Scams

During the holiday period, scammers intensify phishing, fake wallet apps, bogus presales and romance schemes to exploit distracted crypto users and the irreversibility of blockchain transfers. They also run impersonation, recovery and holiday-themed token scams, sometimes aided by AI voice cloning and malicious SDKs that steal wallet phrases. Users can reduce risk by relying on official apps and links, protecting keys, using strong security tools and carefully verifying offers, charities and giveaways.

On December 15, 2025, Bitcoin Bancorp announced plans to deploy up to 200 licensed Bitcoin ATMs across Texas beginning in Q1 2026. The OTC-traded operator (BCBC) cited Texas' clear rules and strong demand, and its shares rose 7.83% on the day and 29.53% over five days.

On December 15, 2025, ZachXBT stated that Ronald Spektor was arrested in New York for allegedly running a Coinbase support impersonation scam. His November 2024 investigation linked Spektor to a $6.5 million theft targeting a single victim in October 2024. It remains unclear whether any funds have been recovered.

Bitcoin adviser and author Terence Michael cautioned the community after a client who had saved for years lost 1 BTC to a romance-style pig-butchering scam. In a post on X, he described how social engineering prevailed despite multi-signature safeguards and advisory interventions. The case underscores limits of custody tools when victims authorize transfers.

Security researchers report a surge in social‑engineering scams using fake Zoom or Teams meetings to install malware that siphons data and drains crypto wallets. Attackers impersonate known contacts via Telegram, use pre‑recorded video, and push a bogus audio or SDK patch during calls. Losses have topped $300m, with attempts observed on a daily basis across the sector.

Terraform Labs co-founder Do Kwon received a 15-year sentence from a Manhattan federal court for the $40 billion TerraUSD collapse. Prosecutors in South Korea are preparing a separate case under capital markets laws and are seeking a term exceeding 30 years, with about 200,000 local investors reporting losses of roughly 300 billion won ($204 million). He could request transfer to Korea after serving half his US term.

React Server Components’ CVE-2025-55182, rated CVSS 10.0, is being actively exploited to drain crypto wallets across frameworks like Next.js. Attacks surged following the Dec. 3 disclosure; patches shipped in React 19.0.1, 19.1.2, and 19.2.1, with Next.js updates across 14.2.35–16.0.10. Sites should upgrade, deploy WAF rules, and review front-end code for malicious assets.

China’s Justice Network has issued a proposal to guide courts in handling criminal cases involving virtual currency, detailing standards for asset disposal and victim protection. The plan introduces third‑party auction assistants and dual technical standards for evidence and financial procedures, aiming to improve recovery and prevent seized assets from reentering markets.

Miami promoter Rodney Burton, known as "Bitcoin Rodney", faces 11 federal counts in a superseding indictment tied to the alleged $1.8 billion HyperFund scheme. The case is in the District of Maryland, the purported conduct ran June 2020 to May 2024, and a trial is currently scheduled for March 2026.

Ribbon Finance, formerly Aevo, saw $2.7 million drained from an old contract after an attacker manipulated oracle-linked expiry pricing, including a stETH call option expiring on December 12, 2025. The funds were routed through fifteen wallet addresses and partially consolidated, with movements spanning ETH, wstETH, USDC, and WBTC.