Chainalysis: AI drives impersonation scams up 1,400%

2025 was a profitable year for cybercriminals – with some of the most 'successful' being crypto scammers. 

Chainalysis' 2026 Crypto Crime Report by Chainalysis estimates that crypto fraudsters made a whopping US$17bn in 2025. 

With AI that can industrialise scam operations, impersonation scams saw 1,400% year-over-year growth. 

The report shows that such large-volume AI-backed scams squeezed out 4.5 times more money than traditional operations. 

Phishing as a service: The Chinese Darcula E-ZPass story

Finding government impersonations a lucrative route to exploit people's trust in official communication sources, fraudsters create malicious websites to scam people out of millions in scams.

E-ZPass is a key example.

This operation fired off fake payment messages embedded with phishing links, under the guise of the American E-ZPass electronic road toll collection system.

The Chinese speaking cybercriminal gang Darcula is attributed to this scam.

Also known as Smishing Triad, this infamous group seems to operate by leveraging software from a phishing-as-a service vendo. 

The Chinese language vendor that aided Smishing Triad, known as Lighthouse, also offered hundreds of templates for fake websites, domain setup tools and features designed to evade detection by law enforcement agencies. 

Smishing Triad then created fraudulent websites impersonating a range of official websites including that of the New York City Government and E-ZPass. 

Such infrastructure, the report says, could come as cheap as US$500, but creates huge impact as pointed out by the Google lawsuit which says that the E-ZPass scheme allegedly reached 330,000 texts in a single day.

Lighthouse operations and Google lawsuit 

Lighthouse – which served as a phishing-as-a-service platform offering various pricing tiers for their phishing kits – was snuffed out by Google’s threat intelligence teams who observed its operations impersonating legitimate websites. 

Google identified at least 107 fraudulent templates using its own branding that tricked victims into giving up credentials and financial information, which prompted the giant to file a civil lawsuit against them. 

Halimah DeLaine Prado, General Counsel at Google, says: “These crimes are inflicting immense financial harm globally.

“Lighthouse has harmed over 1 million victims across more than 120 countries, stealing somewhere between 12.7 million and 115 million credit cards in the US alone. This represents a five-fold increase in these types of attacks since 2020.

"Our legal action is designed to dismantle the core infrastructure of this operation.

“We are bringing claims under the Racketeer Influenced and Corrupt Organizations Act, the Lanham Act and the Computer Fraud and Abuse Act to shut it down, protecting users and other brands.

“Our lawsuit targets the malicious actors behind this service, aiming to dismantle its core infrastructure, which has defrauded and stolen from millions through fake package and toll texts. 

“But we’re not stopping there. In addition to taking legal action to combat one operation, we are also endorsing bipartisan legislation that can help empower law enforcement to fight scams like these more broadly. 

“By combining the full force of the law, technical innovation and public policy advocacy, we can help keep people safe online.”

Lighthouse is just one of the many vendors that aid active cybercriminals.

The Chainalysis report highlights disruption opportunities for such rampant criminal activity by analysing the footprints left on crypto chains, as most of these transactions occur via cryptocurrencies. 

As Google’s lawsuit demonstrates, proactive threat intelligence and legal action are critical tools in combating these increasingly sophisticated criminal operations.