How the crypto industry is coping with AB-threats

Financial crime has entered a new stage of its evolution, where neural networks and automated algorithms have become the main tools of criminals. According to an analysis by Binance Research, global illicit financial activity has increased by $1.3 trillion since 2023, reaching a shocking $4.4 trillion by 2025.

This growth is largely due to the fact that criminal networks have begun to actively use the capabilities of artificial intelligence to scale their fraudulent schemes. At the epicenter of this technological storm is the cryptocurrency industry, which has been forced to build unprecedented levels of protection to protect users and their capital.

The Automated Hacking Economy
Today, the balance of power on the cyberfront has temporarily shifted to the side of the attackers. Data from Binance Research shows that artificial intelligence is currently twice as effective at finding vulnerabilities as it is at detecting and protecting against them. The fracking economy has become dangerously affordable. The average cost of running an exploit with AB is only $1.22 per smart contract, and this number is continuously decreasing by about 22% every two months. These cost reductions completely break down the barriers to mass automated network scanning.

A clear example of this imbalance is the testing of the GPT-5.3-Codex model, which, based on EVMbench, shows 72.2% success in “exploitation” mode, while its effectiveness in “defense” mode is twice as low. Although global losses from hacking attacks in the DeFi sector decreased from $3.6 billion in 2020 to $1 billion in 2025, a sharp increase was recorded in April 2026 to $621 million. About 66% of those attacks were not related to code vulnerabilities, but to hacking access control systems, dominated by social engineering and DNS attacks.

Deepfaking and the social engineering industry
Along with technical hacks, the wave of scams targeting users is also growing. The use of AB made such schemes 4.5 times more profitable, and the number of transactions generated in fraudulent networks increased 9 times. Impersonation tactics will see an incredible 1,400% increase in 2025.

The crypto sector is bearing the brunt of these new technologies. 88% of frauds using dipfakes on a global scale fall into this sector. In North America alone, in the first half of 2025, losses from fraud created by neural networks exceeded 410 million dollars, and according to analysts, by 2027, the total volume of such frauds in the financial sector may reach 40 billion dollars annually.

Asymmetric Response and Scalable Investments in Security
Recognizing the scale of the threat, the global financial sector has moved to aggressive expansion of financial infrastructure. Investments in artificial intelligence technologies in financial services reached $58 billion in 2025 and are confidently moving towards the $97 billion mark in 2027. About 75% of financial institutions plan to increase their financial crime detection budgets.

Cryptocurrency exchanges are not inferior to traditional banks when it comes to implementing security systems. For example, the Binance platform has implemented more than 24 compliance initiatives, and anti-fraud systems work through more than 100 AB models. The use of the Strategy Factory tool allowed to reduce the risk of exposure to illegal funds by 96%. Thanks to the preventive modeling of phishing attacks, the share of successful phishing has decreased from 3.2% to 0.4%. As a result of these efforts, from 2025 to the first quarter of 2026, the platform’s security system blocked $10.53 billion worth of fraudulent transactions, protecting the funds of millions of users.

The Role of Stablecoins in Building Proactive Defenses
Stablecoin issuers play a key role in the new security architecture. Although these assets account for 84% of all illegal on-chain volume, they have the important advantage of being able to freeze funds at the protocol level.

The approaches of the market leaders are significantly different. The company Tether (USDT) takes a proactive position and actively cooperates with law enforcement agencies, which allowed to freeze more than 4.4 billion dollars in criminal assets until April 2026. In comparison, the USDC (Circle) issuer generally only responds to court orders and sanctions. The effectiveness of the proactive approach is also confirmed by the work of the T3 Financial Crime Unit, a joint initiative of Tether, TRON and TRM Labs, which blocked more than 300 million dollars worldwide in its first year of operation. Integrating major exchanges like Binance with such initiatives creates a multi-layered system that combines threat detection and quick asset freezing.

Traditional finance integration and identification challenges
With the convergence of TradFi and CeFi systems, exchanges are more often faced with classic card fraud. Thanks to the introduction of AB models, the use of which has increased from 41% to 57% on Binance, the card fraud rate on the platform is 60-70% lower than the industry average.

One of the most complicated directions remains the KYC (Know Your Customer) process. About 80% of attacks are related to KYC bypass attempts, where criminals have moved from physical masks to sophisticated deepfake videos and synthetic faces. Face Attack and Liveness Detection models are used against them, which not only prevent attacks, but also increase the efficiency of the verification process by 100 times. At the same time, the balance between technology and human approach is maintained. In 2025, Binance professionals made more than 36,000 voice calls to potential victims, as live communication is more effective in reducing panic caused by social engineering.

The architecture of secure application of AB agents
For the convenience of users, the implementation of AB requires strict isolation of risks. Binance Ai Pro tool shows the right security model: The funds entrusted to the AB agent are strictly separated from the main account, he is provided with limited trading rights (no withdrawal possibility), and the user can fine-tune access, for example, prohibiting margin trading.

Such precautions are vital. Security studies show that about 12% of AB toolkits available in open libraries contain malicious code. Therefore, any module must undergo strict testing and moderation before being used in commercial systems.
The current situation in the crypto market is reminiscent of the early stages of the development of the Internet. The race between hackers and security systems will not stop, but the combined efforts of the industry, law enforcement and multi-layered AB defenses show that even the most sophisticated cyber attacks can be effectively controlled and neutralized.

—