超過 750 億美元。雖然這個數字難以精確查證,但說明這早已成為工業化的犯罪集團。2025 年 4 月,美國馬里蘭州有一名女子就被殺豬盤騙去超過 300 萬美金。她是在通訊軟體上被主動認識,對方成為她每日傾訴心事的朋友,最後引導她進入所謂「高報酬」的加密投資方案。每次加碼,平台都顯示她「賺了很多錢」—— 直到她準備提出資金時,卻被收取各種虛假的「稅金」和「手續費」。她為了取回本金還不斷付錢,直到最後才認清一切只是騙局更悲慘的是,她的積蓄被騙光之後,詐騙集團又用「資金追回詐騙」二度下手,假冒「律師事務所」向她索取前置費用以「協助追回資金」。對受害者落井下石、反覆剝削在圈內已屬慣例。詐騙集團會共用被騙名單(或之後再用同一身分聯絡),因為他們認為這些人足夠絕望,容易再度掉入陷阱。
Pig butchering rings often operate from overseas and can involve human trafficking and forced labor. Numerous reports have emerged of large scam compounds in Southeast Asia (Myanmar, Cambodia, Laos) where criminal gangs hold dozens or hundreds of workers, forcing them to run these online scams targeting victims around the globe. These workers are trained with scripts and even playbooks on how to gradually manipulate someone emotionally. It’s truly organized crime. Law enforcement agencies are trying to respond: in late 2024, Interpol and local police rescued some trafficking victims from scam centers, and in 2025 the U.S. FBI issued strong warnings and worked with tech companies to disrupt pig butchering networks. Telegram, a platform often used for initial contacts, has collaborated to shut down channels that scammers use for coordination. Yet arrests typically nab low-level operators; the kingpins, often protected by jurisdictions with lax cybercrime enforcement, remain elusive.
殺豬盤集團多半在海外設點,部分涉及人口販運及強迫勞動。多份報導指出,東南亞(緬甸、柬埔寨、寮國)有大型詐騙園區,犯罪集團拘禁數十、數百人,強迫他們執行這類網路詐騙,受害對象遍及全球。這些人接受專業話術與逐步情緒操控的腳本訓練,堪稱組織犯罪。執法機關正積極回應:2024 年底,國際刑警與當地警方合作,救出部分遭販賣的詐騙勞工;2025 年,美國 FBI 也發布警示,並與科技公司合作打擊殺豬盤網絡。常常被用於聯絡起頭的 Telegram 也配合關閉詐騙協作頻道。然而多數遭逮捕的僅是基層成員,真正首腦往往受益於當地鬆散的網路犯罪執法,仍難以追緝。
One way pig butchering has adapted in 2025 is by embracing DeFi and Web3 jargon. In the past, many such scams revolved around simple buy/sell crypto on a fake exchange. Now, scammers lure victims into more complex fake DeFi platforms – for instance, a sham yield farming or staking site where the victim believes they are earning 3% daily interest. The interface might show liquidity pools, NFT collectibles, or AI-powered trading bots, all fake but visually convincing. “Decentralized pig butchering” is the term some experts have used, because the scammer encourages the victim to use real decentralized apps (or at least something that mimics them) rather than just sending money outright. One reported case saw a victim introduced to a “new DeFi project” by a romantic interest; the platform had what looked like audited smart contracts and real-time market data, tricking the victim into believing it was legitimate. Early on, the victim could withdraw small amounts, but a hidden trapdoor in the code funneled larger withdrawals to the scammers’ wallet, which was only triggered after significant deposits. By blending technical deception with social manipulation, these hybrid scams blur the lines and exploit both emotional and technical trust.
2025 年,殺豬盤的新變種就是大量運用 DeFi、Web3 專有術語。過去常見的劇本僅僅是帶受害者在假平台買賣加密貨幣,現在則是誘導加入更複雜的假 DeFi 平台,比如假冒的流動性挖礦或質押網站,讓受害者以為自己每天都能賺取 3% 利息。介面上會有流動池、NFT 收藏品或 AI 智能交易機器人等功能,全都是假但畫面專業。有專家稱這為「去中心化殺豬盤」,因為詐騙者鼓勵受害人直接用去中心化應用(或仿造品),而不再只是單純轉錢。曾有報導記載,受害人被網路情人介紹加入某「全新 DeFi 專案」,該平台所用智能合約有標記「第三方稽核」,也顯示即時行情數據,因此讓人信以為真。初期可以提領小額,但程式碼中暗藏後門,超過一定存款金額時,大額提款就會自動流向詐騙集團錢包。這類結合技巧與心理操控的複合型詐騙,讓人難以劃清真假,也同時利用了情感信任與技術認知落差。
For victims, the fallout is not just financial but deeply emotional. The betrayal by someone they considered a friend or romantic partner can cause shame, depression, and devastation. It’s not uncommon for victims tobe reluctant to come forward due to embarrassment – scammers know this and leverage that shame to their advantage (and to delay law enforcement notification). Consumer protection agencies urge that anyone can be a victim; these con artists are extremely convincing and patient. A key prevention tip is to be wary of unsolicited investment advice from new online acquaintances, no matter how friendly or knowledgeable they seem. If someone you’ve only met online urges you into a “great” crypto opportunity – especially if they guide you off a well-known exchange into some obscure platform or app – that’s a major red flag. Do your own research, and never let someone else remotely “train” you on how to invest your money. Also, if an online friend resists video chatting or meeting in person over a long period, that’s suspicious (though even video chat can be faked now with deepfakes, as we saw).
出於尷尬而不願意主動承認——詐騙集團深知這點,並利用這種羞恥感來獲利(同時拖延受害者報警)。消費者保護機構一再強調人人都可能成為受害者,這些詐騙犯極具說服力且很有耐心。預防重點之一,是對新認識的網友主動提供的投資建議保持警惕,不管對方看起來多麼親切或專業。如果你只在線上認識的人,催你參加「很棒」的加密貨幣機會——尤其是帶你離開知名平台,轉往不明來源的某個網站或App——這就是重大警訊。要自己做功課,千萬不要讓別人遠端「教」你怎麼投資。如果認識已久的網友長期拒絕視訊聊天或面對面見面也是可疑的(而且就如我們所見,即使視訊現在也能被AI深偽技術偽造)。
Verifying the legitimacy of any investment platform is crucial: check if it’s a known registered company, see if others have reported it as a scam (resources like Chainabuse or scam trackers can help), and test by withdrawing a small amount early (though note, as mentioned, some scams do allow one small withdrawal to build trust). If you or someone you know does get sucked in, remember that recovery scams often follow – skeptically scrutinize anyone promising to get your money back for a fee or those claiming to be law enforcement reaching out on Telegram or WhatsApp (real agencies don’t typically do that). Pig butchering is a particularly cruel crime because it targets the human need for connection and financial security simultaneously. The best armor against it is awareness: knowing that these schemes exist and how they operate can inoculate potential victims before the scammer sinks their hooks in.
