CertiK has pointed out that cryptocurrency ATM scams have evolved into one of the fastest-growing threats in the digital asset space. According to blockchain security firm CertiK’s latest Skynet analysis, total losses from these schemes reached $333.5 million in 2025 alone—a dramatic escalation fueled by the machines’ instant processing and the irreversible nature of blockchain transfers.
According to insights from CertiK, the FBI logged over 12,000 victim complaints between January and November 2025, representing a 33 percent year-over-year increase and highlighting how criminals are capitalizing on the convenience of cash-to-crypto kiosks.
The United States remains the epicenter, operating roughly 78 percent of the world’s 45,000 crypto ATMs.
These devices appear simple: a user inserts cash at the terminal, which routes the request through a centralized Crypto Application Server (CAS).
Funds are then released from the operator’s pooled hot wallet directly onto the blockchain.
Crucially, the public ledger records only the operator-to-recipient transaction, creating a critical “attribution gap.”
Law enforcement cannot easily link the physical cash deposit to the on-chain movement without subpoenaing the operator’s internal logs.
This technical blind spot has become a cornerstone of modern ATM-based fraud.
The human cost is particularly alarming.
Older adults account for 86 percent of total losses, with the median victim age standing at 71.
In a high-profile enforcement action by the District of Columbia Attorney General against operator Athena Bitcoin, investigators discovered that 93 percent of deposits on the company’s machines were tied to fraudulent activity.
Traditional on-screen warnings have proven largely ineffective when victims are simultaneously receiving live coaching from scammers over the phone.
The case underscores growing legal pressure: operators who become aware of widespread fraud yet fail to act aggressively may face liability under consumer protection and elder-abuse statutes.
Behind the scenes, highly organized transnational criminal networks drive the operation.
These groups maintain specialized divisions for lead generation, social engineering, and rapid laundering.
Asian-based money-laundering rings alone processed an estimated $16.1 billion in illicit crypto flows in 2025, clearing transactions in under two minutes via Telegram-coordinated services centered in Southeast Asia.
Artificial intelligence has supercharged these efforts: AI-augmented scams proved 4.5 times more profitable than traditional methods last year, with deepfake voices and videos effortlessly bypassing standard security prompts.
As regulators in at least 14 states introduce transaction caps or new licensing requirements, criminals are already adapting. Networks now orchestrate multiple low-value deposits across dispersed machines to stay under thresholds while preserving overall volume.
The resulting patchwork of state-level rules has yet to deliver cohesive protection.
CertiK’s threat intelligence emphasizes that real-time wallet screening at the CAS level—before any transaction reaches the blockchain—represents the only reliable technical safeguard.
For consumers, the message is clear: treat unsolicited calls or messages promising crypto “opportunities” with extreme skepticism, never deposit cash under pressure, and verify every step independently.
CertiK concluded that as crypto ATMs continue to proliferate, bridging the attribution gap and holding operators accountable will be essential to stemming this growing tide of sophisticated fraud.