The crypto world is changing: new rules, new threats, new solutions

The world of crypto assets has evolved at a staggering pace over the past decade. From Bitcoin to decentralised finance (DeFi), and non-fungible tokens (NFTs), blockchain technology has redefined the very concept of digital value. However, this wave of innovation has brought with it a darker side: fraud.

I

n 2024, cryptocurrency-related crimes reached record levels, prompting a surge in new regulations and security-focused technologies. Yet, these efforts to create a safer crypto environment must not come at the expense of the freedoms that define it. For that reason, it’s vital to understand these changes—and to keep a close eye on how they unfold. 

Crypto fraud in 2024: alarming figures and current trends 

Losses due to illicit activity in the crypto ecosystem reached $24.2 billion in 2024, a 72% increase compared to 2023 (Chainalysis Crypto Crime Report 2025, Europol IOCTA 2024). This surge is attributed to the rising market value, the growing sophistication of cybercriminals and, according to some observers, a lack of effective regulation. 

Among the trends gaining ground, we can observe: 

• A growing number of scams targeting retail investors, especially through social media. 

• An increase in social engineering attacks and fake investment platforms. 

• The consolidation of transnational fraud networks using cryptocurrencies as a money laundering tool. 

Most common types of crypto fraud 

• Ponzi and pyramid schemes are classic scams adapted to the crypto environment. They promise high, consistent returns to early investors, which are in fact paid using funds from new participants. There is no genuine investment generating real profits; the system collapses when the influx of new victims slows. In the crypto space, these schemes often appear as opportunities to invest in tokens or DeFi platforms claiming to use automated high-yield strategies. 

• Rug pulls occur when developers of a DeFi or NFT project abandon it suddenly after raising funds from investors. These platforms typically present themselves as legitimate, offering convincing documentation, polished designs and appealing promises. However, they often include malicious code that allows the developers to drain liquidity and vanish without a trace. 

• Phishing and fake applications are also widespread. In the crypto world, phishing involves fraudulent emails, messages or websites impersonating trusted services—such as wallets, exchanges, or DeFi platforms—to trick users into disclosing private keys, seed phrases or login credentials. Fake apps on mobile stores, once installed, capture sensitive data and allow attackers to steal funds directly from users’ wallets. 

• Pump and dump is a market manipulation tactic in which a group artificially inflates the price of a low-cap token through coordinated buying (“pump”), then sells off their holdings at the peak (“dump”), causing the price to crash. Retail investors who entered late are left with significant losses. These schemes often unfold in private groups on Telegram, Discord or other online forums. 

• Ghost exchanges are fraudulent platforms that simulate the appearance of legitimate crypto exchanges. They attract users with low fees, deposit bonuses or exclusive tokens. Once funds are deposited, the exchange either blocks withdrawals or disappears entirely. In some cases, the platform operates normally for a while to gain users’ trust before executing the scam. 

• SIM swapping occurs when an attacker takes control of the victim’s phone number by requesting a duplicate SIM card from the mobile provider. This allows them to intercept two-factor authentication (2FA) codes and access banking accounts or wallets. On the other hand, financial malware—such as trojans or keyloggers—is installed on devices through infected files or compromised websites, recording keystrokes or directly stealing stored credentials. 

The MiCA regulation: a European framework to bring order to the chaos 

The MiCA regulation (Markets in Crypto-Assets Regulation) aims to bring structure, standardisation and oversight to the crypto-asset market. More than just another piece of legislation, MiCA represents the first comprehensive global attempt to establish a unified legal framework for token issuers and crypto service providers, such as exchanges and custodians. 

By setting out requirements around transparency, governance, minimum capital reserves, consumer protection and specific rules for stablecoins, MiCA seeks to close the legal loopholes that have allowed fraudulent projects to flourish. It also mandates the implementation of compliance controls such as KYC and AML, effectively bridging traditional financial regulation and blockchain-based innovation. 

Key aspects of MiCA: 

• Mandatory licensing for issuers and crypto service providers in the EU. 

• Strict rules for transparency of whitepapers, reserves, and governance. 

• Minimum capital and insurance requirements for crypto-asset custodians. 

• Control over stablecoins (assets-backed tokens), including issuance limits. 

• Enforcement of KYC and AML regulations on exchanges and wallets. 

Tools to prevent crypto fraud: KYC, AML, RegTech and more 

In response to the rapid increase in crypto-related fraud, financial institutions, regulators, and companies across the sector are working to build a more robust system for prevention and detection. This involves adopting tools that combine technology, regulatory compliance, and data analysis—essential elements for ensuring the security of the blockchain ecosystem. 

One of the most widely adopted tools is the KYC (Know Your Customer) system. This process requires crypto service providers to verify their users’ identities before granting access to their platforms. It may involve collecting personal data such as names, identification documents, proof of residence, and, in some cases, biometric verification. Although initially criticised for compromising anonymity, KYC has proven effective in combating crimes such as money laundering, terrorist financing, and identity theft. Its implementation, now required under EU regulations like MiCA, has become almost indispensable for exchanges and custodians wishing to operate with legal guarantees. 