驗證任何投資平台的合法性至關重要:查查對方是否是註冊公司、有沒有人通報過詐騙紀錄(像Chainabuse或詐騙追蹤網站等工具都能協助),並嘗試提領小額資金測試流程(不過要注意,有些詐騙會允許第一次小額出金以建立你的信任)。如果你或親友已經捲入,請務必警惕後續的「追回」詐騙——絕對要懷疑任何向你收費、聲稱能幫你討回損失的人,或是自稱執法單位透過Telegram或WhatsApp與你聯絡的人(正牌的執法機關通常不會這樣做)。「殺豬盤」特別可怕,因為它同時瞄準人類對情感連結和財務安全的需求。對抗這類詐騙的最佳武器就是知識:明白這些手法的存在及運作方式,才能在被下手之前有效預防。
DeFi Rug Pulls and Memecoin Scams
In the freewheeling world of decentralized finance (DeFi) and crypto token trading, “rug pulls” have become an ever-present hazard. A rug pull is essentially a bait-and-switch hustle: developers launch a new token or project, hype it up to attract investor money, then abruptly withdraw liquidity or exploit a backdoor in the code to steal funds – leaving investors holding worthless tokens. Throughout 2024 and 2025, rug pulls have shifted in frequency and form, but they remain one of the costliest types of crypto scams by sheer dollars stolen.
在去中心化金融(DeFi)及加密貨幣代幣交易這個自由奔放的領域裡,「拉地毯」詐騙(rug pull)成了隨時可能踩到的陷阱。rug pull 本質是一種誘騙再背叛的伎倆:開發者推出新代幣或專案後大肆炒作、吸引投資人進場,接著突然撤走資金池流動性,或者利用程式碼後門洗劫資金,結果投資人手上只剩一堆一文不值的代幣。2024到2025年間,rug pull 案件發生的頻率與手法有所改變,但從金額來看,仍舊是最傷害巨大的加密貨幣詐騙種類之一。
Interestingly, 2025 has seen fewer individual rug pull incidents compared to 2024, but the ones that do occur are far more devastating in scale. According to DappRadar data, in early 2024 there were 21 documented rug pull events, whereas the same period in 2025 saw only 7 – a roughly 66% decrease in frequency. However, those 7 incidents in 2025 collectively led to nearly $6 billion in losses, an astonishing jump (a 6,500% increase) from about $90 million lost in early 2024. How can fewer scams cause magnitudes more damage? The answer: one mega-rugpull can dwarf dozens of smaller ones. DappRadar’s report notes that roughly 92% of the $6B loss came from a single collapse – the Mantra DAO’s OM token – although the project’s founders disputed the characterization of it as a deliberate rug pull. Mantra’s OM token plummeted in value after a major event (reportedly a large holder dumping tokens), wiping out billions in market cap. Whether or not it was an “inside job,” DappRadar treated it as an example of how a project collapse can emulate a rug pull in effect. This case illustrates a grey area: sometimes a legitimate project failure and a scam can look similar from the outside. Nonetheless, the message is that rug pulls are becoming less frequent but hitting with larger shockwaves – what one analyst called “fewer but deadlier” scams.
有趣的是,2025年rug pull事件數量雖較2024年減少,但每一起發生的損失規模卻大得多。根據DappRadar資料,2024年初記錄了21起 rug pull 案件,但2025年同期僅有7起——發生頻率大約下降了66%。然而,2025年這7起案件合計造成接近六十億美元損失,和2024年初的九千萬美元相比,損失暴增了約6500%。為什麼案件數變少反而造成數倍損失?答案是:少數超大規模rug pull,可以掩蓋數十個小型詐騙。DappRadar報告中指出,這六十億美元約92%來自單一事件——Mantra DAO 的OM代幣崩盤——儘管該團隊否認是蓄意詐騙。據稱有大戶拋售,導致OM幣價暴跌,市值瞬間蒸發數十億。不論內情如何,DappRadar把此案視為「專案崩盤擬似 rug pull」的範例。本案也說明現實的灰色地帶:有時候正當項目失敗與詐騙,外觀上並無明顯區別。總之,rug pull案正朝「更少但更劇烈」的方向發展——正如某分析師所形容「數量少、殺傷大」。
A notable trend in 2025 is that memecoins have become the main culprits for rug pulls, overtaking the DeFi protocol and NFT project rug pulls that were more common in 2024. Memecoins – often dog-themed or joke tokens with no serious utility – can skyrocket in popularity overnight, creating a perfect setting for pump-and-dump or rug pull schemes. Scammers take advantage of the “get rich quick” mentality around the latest viral coin. They might build a token contract with hidden malicious functions or simply retain an overwhelming majority of the supply through many wallets. Then through aggressive promotion on Twitter, Telegram, and even via influencer endorsements (sometimes paid, sometimes fake), they drive public interest. When the price and liquidity have ballooned enough, the scammers execute their exit: for example, using a function in the smart contract to mint billions of new tokens for themselves or remove the liquidity pool, causing the token’s price to collapse to near-zero in seconds.
2025年值得注意的新趨勢是,梗幣(memecoin)成為 rug pull 的主角,超越2024年較常見的DeFi協議及NFT項目。梗幣——通常是狗狗或其他惡搞題材、毫無實質用途——只要一夜爆紅,立刻成為短線炒作或 rug pull 的溫床。詐騙者利用社群的「一夜致富」心態製造新熱潮。他們可能在智能合約裡隱藏惡意功能,或用多個錢包大量控制代幣。接著透過Twitter、Telegram的社群轟炸以及「網紅」背書(有時收錢、有時冒充)來炒作人氣。一旦幣價和流動性炒到高點,主謀就啟動出場機制:例如用智能合約鑄造數十億顆新幣給自己,或直接把流動資金池抽乾,讓幣價在幾秒內變成廢紙。
One dramatic example was the Libra token scandal in Argentina in early 2025. The token (unrelated to Facebook’s Libra) rallied to a multi-billion dollar market cap in February after Argentina’s president, Javier Milei, posted about it on social media – seemingly giving it a stamp of approval. Speculators piled in, and then Milei deleted his post. The token’s value promptly crashed by 94%, leading to an outcry and accusations that the whole affair was a classic pump-and-dump scheme using the president’s post as pump fuel. It’s not clear if insiders engineered this or if it was a spontaneous mania followed by panic, but it demonstrates the hair-trigger nature of memecoin markets. Another high-profile case was the Meteora (M3M3) memecoin rug pull. In that scheme, according to a lawsuit, the insiders secretly accumulated 95% of the token supply via over 150 addresses within minutes of launch, then artificially pumped the price through wash trades. Public buyers saw the price shooting up and rushed in, unaware the game was rigged. When the orchestrators dumped their holdings, the price imploded, and outside investors lost an estimated $69 million between late 2024 and early 2025. The fallout even led to a proposed legal argument that such stake-based memecoins might be treated as securities to impose more regulatory oversight.
