Digital assets are rapidly transforming the global financial ecosystem, offering new models for payments, investment, and value exchange. But alongside this innovation comes a familiar set of risks. Unfortunately, the same fraud tactics that have long targeted traditional finance — like phishing, Ponzi schemes, and impersonation — are increasingly plaguing web3 and the cryptocurrency ecosystem, as well.
Among the most damaging fraud types is authorized push payment (APP) fraud, where victims are tricked into willingly transferring funds to fraudsters. Currently, APP scams are the top threat targeting financial institutions, impacting reimbursements, operational costs, and more.
As we recently revealed in our 2025 Crypto Crime Report, nearly $10 billion worth of crypto was lost in 2024 due to various APP scams, although we estimate this number is likely closer to $12.4 billion, which would be a slight increase from amounts stolen in 2023.
With crypto’s decentralized nature, transactions are fast, irreversible, and often pseudonymous — creating an ideal playground for APP fraud. Scammers exploit these features to impersonate trusted entities, fabricate investment opportunities, or create urgency that pressures victims into acting before they can verify a counterparty’s legitimacy. As crypto adoption grows, understanding how APP fraud works is key to staying protected.
Fortunately, with new tools such as Chainalysis Alterya enabling real-time fraud detection, public and private sectors are beginning to close the gap in the fight against APP fraud — shifting from reactive responses to proactive prevention.
Below, we’ll explore the following topics and more:
- What is authorized push payment fraud?
- Types of APP fraud
- Why APP fraudsters target crypto users
- Protecting against APP fraud in crypto
- Regulation and fraud prevention
What is authorized push payment (APP) fraud?
Authorized push payment (APP) fraud occurs when a scammer manipulates a victim into willingly sending money under false pretenses. This fraud type differs from unauthorized fraud — such as credit card fraud or account takeovers — where criminals make transactions without the victim’s consent. Banks and payment service providers often refund unauthorized fraud victims, but victims of APP fraud unfortunately have fewer protections, especially in crypto.
Types of APP fraud
Scammers use a wide variety of tactics to manipulate victims into authorizing crypto transactions. While some may categorize hacking under the umbrella of APP fraud, we focus specifically on scams for this blog. Here are some of the most common scams:
- Investment scams: Fraudsters promise outsized investment returns to lure victims into transferring crypto to fake platforms or projects.
- Pig butchering: Scammers emotionally groom victims over the long-term, often through dating apps or social media, before persuading them to “invest” in fake crypto opportunities.
- Rug pulls: Fraudsters launch a project, collect a target’s funds, then abandon the project and disappear with the money. This type of scam often occurs in decentralized finance (DeFi) and non-fungible token (NFT) markets.
- Livestream scams: Scammers use hacked YouTube or social media accounts to broadcast fake giveaways or impersonate well-known industry figures, urging viewers to send crypto in exchange for “rewards.”
- Imposter scams: Fraudsters pose as customer support, government agencies, or well-known figures to trick victims into sending crypto.
- Address poisoning: Attackers send small transactions from wallet addresses that look similar to those in a user’s contact list, hoping victims will mistakenly copy and send funds to the wrong (malicious) address.
- Employment scams: Scammers advertise fake jobs — often in crypto-related fields — and trick victims into sending “startup fees” or other fees as part of the onboarding process.
- Fake airdrops and giveaways: Scammers trick victims into sending crypto in exchange for promised rewards that never materialize.
- Business email compromise (BEC) scams: Attackers hack or spoof company emails to deceive employees into transferring crypto payments to fraudulent accounts.
As we see below, the majority of funds lost under the umbrella of APP fraud in 2024 occurred due to high yield investment/trading scams (55.4%). Pig butchering (36.7%) was also common.
Why APP fraudsters target crypto users
Fraudsters specifically target crypto transactions for several reasons:
- Irreversibility: Once a transaction is sent on the blockchain, it cannot be reversed or charged back like a credit card transaction.
- Perceived anonymity: While all transactions are publicly and immutably recorded, the lack of direct personal identifiers makes it easier for scammers to hide behind pseudonymous wallet addresses.
- Lack of consumer protection: Traditional banks may compensate victims of fraud, but most crypto platforms offer no such recourse.
- Regulatory gaps: Inconsistent global regulations allow scammers to exploit loopholes and weak law enforcement in certain jurisdictions. Additionally, many crypto platforms that scammers utilize are not regulated or registered, which complicates efforts to seek recourse.
- Ease of access: Setting up crypto wallets and moving funds is quick and simple, enabling fraudsters to create many accounts and transfer stolen assets with minimal friction.
Protecting against APP fraud in crypto
As with any value transfer, crypto users should always verify their counterparty — especially if a payment request comes through social media, email, or messaging applications. It is also important to be very suspicious of anyone promising guaranteed returns or using urgency to pressure potential victims, two common red flags for fraud. Additionally, users should use wallets with multi-signature or added authorization steps, and avoid connecting to unknown sites or approving unusual transactions. In general, a healthy level of skepticism and verification can be instrumental in preventing costly mistakes.
Exchanges and crypto companies can deploy fraud detection tools to monitor suspicious behavior in real time, identify risky wallet activity, and uncover patterns linked to known scams. For instance, Chainalysis Alterya is an AI-powered fraud detection solution that identifies scammers before they meet their victims, and can be used to help combat APP fraud. Chainalysis Alterya’s data-driven approach, which includes on-chain machine learning (ML) models and deterministic data (e.g., attribution to scams), enables it to accurately assess the risk of recipient addresses. This process allows customers to make informed decisions about transactions, reducing the likelihood of falling victim to scams.
Regulation and fraud prevention
Governments worldwide are responding to the threat of APP fraud with a range of measures aimed at preventing and disrupting fraud in flight, from public education campaigns to enhanced information sharing. In many countries, there is also a growing emphasis on the scam prevention responsibilities of regulated firms, with businesses on the hook to share in victim losses where those responsibilities are not met. For example, in late 2024, the UK became one of the first countries to determine how compensation should be awarded to victims of APP fraud and scams, requiring mandatory reimbursement to victims from financial institutions (FIs) sending and receiving payments on traditional payment rails (FPS and CHAPs), subject to certain conditions being met.
Since then, we have also seen other countries, such as Australia in early 2025, introduce frameworks to tackle various types of APP fraud, obligating FIs, digital platforms, and telecommunications providers to prevent, detect, disrupt, and report scams, or face harsh penalties for failing to protect customers. These efforts suggest that thinking around who bears the liabilities and costs for APP fraud are shifting. In the future, such frameworks will likely also include crypto assets, as their use for payments continues to grow and fiat on-ramps into crypto already operate under these rules.
At the same time, public-private partnerships continue to play a critical role in combating APP fraud. Regulators are now working more closely with blockchain analytics providers to gain better visibility into on-chain activity and detect fraudulent behavior early. Fortunately for both private firms and public agencies, there no longer has to be a technological gap. Solutions like Chainalysis Alterya make it possible to identify fraud risks — in real time — and intervene before transactions are finalized. By adopting these tools, the crypto industry can move from reactive loss recovery to proactive fraud prevention, fundamentally shifting the fight against APP fraud.
Book a demo of Chainalysis Alterya’s fraud detection solution here.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.
