Crypto funding scam is a core topic for traders in 2026. The complete guide follows.
The week crypto got serious: $513m in funding, $282m in theft, and the scam ecosystem that won’t quit
\n\n
Crypto had one of those weeks that makes even seasoned traders blink. On the one hand, big cheques chased boring plumbing. On the other, a single victim watched $282m vanish through a method that had nothing to do with code. Meanwhile, the fraud industry kept scaling like it had a sales team and a product roadmap.
\n\n
The headline number on funding was $513.4m across 15 projects. However, the meaning sat inside two $150m raises that looked more like financial infrastructure than venture froth.
\n\n
The money flowing in: rails over romance
\n\n
Alpaca, the Silicon Valley brokerage infrastructure firm, raised $150m in a Series D led by Drive Capital. The round valued the company at $1.15bn. Meanwhile, it also added a $40m credit facility, which is the sort of balance sheet commitment that tends to arrive only when lenders believe the pipes will keep earning fees.
\n\n
Alpaca’s cap table also read like a quiet vote of confidence from market structure insiders. Citadel Securities sat alongside crypto and bank-linked backers such as Kraken and BNP Paribas’ venture arm. Therefore, the signal was less about tokens and more about distribution, custody, order routing and the dull stuff that survives cycles.
\n\n
LMAX Group also raised $150m, but the source mattered: Ripple. The funding tied into a deeper partnership that threaded Ripple’s USD stablecoin, RLUSD, into LMAX’s institutional trading stack. As a result, banks, brokers and hedge funds could push towards 24/7 settlement across spot crypto, perpetual futures and CFDs inside one venue’s plumbing.
\n\n
Elsewhere, the supporting cast reinforced the same theme. ICEx, an Indonesian exchange, raised $70m. Project Eleven, focused on Bitcoin infrastructure and security, closed a Series A at a $120m valuation. VelaFi raised $20m for stablecoin payments. Investors, in other words, kept buying shovels.
\n\n
The money flowing out: the new heist starts with a phone call
\n\n
Then came the theft. On 10 January, one victim lost $282m in Bitcoin and Litecoin in a hardware wallet social engineering attack. It did not hinge on a broken private key algorithm. Instead, it hinged on persuasion, urgency and the victim’s belief that they were protecting themselves.
\n\n
After the compromise, the thief moved fast and pragmatically. The attacker swapped into Monero, the privacy coin that turns many tracing efforts into guesswork. Meanwhile, Bitcoin moved across multiple chains via Thorchain’s cross-chain routing, which helped blur origins and destinations. Therefore, the playbook looked clear: manipulate first, then obfuscate.
\n\n
That one whale loss also sat inside a larger pattern. Chainalysis logged $17bn stolen across scams and fraud, a record year driven by impersonation and AI-assisted social engineering. The crime story now reads less like lone hackers and more like service businesses with funnels.
\n\n
Consider the Brooklyn case from recent months. Prosecutors indicted Ronald Spektor, 23, for allegedly running a $16m Coinbase impersonation scheme. The alleged tactic was simple, and therefore effective: steal customer data through bribery, call victims as “support”, then steer them to “secure” wallets controlled by criminals.
\n\n
How the scams scale: DeFi for laundering, SaaS for phishing
\n\n
Chainalysis also drew a useful map of money movement. Impersonation scams, it found, now lean on DeFi protocols for laundering. However, other fraud types still tend to cash out through centralised exchanges. That split matters for traders because it hints at where enforcement pressure will land next.
\n\n
One example was Lighthouse, which sold phishing kits like a software vendor. Prices ranged from $50 for full-feature development, to $30 for proxy development, to $20 for updates. Over three years it collected $1.5m in crypto deposits from more than 7,000 buyers, many linked to Chinese criminal underground networks. It was, essentially, subscriptions for theft.
\n\n
Yet the most striking proof that the ledger cuts both ways came from the UK. In November, Metropolitan Police recovered 61,000 Bitcoin, roughly £5bn, linked to Zhimin Qian, who ran a multibillion-pound investment fraud that victimised 128,000 people between 2014 and 2017. She received an 11-year, eight-month sentence, and an accomplice got five years. Blockchain transparency, often blamed for enabling crime, also helped investigators walk the money to real-world assets.