舉個戲劇性的例子,2025年初阿根廷發生的Libra代幣爭議。這個Libra和臉書那個無關,但總統米雷伊(Javier Milei)在社群媒體貼文後,幣價拉到數十億美元市值——看似總統加持,炒手湧入搶買,結果米雷伊又速刪了貼文,幣價旋即崩盤94%。這被指是一場用總統效應充當炒作燃料的經典割韭菜案。幕後是否有內鬼還是單純群眾狂熱後恐慌不得而知,但也顯示memecoin市場極其易受操縱。另一著名案是 Meteora (M3M3) 梗幣 rug pull。據訴訟內容,核心幕後者剛開盤幾分鐘內就用150多個錢包控制了95%幣量,再用洗售推高價格。市場上的買家見價飆上天紛紛追高,卻不知遊戲早已被操縱。主謀出貨時幣價崩塌,散戶損失估計達6900萬美元(2024年底到2025年初)。這個負面效應甚至帶動法律討論,呼籲這類內部集權型梗幣應被歸類為證券以加強監管。
DeFi protocol rug pulls also persist. A textbook case occurred with Kokomo Finance in March 2023 (an earlier example, but similar patterns continue). Kokomo was a lending protocol on Optimism (an Ethereum layer-2 network) that suddenly vanished along with ~$5.5 million of user deposits. The developers had deployed legitimate smart contracts initially, even undergoing a rudimentary code audit that found no issues. But later, they redeployed an altered contract or used an upgrade function to introduce malicious code that allowed them to drain funds from the liquidity pool. They then deleted the project’s website and social media, a telltale sign of a rug pull exit. This “bait-and-switch code” approach is increasingly common: start with what looks like a trustworthy, even audited project, then exploit an overlooked backdoor or governance feature to execute the heist when timing is optimal. Some are delayed-exit rug pulls that run for months, cultivating a community and perhaps even external investors, before the rug is yanked. These drawn-out scams might incorporate things like governance votes or time-locked contracts to mask the perpetrators’ ultimate control. By the time a vote passes handing them the keys to the treasury (often through manipulated voting power), it’s too late – the funds are gone and the perpetrators vanish.
DeFi協議 rug pull 依然層出不窮。2023年3月的 Kokomo Finance 案就頗具教科書意義(雖然發生較早,但相似套路仍不斷上演)。Kokomo 是構建在 Optimism(以太坊Layer-2)上的借貸協議,突然消失、帶走了約550萬美元用戶存款。開發者最初部署的是正規、經簡易審計沒發現問題的智能合約,但後來重新部署已被動手腳的版本,或用升級權限引入惡意程式碼,實現資金池掏空。隨後官方網站和社群帳號也神隱失聯,標準的 rug pull 「落跑」手法。這種「誘餌—偷換程式碼」套路越來越普遍:先推出令人信任甚至通過審計的計畫,之後利用舊版未被發現的後門或治理漏洞,在時機成熟時來一波大收割。有些 rug pull 甚至是「養套殺」,運作好幾個月累積社群資金與外部背書,最後拉走資金才人間蒸發。這類詐騙還常設計治理投票、時間鎖合約等障眼法讓表面看似分權,實則暗中控盤,等投票將金庫所有權交給主謀時,已經來不及——資金早已消失,負責人銷聲匿跡。
From the perspective of a crypto investor, there are several red flags and precautions to consider. Be wary of projects with anonymous teams, no clear roadmap or product, and unrealistic promises (like “guaranteed 100x returns”). Lack of external audit or a very fresh project with minimal history can be risky, though as seen, even audits aren’t foolproof if developers are cunning. Monitor the token’s distribution – if a handful of wallets hold an overwhelming majority of supply or if liquidity is very low relative to market cap, that’s dangerous. Tools exist to check if a token’s code has unusual functions (like the ability for admins to mint new tokens or restrict selling); services like Token Sniffer or security audits posted on-chain can help identify these. DappRadar’s analyst pointed out signs like a sudden spike in active wallets or volume with no clear reason could signal manipulation. Conversely, projects with no GitHub activity or which appear out of nowhere with huge hype should be treated with caution.
身為加密投資人,有幾項警訊必須謹記。首先,匿名團隊、沒清楚路線或產品、承諾不切實際(如「保證百倍」)的項目必須特別小心。沒經過外部審計、專案過新、歷史短暫都增加風險,但即使有審計也難保萬無一失(如團隊處心積慮)。一定要留意代幣分布情形——如果少數錢包持有絕大部分幣量,或者流動性占市值比例極低,風險極大。市面已有工具能查智能合約是否藏有異常功能(如管理員可無限鑄幣、限制賣出等),用Token Sniffer或鏈上公開的安全審計報告都有幫助。DappRadar分析師建議留心一些徵兆:例如短時間內活躍錢包數、交易量暴增,卻無合理解釋,可能涉及操縱。至於沒有GitHub記錄、從天而降且極度炒作的項目,更應當格外謹慎。
It’s heartening that user awareness is increasing. The crypto community on social platforms often spreads warnings quickly when a project is suspected of foul play. However, in the throes of FOMO (fear of missing out), many still get caught. Regulators have also stepped up enforcement on egregious rug pulls – U.S. authorities charged several rug pullers in NFT and DeFi scams in 2023 and 2024, for example, showing that law enforcement is willing to pursue these as investment fraud cases. But given the often pseudonymous nature of crypto, prevention is far better than cure. As DappRadar commented, “While rug pulls may never be fully eradicated, their impact can be drastically reduced when users are equipped with the right information”. In essence, due diligence and skepticism are your best defense in the Wild West of token trading. If you stick to well-known projects and always assume that a new token could be a scam until proven otherwise, you’ll avoid the majority of rug pull traps. And if a friend or influencer is urging you to “get in on this hot new coin now,” remember that hype is the scammer’s most effective weapon – don’t let excitement override scrutiny.
可喜的是,加密用戶意識正在提升。社群平台的幣圈用戶往往會快速共享有問題項目的警告,但許多人遇到「錯過就沒機會」(FOMO)情緒,還是會衝動中招。各地監管單位也開始加強執法——像美國在2023、2024年就針對NFT及DeFi rug pull案件提起訴訟,顯示執法部門決心將這些案件視為投資詐騙辦理。但由於加密世界普遍使用偽名,與其事後追討,積極預防才是王道。正如DappRadar評論:「rug pull 也許永遠不會絕跡,但用戶只要有足夠知識,損失可以大幅減少」。總之,盡職審查與健康的懷疑心就是這場幣圈西部大荒野上的最佳自保之道。只跟知名項目、永遠對新幣先假設可能是詐騙,才能迴避大多數 rug pull 陷阱。若有朋友或網紅猛催你「現在立刻衝進這支熱門新幣」,請記得,「熱潮」往往是詐騙者最有力的武器,不要讓激情蓋過理智審查。
Ponzi Schemes and High-Yield “Investment” Programs
Not all crypto scams rely on fancy tech; some are essentially old-fashioned Ponzi or pyramid schemes dressed in crypto garb. The premise is familiar: promise investors extraordinarily high or guaranteed returns, often under the guise of a special trading algorithm, mining
不是所有加密詐騙都靠高科技;部分其實就是傳統的龐氏騙局或金字塔詐騙,僅僅披上了「加密」外衣。模式很熟悉:以特殊交易演算法、礦機等名義,向投資者承諾極高甚至「保證」回報——operation, or arbitrage opportunity. Early participants may receive some payouts (often using funds from newer investors) to build credibility. But inevitably, the structure collapses when the operators decide to vanish with the funds or when recruitments dry up. Despite the crypto community’s awareness of infamous Ponzis like BitConnect (which imploded in 2018) and OneCoin (which was exposed as a multi-billion dollar fraud), new iterations continue to emerge, sometimes incorporating the latest buzzwords to seem legitimate.
