The week crypto got serious: $513m in funding, $282m in theft, and the scam ecosystem that won’t quit
Crypto had one of those weeks that makes even seasoned traders blink. On the one hand, big cheques chased boring plumbing. On the other, a single victim watched $282m vanish through a method that had nothing to do with code. Meanwhile, the fraud industry kept scaling like it had a sales team and a product roadmap.
The headline number on funding was $513.4m across 15 projects. However, the meaning sat inside two $150m raises that looked more like financial infrastructure than venture froth.
The money flowing in: rails over romance
Alpaca, the Silicon Valley brokerage infrastructure firm, raised $150m in a Series D led by Drive Capital. The round valued the company at $1.15bn. Meanwhile, it also added a $40m credit facility, which is the sort of balance sheet commitment that tends to arrive only when lenders believe the pipes will keep earning fees.
Alpaca’s cap table also read like a quiet vote of confidence from market structure insiders. Citadel Securities sat alongside crypto and bank-linked backers such as Kraken and BNP Paribas’ venture arm. Therefore, the signal was less about tokens and more about distribution, custody, order routing and the dull stuff that survives cycles.
LMAX Group also raised $150m, but the source mattered: Ripple. The funding tied into a deeper partnership that threaded Ripple’s USD stablecoin, RLUSD, into LMAX’s institutional trading stack. As a result, banks, brokers and hedge funds could push towards 24/7 settlement across spot crypto, perpetual futures and CFDs inside one venue’s plumbing.
Elsewhere, the supporting cast reinforced the same theme. ICEx, an Indonesian exchange, raised $70m. Project Eleven, focused on Bitcoin infrastructure and security, closed a Series A at a $120m valuation. VelaFi raised $20m for stablecoin payments. Investors, in other words, kept buying shovels.
The money flowing out: the new heist starts with a phone call
Then came the theft. On 10 January, one victim lost $282m in Bitcoin and Litecoin in a hardware wallet social engineering attack. It did not hinge on a broken private key algorithm. Instead, it hinged on persuasion, urgency and the victim’s belief that they were protecting themselves.
After the compromise, the thief moved fast and pragmatically. The attacker swapped into Monero, the privacy coin that turns many tracing efforts into guesswork. Meanwhile, Bitcoin moved across multiple chains via Thorchain’s cross-chain routing, which helped blur origins and destinations. Therefore, the playbook looked clear: manipulate first, then obfuscate.
That one whale loss also sat inside a larger pattern. Chainalysis logged $17bn stolen across scams and fraud in 2025, a record year driven by impersonation and AI-assisted social engineering. The crime story now reads less like lone hackers and more like service businesses with funnels.
Consider the Brooklyn case from December 2025. Prosecutors indicted Ronald Spektor, 23, for allegedly running a $16m Coinbase impersonation scheme. The alleged tactic was simple, and therefore effective: steal customer data through bribery, call victims as “support”, then steer them to “secure” wallets controlled by criminals.
How the scams scale: DeFi for laundering, SaaS for phishing
Chainalysis also drew a useful map of money movement. Impersonation scams, it found, now lean on DeFi protocols for laundering. However, other fraud types still tend to cash out through centralised exchanges. That split matters for traders because it hints at where enforcement pressure will land next.
One example was Lighthouse, which sold phishing kits like a software vendor. Prices ranged from $50 for full-feature development, to $30 for proxy development, to $20 for updates. Over three years it collected $1.5m in crypto deposits from more than 7,000 buyers, many linked to Chinese criminal underground networks. It was, essentially, subscriptions for theft.
Yet the most striking proof that the ledger cuts both ways came from the UK. In November, Metropolitan Police recovered 61,000 Bitcoin, roughly £5bn, linked to Zhimin Qian, who ran a multibillion-pound investment fraud that victimised 128,000 people between 2014 and 2017. She received an 11-year, eight-month sentence, and an accomplice got five years. Blockchain transparency, often blamed for enabling crime, also helped investigators walk the money to real-world assets.
The structural problem: crypto ATMs as the fraud onramp
Another uncomfortable detail kept resurfacing. Crypto ATMs have become a favoured onramp for elder fraud. Scammers persuade older victims there is a “security issue”, then instruct them to withdraw cash and feed it into a local kiosk. From there, funds can jump rapidly through Chinese money laundering networks and informal banking channels. Meanwhile, pig-butchering operations spanning south-east Asia keep refining the same pipeline.
US authorities have started leaning on domain forfeitures, including a case involving tickmilleas[dot]com registered in November 2025. The site impersonated a financial firm and pushed mainly US victims into BTC, ETH, USDT and USDC wallets. Investigators tied activity to a scam compound on the Myanmar Thailand border, with ground protection linked to the DKBA, an armed group sanctioned by OFAC. The geography matters because regulation stops at borders, while scams do not.
By the numbers
- $513.4m raised across 15 crypto projects last week
- $150m Series D for Alpaca at a $1.15bn valuation
- $150m into LMAX Group from Ripple, tied to RLUSD integration
- $282m stolen on 10 January via hardware wallet social engineering
- 61,000 BTC recovered by UK police, about £5bn
Key takeaways
- Infrastructure deals are crowding out token narratives, so watch brokers, venues and settlement rails.
- Stablecoin integration is becoming a competitive feature for institutional venues, not a marketing slogan.
- Security risk is shifting towards human failure, so wallet tech alone will not cap losses.
- DeFi remains a laundering route for impersonation scams, which raises future enforcement and protocol risk.
- Crypto ATM exposure is both a political target and a regulatory tripwire for the industry.
What stood out, finally, was the symmetry. The legitimate side is building institutional-grade plumbing that can handle relentless flow. Meanwhile, criminals are building their own supply chain, with kits, scripts and safe havens. Therefore, the trade is not “crypto wins” or “crypto dies”. The trade is which rails survive enforcement, reputational shocks and the next wave of victims.