\n\n
The structural problem: crypto ATMs as the fraud onramp
\n\n
Another uncomfortable detail kept resurfacing. Crypto ATMs have become a favoured onramp for elder fraud. Scammers persuade older victims there is a “security issue”, then instruct them to withdraw cash and feed it into a local kiosk. From there, funds can jump rapidly through Chinese money laundering networks and informal banking channels. Meanwhile, pig-butchering operations spanning south-east Asia keep refining the same pipeline.
\n\n
US authorities have started leaning on domain forfeitures, including a case involving tickmilleas[dot]com registered in recent months. The site impersonated a financial firm and pushed mainly US victims into BTC, ETH, USDT and USDC wallets. Investigators tied activity to a scam compound on the Myanmar Thailand border, with ground protection linked to the DKBA, an armed group sanctioned by OFAC. The geography matters because regulation stops at borders, while scams do not.
\n\n
By the numbers
\n
- \n
- $513.4m raised across 15 crypto projects last week
- $150m Series D for Alpaca at a $1.15bn valuation
- $150m into LMAX Group from Ripple, tied to RLUSD integration
- $282m stolen on 10 January via hardware wallet social engineering
- 61,000 BTC recovered by UK police, about £5bn
\n
\n
\n
\n
\n
\n\n
Key takeaways
\n
- \n
- Infrastructure deals are crowding out token narratives, so watch brokers, venues and settlement rails.
- Stablecoin integration is becoming a competitive feature for institutional venues, not a marketing slogan.
- Security risk is shifting towards human failure, so wallet tech alone will not cap losses.
- DeFi remains a laundering route for impersonation scams, which raises future enforcement and protocol risk.
- Crypto ATM exposure is both a political target and a regulatory tripwire for the industry.
\n
\n
\n
\n
\n
\n\n
What stood out, finally, was the symmetry. The legitimate side is building institutional-grade plumbing that can handle relentless flow. Meanwhile, criminals are building their own supply chain, with kits, scripts and safe havens. Therefore, the trade is not “crypto wins” or “crypto dies”. The trade is which rails survive enforcement, reputational shocks and the next wave of victims.
For more on this topic see our deep-dives on Singapore Gulf Bank x Fireblocks: Secure DeFi Banking and Payments, Dogecoin ETF: How It Works and What It Means for Crypto, and Crypto Market Watch: Bithumb Penalties, Bitcoin ETFs and Solana Flows.
What our analysts watch: Three signals shape our read on this funding cycle. Stage and category mix tells us where capital is moving: late-stage payments and infrastructure rounds signal institutional conviction, while seed-heavy memecoin rounds signal froth. Recovery rates on hacked or stolen funds reveal how effective on-chain forensics and law-enforcement coordination have become; rising recovery percentages thin the long-tail risk premium. Sanctions actions and exchange compliance data show which venues are tightening, because that determines where future flows will and will not transit. When funding stage matures, recoveries land, and compliance tightens together, the asset class is structurally healthier than headline volatility suggests.
Frequently asked questions
How are crypto scam funds actually recovered?
Recovery typically combines three workstreams. First, blockchain forensics firms trace stolen funds across mixers, bridges, and exchanges to identify off-ramps. Second, law-enforcement coordination obtains freezing orders against compliant exchanges that hold the assets. Third, civil and criminal court action enforces those orders across jurisdictions. The FATF Travel Rule guidance is the framework that pushes the most compliant exchanges toward sharing the data forensic firms need.
What does rising crypto venture funding signal?
Rising VC and growth-stage funding is a leading indicator of institutional confidence, but only when the stage and sector mix is healthy. Heavy late-stage rounds in regulated infrastructure (custody, brokerage, settlement) signal durable adoption. Concentrated seed rounds in narrative-driven memecoins signal froth. The composition is more diagnostic than the headline number. CoinDesk publishes the canonical crypto funding tracker used by most desks.
Are recovered funds always returned to victims?
Not automatically. Recovered assets often sit under court receivership while distribution claims are processed, which can take quarters or years. Victims must usually file formal claims, prove ownership, and accept the prevailing exchange-rate assumption set by the receiver. The Mt. Gox creditor process is the canonical example. The U.S. SEC publishes investor alerts and Fair Funds distribution updates for cases under its jurisdiction.
How can retail investors avoid being the next recovery case?
The hierarchy is consistent: regulated venues, hardware wallets for long-term holdings, multi-factor authentication on all accounts, withdrawal whitelists, and skepticism toward any unsolicited investment offer. Avoid concentration in any single offshore exchange, especially those with active solvency or compliance disputes. The Bank for International Settlements publishes research on retail crypto risk that is worth reading before any first allocation.