營運,或者套利機會。早期參與者可能會獲得一些分紅(通常來自新加入投資人的資金),藉此建立可信度。但最終,當操盤者選擇捲款潛逃、或招募新血斷絕時,這種結構必然崩潰。即使加密貨幣圈普遍知道像 BitConnect(2018 年崩盤)和 OneCoin(曝露為數十億美元詐騙)的惡名龐氏騙局,新的變種仍然層出不窮,有時還搭配最新流行語包裝自己看似正當。
In 2024 and 2025, regulators and investigators have cracked down on several large crypto Ponzi schemes, yet others still operate under the radar. The U.S. Securities and Exchange Commission (SEC) in 2024 charged the founders of HyperFund/HyperVerse, an alleged crypto mining and investment pyramid, claiming it defrauded investors of around $1.7 billion. HyperFund enticed people with the promise of daily returns from cryptocurrency “mining pools” and had a multi-level referral system – classic Ponzi indicators. The scale (nearly two billion dollars) shows these schemes can grow huge before authorities intervene. In another case, CBEX, a supposed trading platform mostly targeting Africa, collapsed in April 2025 leaving millions of dollars in losses and thousands of victims in its wake. CBEX presented itself as a cutting-edge crypto exchange offering lucrative investment plans, but it appears to have been a scam that unraveled when withdrawals stopped and the operators disappeared.
在 2024 與 2025 年,監管機構與調查人員已經查緝了數個大型加密龐氏騙局,但仍有其他案例在地下運作。美國證券交易委員會(SEC)於 2024 年指控 HyperFund/HyperVerse 創辦人經營加密貨幣挖礦暨投資金字塔,涉嫌詐騙投資人約 17 億美元。HyperFund 用所謂加密貨幣「挖礦池」每日分紅,加上多層推薦制度吸引人投資——典型的龐氏特徵。其規模(接近二十億美元)顯示這類詐騙可以膨脹到相當龐大才被查緝。另一例子,CBEX 是主攻非洲地區的虛假交易平台,於 2025 年 4 月崩潰,造成數百萬美元損失、數千名受害者。CBEX 包裝成新潮加密交易所、號稱有高獲利投資方案,實際上當其停止出金、操盤者失聯時,騙局才徹底敗露。
A hallmark of modern crypto Ponzis is the use of contemporary tech jargon to lure the tech-savvy while masking the lack of real business. You’ll hear terms like “AI-powered trading bot,” “liquidity mining,” “DeFi arbitrage,” or “Web3 cloud mining” in their marketing. In reality, as one analysis put it, they’re just slapping buzzwords onto the age-old “give us your money and we’ll magically make more for you” pitch. For example, a scheme might claim it uses an AI to exploit crypto market inefficiencies 24/7, yielding 5% per day, and all you have to do is deposit your Bitcoin and let it work. These stories sound plausible to those who are aware of AI and crypto but not deeply versed in their limits. Scammers often operate slick-looking websites and apps, sometimes even registering shell companies to appear legitimate. They’ll have referral programs, VIP tiers, and maybe a Telegram community full of botted testimonials. Everything is fine until one day – often without warning – withdrawals are “temporarily halted” due to some excuse (system upgrade, regulatory issue, etc.), which is quickly revealed to be permanent as the organizers exit with the funds.
現代加密龐氏的特徵之一,就是愛用當代科技術語來吸引科技熟手,同時掩飾本業的虛無。你會在他們的行銷看到如「AI 自動交易機器人」、「流動性挖礦」、「DeFi 套利」、「Web3 雲端挖礦」等等詞彙。其實,如某分析所說,這就是在古老的「把錢給我們、我們讓你的錢神奇增長」老套路上貼上新潮 buzzword。例如某個方案可能宣稱用 AI 24 小時自動套利賺 5%/天,你只需存入比特幣、什麼也不用做。這種說法對有聽過 AI 與加密貨幣、但對其極限不熟的人來說很有說服力。騙徒常打造專業的網站和 App,有時甚至註冊空殼公司以示合法,推出推薦獎金、VIP 級別方案,搭配 Telegram 社群裡充斥機器人假見證。全都看似沒事,直到某天——通常毫無預警——宣稱因「系統升級」或「監管問題」暫停出金,很快被證實為永遠無法出金,因為主事者已經捲款跑路。
Even smaller-scale “investment manager” scams abound. These are often individuals posing as successful crypto traders or portfolio managers. They will, for instance, promise to take your 1 ETH and, through their special strategy, return 2 ETH in a week. On platforms like Instagram, it’s common to see scammers flaunting luxury lifestyles and trading screenshots to entice followers into sending them crypto to invest. Of course, once sent, the money is gone. In one 2025 example, an Australian man was contacted via the Signal app by someone offering an investment opportunity; he started with $500 and saw supposed profits, so he invested more and more, ultimately losing about $64,000 when he realized the entire thing was fake and he couldn’t withdraw his funds. Similarly, a 57-year-old woman in Cyprus was duped into a crypto investment scheme over a couple of months, losing €37,000 (~$41,600) after the scammers invented reasons she couldn’t withdraw and needed to pay more. These stories highlight that you don’t need to be a complete crypto novice to fall victim – sometimes basic financial trust and the lure of high returns can cloud judgment, especially when the scammers patiently groom their marks (overlaps with pig butchering techniques).
就連更小規模的「投資經理人」詐騙也非常多。這通常是個人冒充成功的加密幣交易員或投資組合經理。例如,他們會承諾幫你把 1 顆 ETH,在一週內透過獨門策略變成 2 顆 ETH。在 Instagram 等社群平台,詐騙集團常炫耀奢華生活和交易截圖,吸引追隨者把加密幣交給他們投資。當然,一旦轉帳就石沉大海。2025 年有一名澳洲男子在 Signal App 被人搭訕投資,他從 500 美元開始、看到「獲利」就不斷加碼,最終損失約 64,000 美元才驚覺整場是局、且無法提現。同樣地,賽普勒斯一名 57 歲女性被假加密投資案騙走 37,000 歐元(約 41,600 美元),詐騙者編造各種理由不讓她出金、甚至要她追加匯款。這些故事說明,受害人不一定是加密小白——有時基本的信任和高報酬的誘惑就足以讓人判斷蒙蔽,特別是詐騙集團耐心培養目標時(這也和殺豬盤手法重疊)。
One interesting variant reported in 2025 involves fake crypto mining operations. We saw a hint of this in the aforementioned Vietnam case, where a group ran a fraudulent “BitMiner” website, selling mining machine contracts and education, which turned out to be a scam netting them around $157,000. Globally, many consumers are still unfamiliar with how crypto mining works, making them susceptible to scammers offering cloud mining packages or asking them to invest in mining hardware that will supposedly generate steady crypto income. Often these operations pay out tiny amounts at first (to appear real) and then suddenly cease payouts and support.
