US authorities are seeking to return $7 million to victims of a social engineering scam that tricked them into sending money to fake cryptocurrency investment platforms. 

The scam involved the fraudsters contacting victims and earning trust before directing them to websites masquerading as legitimate crypto investment platforms, Virginia’s Eastern District US Attorney’s Office said in a March 21 statement.

Once victims made a deposit, the funds were funneled through over 75 bank accounts under the names of shell companies, then sent abroad “deceptively characterized” as domestic wires, despite being transferred to a bank outside the US.

Source: US Attorney’s Office, Eastern District of Virginia

“The sites falsely represented to the victims that their investments were making sizeable gains,” Virginia’s US Attorney’s Office added in its statement.

“When victims would attempt to make withdrawals, the perpetrators would coerce the victims to send even more money using tactics such as claiming the victims owed taxes on their purported profits.”

The United States Secret Service seized some of the stolen funds from a foreign bank in 2023 and began the civil forfeiture action by filing a claim in a US District Court.

However, the bank also made a claim against the cash, and the US authorities eventually reached a settlement agreement for $7 million of the seized funds. 

Victims of the scam have been urged to contact the Secret Service to petition to recover their losses. 

Related: Web3 businesses can outsmart crypto scams before they strike — Here’s how

In its 2025 Crypto Crime Report, blockchain analytics firm Chainalysis said crypto crime has entered a professionalized era dominated by efficient cyber syndicates. 

Australian federal police said on March 21 they had to alert 130 people of a message scam aimed at crypto users that spoofed the same “sender ID” as legitimate crypto exchanges such as Binance. 

Another similar string of scam messages reported by X users on March 14, spoofed Coinbase and Gemini and attempted to trick users into setting up a new wallet using pre-generated recovery phrases controlled by the fraudsters. 

Cybersecurity firm Malwarebytes sent a warning on March 18 about a syndicate using a new form of crypto-stealing malware hidden inside a “cracked” version of TradingView Premium. 

Microsoft’s Incident Response Team said on March 17 that it had discovered cyber scammers were using a new remote access trojan (RAT) that targets crypto held in 20 cryptocurrency wallet extensions for the Google Chrome browser. 

Magazine: Ripple says SEC lawsuit ‘over,’ Trump at DAS, and more: Hodler’s Digest, March 16 – 22