Complementing KYC is the AML (Anti-Money Laundering) framework—a set of procedures aimed at identifying, reporting, and blocking suspicious activities linked to money laundering. Unlike KYC, which applies at the point of user onboarding, AML involves continuous monitoring of transactions to detect unusual patterns. Technologies are used to assess the risk level of a transaction based on factors such as amount, frequency, destination addresses, and links to previously flagged wallets. 

Contact a TrustCloud expert and design the best KYC/AML strategy for your company 

Beyond these standard measures, innovation has led to the emergence of RegTech (Regulatory Technology) solutions. These tools, powered by artificial intelligence, machine learning and automation, aim to make regulatory compliance scalable and efficient. In the crypto context, RegTech can, for instance, automate the reporting of suspicious transactions to authorities, trigger real-time alerts when user behaviour deviates from the norm, and dynamically adjust monitoring levels based on risk profiles. These technologies not only ease the administrative burden on platforms but also dramatically improve the speed and accuracy of fraud detection. 

Another critical component in the fight against fraud is the use of on-chain analysis tools, which enable direct examination of blockchain activity. Unlike traditional financial systems—where transactions are often siloed across private infrastructures—blockchain data is publicly accessible. This offers unprecedented opportunities for auditing, tracking stolen funds, and identifying malicious patterns. On-chain analytics can link related addresses, trace stolen tokens through mixers or cross-chain bridges, and flag high-risk wallets linked to known scams. 

Alongside these technical tools, decentralised digital identity solutions are also emerging, such as self-sovereign identity (SSI). These allow users to verify their identity without fully surrendering their personal data. SSI presents a promising alternative to traditional verification models, striking a balance between privacy and security. 

Together, these tools do not operate in isolation. Rather, they form part of an integrated security ecosystem. Their coordinated implementation—alongside regulatory frameworks like MiCA and international cooperation—currently represents the most effective strategy for significantly reducing the impact of fraud in the crypto space. 

The debate: should identity be required in a system designed to be anonymous? 

One of the central dilemmas in the crypto space lies in the clash between privacy and security. The enforcement of measures long-established in traditional finance—such as KYC and AML analysis—is seen by some as a direct attack on the founding ethos of Bitcoin: decentralisation and pseudonymity. 

Opinions on identity verification in the crypto ecosystem are clearly divided. On one hand, proponents argue that it is essential to combat financial crimes such as money laundering and fraud, while also reinforcing institutional trust and enabling formal investment to enter the sector. They also maintain that having verified users can accelerate fund recovery processes in the event of theft and facilitate more effective cooperation with the authorities. 

On the other hand, critics of mandatory verification point to the risk of exposing sensitive personal data—particularly in an era where information breaches are increasingly common. They also warn that such requirements could exclude millions of individuals in regions where reliable digital identity infrastructure is lacking or inaccessible. Finally, they argue that imposing centralised verification contradicts the decentralised nature of crypto, returning power to intermediaries that many users aimed to escape in the first place. 

The ideal balance may lie in the development of solutions such as self-sovereign identity (SSI), which allow users to verify specific information without handing full control over to a third party. 

SSIs are digital identity systems based on blockchain technology that allow individuals to be the sole owners and controllers of their personal information. Instead of submitting data to a central authority—as is the case in traditional KYC systems—users store their information in a secure wallet and decide when and with whom to share it. For example, a crypto exchange may need proof that a user is over 18 or resides in a particular jurisdiction, and the user can provide this information in a verified manner without revealing their full name, address or other sensitive details. 

These verifiable credentials are stored in wallets compatible with decentralised identity standards. Some of these wallets are already integrating directly with decentralised finance (DeFi) protocols, allowing users to interact with regulated platforms without exposing more personal information than necessary. 

From a technical perspective, SSIs work by issuing credentials from trusted entities—such as governments, banks or universities—which can then be cryptographically verified. This enables users to prove attributes about themselves without relying constantly on a centralised authority. Furthermore, as these identities are integrated within crypto wallets, they can coexist alongside private keys, tokens, and other digital assets, enhancing interoperability across the ecosystem. 

The momentum behind SSIs reflects a broader need to comply with regulations like MiCA while preserving the values of sovereignty, privacy and decentralisation. Their adoption could address one of today’s greatest challenges: how to verify users in a global and pseudonymous environment without compromising privacy, security or scalability. 

In conclusion, the future of identity in the crypto world is unlikely to be defined by a binary choice between total anonymity and full control. Instead, the path forward seems to lie in hybrid solutions—where technology enables verification without exposure, compliance without surveillance, and trust without intermediaries. Today, SSIs offer one of the most promising avenues toward that goal. 

Request a demo of TrustCloud Wallet, our project based on self-sovereign identity