2025 年出現一種有趣的變種,就是假加密礦場騙局。上述越南案件就有端倪:一夥人辦「BitMiner」網站,賣礦機合約、辦課程,結果全是詐騙,大約騙到 15.7 萬美元。全球範圍內,許多消費者對加密挖礦運作方式不熟,因此容易被「雲端挖礦」方案,或被要求投資礦機、承諾穩定被動收益給騙走。這類騙局經常一開始會給一點小額分紅(營造真實感),隨後出金和客服突然全部消失。
To guard against Ponzi-style schemes, individuals should remember a few cardinal rules. Guaranteed high returns are a red flag – no legitimate investment in crypto or elsewhere can promise, say, “1% daily growth” or other absurd consistency. If someone claims to have a fail-proof system, it’s likely a fraud. Verify the entity: Is the company or fund registered with any financial authority? Do they provide audited financial statements or transparency about their operations? In crypto, plenty of legitimate projects are unregulated of course, but then they usually don’t solicit you with guaranteed returns – they’ll talk about risk and market fluctuations, whereas scammers downplay risk entirely. Be wary of referral-heavy models: If you’re being encouraged to bring in friends to earn bonuses, and those friends need to bring in more friends, that’s the pyramid structure revealing itself. Also, check if what they’re supposedly doing with your money makes sense – for instance, if it’s arbitrage, why do they need your funds instead of using their own to quietly make a fortune? If it’s mining, are they actually posting technical details about their mining farms? Often a quick internet search of a scheme’s name plus “scam” will yield warnings on forums or reports by others. Scammers depend on reaching people who haven’t heard about previous scams, which is why they often hop from region to region or community to community (we see a lot of cross-border targeting – e.g., a scam run out of one country targeting victims in another where news of it hasn’t spread).
預防龐氏型詐騙,有幾個基本原則:保證高回報就是大警訊——沒有任何正當投資能承諾「每天 1%」或持續穩定的高成長。如果聲稱自己有百分百安全機制,極有可能是詐騙。一定要查證公司或資金運作單位:他們有在任何金融主管機關登記嗎?有無提供審計過的財報、對營運資訊透明?當然,很多加密項目本來就沒受監管,但這些通常也不會主動喊給你「穩賺不賠」,而會談論風險、行情波動;相對地,詐騙會全盤掩蓋風險。特別要小心重推廣推薦制度的模式:如果不斷鼓勵你邀請朋友、朋友還要推薦朋友,這明顯就是金字塔結構。也要實際思考他們聲稱運作的內容合不合理——比如如果是套利,為什麼非要動用你的錢,不自己默默賺?如果是挖礦,是否真的有礦場技術細節可查?通常用方案名稱加上「詐騙」在網路上搜尋,很快就會看到論壇警告或前人經驗。詐騙集團就是專門鎖定沒聽過前案的人,所以他們常常跨國、跨社群移動(我們現在很常看到由某地發動、專找另一地區受害人的詐騙)。
Ponzi schemes can run for a surprisingly long time if fresh money keeps coming in – OneCoin lasted several years, defrauding victims of over $4 billion, before it fell apart. In 2025, with crypto markets rebounding, the environment is unfortunately ripe for such schemes to catch those who feel they missed out on the latest bull run and are hungry for outsized gains. Thus, education and skepticism are crucial. Remember that legitimate crypto investing is usually a slow, research-intensive process – any shortcut offered to you on a platter is likely a trap. If friends or family get pulled into something that sounds like a Ponzi, it’s important to have open conversations and share information (not always easy, as psychology of these scams can create cult-like belief among participants). Regulators worldwide have increased public advisories about crypto investment scams; even so, enforcement is tricky when scammers hide behind anonymity and jurisdictional gaps. That’s why the crypto community’s internal immune system – skepticism, whistleblowing, and information-sharing – is so vital to counter these high-yield frauds.
只要不斷有新錢流入,龐氏騙局出奇地能撐很久——OneCoin 撐了數年,最終垮台前欺騙四十多億美元。2025 年,隨加密市況回升,環境再度適合這種騙局誘騙錯過牛市、渴望暴利的人。所以,教育和懷疑精神至關重要。記得:正當的加密投資都是緩慢且需大量研究的過程——任何「捷徑」端到你面前很可能是陷阱。如果親友被疑似龐氏騙局吸引,務必坦誠分享資訊(雖然很難,因為這類詐騙心理機制常會讓參與者產生類邪教迷信)。全球監管單位近年大幅增強對加密投資詐騙的警示;然而,由於詐騙者隱身於網路匿名和司法管轄死角,執法並不容易。因此,加密圈自身的「免疫系統」——懷疑、爆料、資訊分享——對抗高利詐騙至關重要。
Targeting the Most Vulnerable: Extortion, “Crypto ATM” Scams, and Recovery Fraud
鎖定最脆弱的人:恐嚇、加密貨幣 ATM 詐騙與「幫你追回損失」騙局
While many crypto scams prey on investors’ greed, some of the most predatory scams prey on fear, urgency, or simple lack of technical awareness. These often target demographics like the elderly or those who have already been victimized once. A prominent example is the crypto ATM scam (a variation of impostor scams), which authorities around the world have been warning about. Here’s how it works: A scammer, often posing as a government official, bank fraud investigator, or even a distressed relative, calls an unsuspecting individual. They create a sense of panic – perhaps claiming “Your bank account is compromised by criminals” or “Your grandson is in jail and needs bail money” – and insist the only safe or fast way to pay is through a cryptocurrency ATM. The victim is instructed to go to a Bitcoin ATM (which are in many convenience stores and malls now), insert cash, and send crypto to a provided address to resolve the situation. Of course, once the crypto is sent, it’s untraceably gone to the scammer.
雖然大多數加密詐騙是針對貪念,但也有最惡劣的詐騙專攻受害者的恐懼、緊迫感,或純粹對科技的陌生。這類詐騙經常瞄準長者,或已經受過一次害的人。其中一個突出的例子就是加密幣 ATM 詐騙(假冒者詐騙的一種變形),全球各地政府單位都曾發出警告。操作方式如下:詐騙者假扮政府官員、銀行調查員、或裝成親屬來電,營造緊急感,如「你的帳戶被犯罪集團盯上」或「你孫子被關進警局急需交保金」,並強調「唯一安全/最快方式」就是用加密幣 ATM 匯款。受害人被指示前往比特幣 ATM(現今很多便利商店、購物中心都有),現金存入,然後發送加密幣至對方指定的錢包,問題「就能解決」。可是一但錢幣匯出,馬上非同可追,直接落入詐騙者手裡。
This con has sadly cost victims tens of millions of dollars. In the U.S. alone, seniors have been defrauded of over $65 million in the first half of 2024 via such crypto ATM phone scams, often involving someone impersonating a law enforcement officer or pretending to be a grandchild in trouble. The combination of a threatening phone call and the novelty of crypto ATMs can bewilder people who are not familiar with cryptocurrency. Police departments have tried to raise awareness; for instance, the Springfield Police in Massachusetts issued a warning in January 2025 stating: “If you receive a phone call with someone demanding a payment in cryptocurrency or Bitcoin, please hang up”. They noted an uptick in scammers directing victims to insert cash into crypto machines to send to the scammer’s wallet. Some crypto ATMs themselves have started placing warning stickers or requiring users to confirm they’re not sending funds to a scam (some machines in the U.S. ask if the payment is due to a call claiming IRS/tax issues, etc., and advise the user it’s likely fraud). Still, in moments of panic, people often comply – scammers are very skilled at keeping victims on the phone and coaching them through the process, sometimes even telling them what to say if a store clerk or family member intervenes.
遺憾的是,這招全球已經讓受害者損失數千萬美元。單單美國,在 2024 年上半年,長者就因類似加密 ATM 電話詐騙損失超過六千五百萬美元,常見假冒警員、或扮作孫子出事來電。威脅電話加上初見的新奇 ATM 介面,對不熟悉加密幣的年長者極具迷惑力。警方嘗試加強宣導;如麻薩諸塞州史普林菲爾德警局於 2025 年 1 月發警告:「若有人打電話要求以加密貨幣或比特幣付款,請立刻掛斷」。警方注意到越來越多詐騙透過電話指揮受害人將現金投入加密機器,傳幣至詐騙錢包。有些加密 ATM 已開始張貼警告貼紙,或要求用戶確認「這不是詐騙」才讓你轉帳(美國部分機台會問付款是否因接獲 IRS/稅務電話等,並主動提醒這很可能是詐騙)。但緊急時刻,受害人常還是照做——詐騙分子非常擅於讓受害者一直待在線上、一步步引導,甚至連有店員或家人旁邊插手時該說什麼都會教你。
Another heinous crime is sextortion, which increasingly intersects with crypto. In sextortion scams, fraudsters target typically younger individuals (including teens), often through social media, by tricking them into sharing intimate photos or videos. Then the scammer
另一種極為惡劣的犯罪是色誘勒索(Sextortion),而這種犯罪與加密貨幣交織的情形愈來愈明顯。在色誘勒索詐騙中,犯嫌通常以年輕人(甚至青少年)為目標,常透過社群媒體誘使被害人傳送私密照片或影片。然後詐騙者...threatens to release the material publicly or send it to the victim’s friends/family unless a ransom is paid, frequently demanded in Bitcoin or Monero for anonymity. The psychological toll is immense, as victims feel shame and fear exposure. Crypto is used because it’s easier for the criminal to remain anonymous compared to bank transfers. In some cases, the scammer may not even have real compromising material – they might just claim to, or use a compromised social account to convincingly pose as someone with nudes. The FBI and other agencies have flagged a surge in sextortion cases, and because they tend to be underreported (victims are embarrassed or afraid to speak up), it’s an insidious problem. The advice from law enforcement is that you should not pay; instead, involve authorities – many police have units to handle these, and paying often leads to more extortion, not relief.
然後有一種扭曲的衍生詐騙,叫做「資金追回詐騙」。這專門鎖定那些已經在前一次騙局中損失金錢的人,承諾收取前期費用來幫助他們追回失去的資金。舉例來說,如果你在拉地毯騙局或「殺豬盤」損失了五萬美元,你很可能之後會收到一封來自「資產追回專家」或律師事務所的電子郵件或 LinkedIn 訊息,聲稱他們能夠追蹤並追回你的加密貨幣。他們經常會引用受害人具體的損失金額(騙徒之間會分享資訊,或這些資訊在某些情況下本身就是公開的),進一步提升說服力。他們會要求支付「保證金」或法律費用。許多受害人因為急於追回損失,會支付這些可能高達數千美元的費用,最後才發現這家「公司」只是另一個利用希望再度詐騙的騙徒。這種詐騙格外殘忍,因為它讓原本已經在情感或財務上受創的人再次受害。Elliptic 研究指出,這類資金追回詐騙網站已經多到美國聯邦調查局在2024年查封了一些。這些網站往往用上看似官方的名稱,還有假的「成功案例」見證。其中一個網站被美國當局關閉後證實完全是騙局。在加密貨幣領域,真正的資金追回極其困難,執法機關不會要求受害人在事前付費——任何向你收費代為追回損失的人都要小心。
還有其他針對弱勢群體的各式詐騙,例如:求職詐騙(如假冒加密公司寄支票要求受騙者再以加密貨幣退還一部分——支票最終跳票),或者技術支援詐騙,詐騙者假裝協助解決電腦問題、卻趁機偷走設備裡的加密貨幣。還有一類較冷門但值得注意的詐騙,比如針對宗教團體或移民社群的假慈善或投資機會,專門利用圈內信任。這些詐騙的共同點,是利用信任及受害人對於加密貨幣細節不熟悉的弱點。
值得一提的是,這些類型的受害人並非全都是完全不懂加密貨幣的人。有時連在加密圈打滾一陣子的用戶,也可能在某些場景(比如突然接到通知交易所帳號被駭)下一驚慌而做出不理智的行為。高壓下,人們往往喪失最佳判斷力。因此宣導運動強調:絕不要在一通電話裡用非一般方式解決金錢糾紛。如果有人——無論自稱身分為何——指示你提領現金存入加密貨幣 ATM、購買禮品卡或做出其他奇怪行為,幾乎肯定是詐騙。政府部門不會要求以加密貨幣付款,水電公司和銀行也不會透過比特幣 ATM 解決客訴。如果有人說自己是親友,要求繳交加密貨幣做保釋金,一定要換個管道驗證其真偽。
值得鼓舞的是,世界各地執法機關都加強了公眾教育與打擊相關犯罪。舉例來說,2024年底,香港警方逮捕了一個利用 AI 化愛情詐騙的集團(如前面討論過的),越南警方則瓦解了一個加密貨幣挖礦詐騙集團,這都顯示出國際合作遏止大型詐騙的努力。美國聯邦貿易委員會(FTC)及 FBI 也會定期發布新型詐騙手法的警示,幫助不懂加密的公眾提高警覺。加密貨幣公司同樣在做教育推廣:交易所會寄信提醒常見詐騙,錢包軟體也會跳出警告視窗。
最終,保護最脆弱的受害者,關鍵還是提升大眾意識,以及營造受害人能坦誠交流、沒壓力地討論自身經歷的環境。詐騙者靠的就是受害者的秘密與羞恥感——他們常說「別告訴任何人,不然生意就沒了」或「不要告訴銀行行員這些錢是做什麼用」。只要你在做奇怪的金錢交易前能和朋友、家人或警方諮詢,這樣的舉動常常能讓詐騙馬上破功。對於我們這些在加密圈的人,更需要主動協助那些經驗不足的親友,同樣可能成為目標。只要花五分鐘談談「稅務局絕不會要你繳比特幣」這類基本常識,就有機會讓別人免於多年積蓄被詐騙一空。
The Ongoing Battle: Platforms, Law Enforcement, and Community Response
隨著2025年加密詐騙大幅成長,相應的反制行動也愈加積極,但整體情勢仍像貓捉老鼠,詐騙手法時時在升級,迅速適應新防禦措施。社群媒體和科技平台多年前就是詐騙溫床,如今承受越來越大壓力被要求有所作為。以 YouTube 為例,因平台大量充斥詐騙直播與影片,經歷官司以及輿論譴責。自2021年 Ripple 訴訟與和解後,YouTube 同意提升防詐措施,目前已啟用更先進的機器學習模型來偵測已知的詐騙影片形式,也成立專責小組處理用戶檢舉。儘管如此,正如 Garlinghouse 近期警告所言,依然有許多案例漏網。最主要的問題是量體龐大——YouTube 擁有數十億用戶,每分鐘都有大量內容上傳,詐騙者只需在直播短短一段時間內釣到受害者即可。Twitter(X)等平台也加強了對假贈獎推文與冒名帳號的偵測。2023 年中,Twitter 推出針對金融詐騙的專用政策,此外還有像 Twitter Community Notes 這類社群自發的疑似詐騙貼文提醒。但騙徒總會鑽漏洞:例如利用 Unicode 技巧變造名字(像用不帶點的 i「VitalikBıterin」冒充 Vitalik 本人),以規避系統攔阻。
平台管理往往需要在言論自由與內容清理之間取得平衡——沒人想過度審查而誤殺合法內容或錯控善良用戶。詐騙者正好能鉆這空檔,經常藏身於明處直到被檢舉。Garlinghouse 於2025年表示社交平台「已開始承認自己的角色」,但應主動帶頭打擊詐騙,而非僅僅被動應對。他提出一些點子,包括用已驗證的影片訊息(這樣深偽技術更難混過,若有驗證浮水印)、或要求贈獎宣傳必須揭露真實身分。但這些措施推行不易。
執法單位也獲得一些戰果。除了前述的重大逮捕,美國司法部等機構成立了加密犯罪工作小組,歐洲刑警則協調跨國聯合調查大型詐騙集團。國際刑警(Interpol)推動專案針對「殺豬盤」詐騙園區,並與東南亞國家聯手營救受騙勞工、剿滅基地。法律方面,美國的 SEC、CFTC 等監管單位不只查辦龐氏騙局,也追查曾推廣詐騙代幣的名人(例如抓到幫忙宣傳詐騙的網紅)。傳達的訊息是:監管單位對加密日趨熟悉,正密切監看這一領域。不過,相較之下,執法往往是亡羊補牢——當案件證據蒐集完成,大筆資金往往早已轉走,被害者受損已成事實。國際合作也有斷層,有些國家成了詐騙犯罪者的避風港,或無引渡條約。
區塊鏈本身雖有所幫助,但工具有限。所有交易通常都記錄在公開帳本上,調查機關可以循線追查資金流向。部分情況下,如果資金流轉到中心化交易所,執法單位可凍結帳戶——某些勒索軟體和詐騙得手資金即曾被凍結。另有像詐騙錢包黑名單、甚至智能合約層級的保護措施(例如有些代幣標準具備「斷路器」功能,檢測到異常大額傾銷時會自動暫停轉帳——雖然純正派批評這會使系統過於中心化)。Chainalysis、Elliptic、TRM Labs 等公司也發展出可自動標記高風險錢包行為的分析工具,比如追蹤反覆從釣魚網站收款的錢包集群。這些工具被交易所與合規團隊運用來封鎖或調查可疑資金。
同時,也興起了自發反詐與義警駭客的現象。有些技術高手潛入詐騙電話中心或「殺豬盤」組織,將線索外洩以協助潛在受害人或追查主謀。另一些人寫程式自動向詐騙加密錢包發送帶警告訊息的極小額交易(以便提醒即將匯款之人那是騙局地址)。也曾有白帽駭客奪回被偷資金、或癱瘓詐騙智能合約的故事——不過這種義警行動在法律上多屬灰色地帶且極為罕見。
從文化層面來說,教育與去汙名化尤其重要。加密社群經常分享 PSA 線上公告來宣導新型詐騙,這是很正面的現象。像 Bitcoin.org 和 Ethereum.org 也有專頁教大家如何避開騙局。有些受害人則勇敢站出來分享自己的故事(例如 CBS 採訪的馬里蘭州女性),這些——helps others realize how convincing these scams can be. Alex, a contributor at Built In, pointed out that fraud thrives in cultures of silence and shame; encouraging open discussion and reporting is key. If employees at a company can report that they were targeted by a deepfake call without fear of blame, the whole company can shore up defenses. Likewise, in online communities, people shouldn’t ridicule victims but rather use those incidents as lessons.
幫助其他人意識到這些詐騙有多麼逼真。Built In 的貢獻者 Alex 指出,詐騙通常在沈默與羞恥的文化中猖獗;鼓勵公開討論與通報才是關鍵。如果公司員工可以在不被責怪的情況下通報遇到深偽(deepfake)電話的經歷,整間公司就能強化防護。同樣地,在網路社群裡,人們不該嘲笑受害者,而是應該把這些事件當作經驗教材。
Resilience against scams will require collective effort. The crypto industry is innovating in defense as much as criminals innovate in offense: there are now AI tools that can detect deepfake artifacts, browser extensions that auto-warn of known scam URLs, multi-signature wallets and timelocks that can prevent one wrong click from immediately draining all funds, etc. Exchanges implement stricter Know-Your-Transaction (KYT) monitoring to catch suspicious deposits (like someone who suddenly got a huge amount from a freshly funded address – could be a scammer cashing out). Some jurisdictions are even considering mandatory risk warnings; for example, the UK requires banks to sometimes quiz customers on why they’re withdrawing large sums (after a rash of transfer scams, not specific to crypto but similar concept).
防範詐騙需要集體的努力。加密產業在防禦端的創新和犯罪分子在進攻端的創新一樣多:現在已出現能偵測深偽痕跡的 AI 工具、自動警告已知詐騙網址的瀏覽器擴充套件、多重簽名錢包與時間鎖,這些都能防止一個錯誤點擊就導致資金被全部轉走。交易所加強了交易監控(KYT, Know-Your-Transaction)以抓出可疑的入金行為(像是某人忽然從剛設立的錢包收到大額資金—可能是詐騙者在出金)。部分司法管轄區甚至考慮強制性風險警示;舉例來說,英國現在要求銀行在客戶提領大額現金時,有時要詢問用途(這是因為近日頻傳轉帳詐騙,雖然不限於加密貨幣,但概念類似)。
At the end of the day, crypto’s promise is to democratize finance – but that democratization comes with the responsibility for individuals to navigate safely in a world without traditional gatekeepers. It’s a bit like the early Wild West of the internet: tremendous opportunity, but also many pitfalls until users get savvier and protective measures mature. In 2025, we see both extremes – cutting-edge scams and increasingly sophisticated countermeasures – dueling in real time. As one blockchain investigator noted, “Fraud detection must become collaborative, decentralized and proactive. The best defense will always be a community that shares intelligence, validates identities and supports those who fall victim – not with blame, but with action.”.
最終,加密貨幣承諾的是金融的民主化——但這種民主化也意味著每個人必須對自己在沒有傳統守門人的世界中如何安全行動負責。這很像早期網際網路的「西部拓荒時代」:機會巨大,同時也充滿陷阱,直到用戶變得更精明,防護措施更成熟。2025 年,我們看到兩極發展——前沿詐騙與愈來愈高明的反制措施在現實中較量。一位區塊鏈調查員指出:「詐騙偵測必須變得協作化、去中心化且主動出擊。最好的防禦永遠是社群共享情報、驗證身份,並幫助受害者——不是用責備,而是用實際行動。」
Final thoughts
From AI-crafted deepfakes to old-school Ponzi schemes rebranded in crypto jargon, the spectrum of scams in 2025 demonstrates how fraud continually adapts to the trends of the day. Whenever the crypto market surges or a new technology emerges, scammers are quick to capitalize – yet the core techniques they exploit are often as old as fraud itself: greed, fear, urgency, trust, and ignorance. This year has shown that even highly informed investors can be momentarily deceived by a slick fake video or a very personal social engineering plot. The costs are not just financial (though those are huge, with billions stolen) but also reputational and emotional, eroding trust in the crypto ecosystem and shattering lives of victims.
從 AI 製作的深偽影片,到用加密詞彙包裝的老派龐氏騙局,2025 年各種詐騙手法展現了詐騙如何不斷適應時代趨勢。每當加密市場暴漲或新科技出現,詐騙者總是能迅速把握機會——而其利用的核心技倆往往和傳統詐騙一樣老:貪婪、恐懼、緊迫感、信任與無知。今年的經驗顯示,即使是知識豐富的投資人,也可能一時被精心製作的假影片或十分個人的社交工程陷阱欺騙。代價不只是金錢(雖然金額驚人,動輒好幾十億被盜),還有名譽和精神層面的損失,侵蝕了整個加密生態系的信任,也毀掉了許多受害者的人生。
However, 2025 has also been a year of growing resilience and awareness. Industry leaders like Brad Garlinghouse publicly sounding the alarm, researchers mapping scam networks, governments coordinating crackdowns, and grassroots efforts educating newcomers – all these are crucial countermeasures. The crypto community is increasingly treating scams not as isolated mishaps but as a collective threat that requires an “all hands on deck” response. Every user has a role to play, whether it’s reporting a suspicious account, warning a friend, or simply practicing good security hygiene so as not to become the next link in a scammer’s chain.
然而,2025 年也是韌性和意識逐漸提高的一年。像 Brad Garlinghouse 這樣的業界領袖公開提出警訊,研究人員繪製詐騙網路圖,政府協調打擊行動,基層志工協助新手教育——這些都是不可或缺的反制力量。加密社群越來越把詐騙視為集體威脅,而非孤立事件,需要「全體總動員」的應對。每個用戶都可以發揮作用,不論是通報可疑帳號、提醒親友,或單純落實資訊安全好習慣,以免成為詐騙鏈條中的下一環。
For readers of this report – largely crypto-savvy individuals – the takeaway is to stay informed and remain vigilant. The specific scam names or tactics may change with the seasons, but if you internalize the red flags and principles discussed here, you can apply them no matter what new twist emerges. Always verify identities and offers through secondary channels. Be extremely skeptical of anything that promises a guaranteed profit or asks for secrecy. Use the security tools at your disposal: hardware wallets, two-factor authentication, blockchain scanners, reputable sources for information. When in doubt, pause. Scammers often win when they rush you; taking a moment to double-check can be the difference between safety and disaster.
對本報告的大多數讀者——也就是有加密經驗的人來說,重點是保持資訊靈通與高度警覺。詐騙的名稱與手法也許隨季節更替,但只要你內化這裡討論的警訊和原則,面對任何新花招都能適用。永遠透過次要管道去驗證身份與各種提議。對任何保證獲利或要求保密的承諾都要極度懷疑。善用現有的安全工具:硬體錢包、雙重認證、區塊瀏覽器、可靠資訊來源。遇到疑問時,先停下來,三思而後行。詐騙者常利用「催促」取勝,多花幾秒確認,可能就是安全與災難的分水嶺。
It’s also important to acknowledge that while technology can improve security, there is no magic solution that will eliminate scams overnight. Much like antivirus software must constantly update for new viruses, our anti-scam strategies must evolve. AI may help catch deepfakes, but AI can also make better deepfakes. Regulations can deter some Ponzi operators, but others will move to more permissive locales. This dynamic means the crypto community must cultivate a culture of continuous education and healthy skepticism. An investor who avoided phishing five years ago by not clicking strange emails might now need to learn how to scrutinize a smart contract before approving a transaction. We’re all learning as we go.
同時我們也要認清,科技確實能提升安全性,但沒有什麼神奇解方能一夕消滅所有詐騙。就像防毒軟體必須持續更新以應對新病毒一樣,我們的防詐策略也要不斷進化。AI 也許有助於偵測深偽,但同時能製作更高明的深偽。監管法規能嚇阻部分龐氏詐騙者,卻也會驅使他們移往更寬鬆的地帶。這種動態意味著加密社群必須培養持續學習與健康懷疑的文化。五年前避免釣魚郵件的投資人,現在可能得學會審查合約後再授權交易。大家都在邊做邊學。
Lastly, if you have been a victim of a crypto scam, know that you’re not alone and that it’s not the end of the road. Report it to relevant authorities (many countries have fraud reporting portals and crypto crime units). Sometimes funds can be traced or even recovered, especially if law enforcement steps in early. At the very least, your report can help prevent others from falling into the same trap and contributes to the fight against the scammers. The ethos of crypto often emphasizes personal responsibility – which is empowering – but it doesn’t mean you can’t seek help or that falling for a scam is a personal failing. These criminals are professionals at deception, and anyone can have a vulnerable moment.
最後,如果你是加密詐騙的受害者,請知道你絕不是孤單一人,也不是人生的終點。向相關單位報案(許多國家設有詐騙通報平台和加密犯罪小組)。有時資金還有機會追蹤甚至追回,特別是當警方介入較早時。至少,你的通報能防止他人再中同一招,並促進打擊詐騙的行動。加密文化常強調個人責任——這的確能賦予人們力量——但並不表示你不能尋求協助,或是中招就是個人失敗。這些罪犯是專業的騙術高手,沒有人時時都不會有脆弱的時刻。
In summary, the landscape of crypto scams in 2025 is challenging, but not insurmountable. Armed with knowledge, a bit of caution, and the support of the community, crypto enthusiasts can continue to explore the opportunities of this technology while sidestepping the pitfalls laid by bad actors. As Garlinghouse aptly put it, “We will keep reporting these – please do the same… If it sounds too good to be true, it probably is.” That time-tested wisdom, combined with the insights detailed throughout this article, will hopefully keep you safe in the thrilling and sometimes treacherous world of crypto. Stay safe, stay skeptical, and happy hodling.
總結來說,2025 年的加密詐騙環境充滿挑戰,但並非不可克服。帶著知識、一點謹慎,和社群的支持,加密愛好者仍能探索這項技術的機遇,並避開壞份子的陷阱。正如 Garlinghouse 精闢地說:「我們會持續通報這些事件——也請你這麼做……如果一件事聽起來好得不真實,那很可能就是真的不真實。」這句歷久彌新的忠告,加上本文的各項洞見,將有助於你在既刺激又暗藏風險的加密世界中趨吉避凶。保持警覺、保有懷疑、快樂 HODL 吧。