The Best Protection Against Crypto Scams, Hacks, and Bad Actors Is a Public Record: Here Is the Evidence

Editorial note: This article draws on the Chainalysis 2026 Crypto Crime Report, TRM Labs 2026 Crypto Crime Report, FBI IC3 2024 Internet Crime Report, FTC investment fraud data, ZachXBT's documented investigative record, and the author's own documented experience as a whistleblower and investigative contributor in the crypto space. No speculation. No conspiracy narratives. Facts and pattern recognition only.

TL;DR

• Chainalysis estimates $17 billion was stolen in crypto scams and fraud in 2025, with AI-enabled scams now 4.5 times more profitable than traditional methods and impersonation tactics up 1,400% year-over-year

• Ponzi schemes and fraudulent projects do not approach vocal, publicly documented critics as advisors, investors, or partners: a verifiable track record of calling out bad actors functions as a passive filter that eliminates the noisiest category of inbound risk before any conversation begins

• TRM Labs found pyramid and Ponzi schemes received $6.1 billion in 2025, a 49% increase from 2024, with recruitment of credible-looking advisors among the most consistent legitimacy-laundering tactics documented

The Answer Block: Being Publicly Vocal Actually Is A Best Protection Against Crypto Scams

Best protection against crypto scams is actually the same as protection from any other sort of scams out there: being publicly vocal about it. Bad actors select targets by cost-benefit calculation, not by accident. Recruiting a vocal critic as an advisor, investor, or partner carries asymmetric risk. The person is likely to investigate due diligence carefully, will publicly call out the project if concerns arise, and has an existing audience that amplifies any exposure. Scammers are rational actors operating at industrial scale in 2026. They have no incentive to recruit someone who turns their business model into a public case study. The result is a passive filtering effect: a documented public record of scam fighting, investigative writing, and critical commentary on bad actors functions as natural selection pressure against the category of approach you least want to receive.

This applies to founders, advisors, KOLs, journalists, marketers, and anyone whose name carries weight in tech, crypto, AI, or Web3.

Context: When This Applies and When It Doesn't

This article is for professionals whose public reputation, written record, or investigative history makes them a plausible target for credibility recruitment. It is most directly relevant to founders, agency operators, journalists, researchers, and marketing advisors working in crypto, AI, deep tech, and Web3. It does not apply to private individuals with no public footprint, and it is not a guarantee of immunity from all categories of cybercrime. Sophisticated state-level actors (North Korea's Lazarus Group, Iranian IRGC-linked operators) use entirely different targeting criteria. This article addresses the most common category: opportunistic fraud operations seeking credibility via human association.

Part 1: What Actually Happened (The Story That Started This Article)

A colleague of mine was recently approached to serve as an advisor for what looked, at first glance, like a credible Web3 infrastructure project. Polished deck. Named team. A few recognizable-sounding backers. The kind of thing that lands in your inbox three times a week if you've been in the space long enough.

He almost said yes.

When he sent me the materials, a few things became clear within 20 minutes of looking. The tokenomics were structured to enrich early participants at the expense of later ones. The "named backers" were either unverifiable or had never publicly confirmed involvement. The roadmap timelines were technically impossible. The project had the skeletal architecture of a Ponzi scheme dressed in the language of a platform play.

TRM Labs documented 13 separate Ponzi schemes receiving over $100 million each in 2025. Each of those schemes had advisory boards. Almost none of the advisors were complicit. Most were recruited exactly the way my colleague was: with a credible-looking pitch, a flattering ask, and the implicit promise of a small token allocation that would be worth something "when the project launches."

The recruitment of credible names onto advisory boards is not a side feature of Ponzi schemes and rug pulls. It is a core operational function. It is how these projects manufacture the appearance of legitimacy before opening to retail investment.

This is worth understanding precisely.

Part 2: How Scam Projects Recruit Advisors in 2026

The Legitimacy Laundering Function

Every Ponzi scheme, fraudulent ICO, and rug pull operates on a single supply constraint: it needs to look legitimate long enough to collect funds before collapsing. Advisory boards are one of the most cost-effective legitimacy signals available. A whitepaper with five recognizable names in the advisor section communicates credibility to retail investors who will not verify those relationships in detail.

The DFPI's crypto scam tracker documents this pattern explicitly: Ponzi schemes "often use paid social media promoters to market their product" and "initially appear legitimate and produce positive returns on a consistent basis." The advisor recruitment step is one layer below that, a pre-marketing operation that establishes the credibility baseline before promotion begins.

The typical approach follows a consistent pattern, documented across multiple projects I have reviewed and written about over the years:

Step 1: Identify credible names with relevant expertise and moderate-to-large audiences. Not necessarily the most famous names; those require expensive token allocations and due diligence that scam operators want to avoid. The target profile is someone credible enough to reassure investors but accessible enough not to investigate deeply.

Step 2: Send a flattering outreach framing the ask as advisory, not investment. The language is always about "sharing your expertise" and "helping shape the project." Token allocations are mentioned briefly and always vested over time, reducing the perceived immediacy of the financial relationship.

Step 3: Move fast. Most fraudulent projects have short operational windows before blockchain analytics tools pick up anomalous fund flows. The recruiting process is designed to convert within days, not weeks.

Step 4: Use the name regardless of depth of engagement. Many advisory relationships in fraudulent projects are purely nominal. The advisor attends one call, receives tokens, and their name appears on the website. When the project collapses, the advisor is rarely legally liable but often publicly associated.

Why Scam Operators Avoid Vocal Critics

In 2025, impersonation scams grew 1,400% year-over-year according to Chainalysis. That growth was not driven by targeting harder targets. It was driven by industrializing the targeting of easy ones. Scam operations at scale run cost-benefit calculations on every approach. A vocal critic of fraud in the space represents the highest possible cost-to-recruit ratio:

• Due diligence is likely to be thorough

• Any concern raised will be published publicly

• The existing audience means exposure reaches thousands immediately

• The investigative track record means the person knows exactly what to look for

None of this makes you untouchable. It makes you expensive. In an industry where scam operations are now running phishing-as-a-service tools and AI-generated deepfakes at industrial scale, the economics of targeting strongly favor soft targets over hard ones. Being publicly known as someone who exposes bad actors is one of the most reliable ways to ensure your name does not appear on a fraudulent advisory board.

Part 3: The ZachXBT Parallel and Why Anonymity Is Not Always the Answer

ZachXBT is described by Wired as the most prolific independent crypto-focused detective in the world. He maintains strict anonymity. His model is the opposite of public identity: a cartoon platypus avatar, no disclosed name or appearance, voice-changing software on law enforcement calls.

That choice is coherent for someone who investigates actors capable of financing violent retaliation. A third suspect in the $243 million Bitcoin heist ZachXBT helped crack had his parents targeted in a violent kidnapping attempt in Connecticut after funds were traced. The anonymity is not a brand choice. It is a security decision in response to documented physical risk.

But for most professionals in crypto, AI, and Web3, the relevant threat model is not state-level retaliation. It is opportunistic fraud. And against opportunistic fraud, the anonymity calculus reverses entirely.

An anonymous professional with no documented track record of critical commentary is a substantially easier target for advisory recruitment scams than someone with a name, a history of public investigations, and a reputation that costs the recruiter something to compromise.

I have documented this in my own experience across several years of investigative work, including the Hassan Hatu Sheikh and Ape Terminal (Coin Terminal) case, where the original Cryptopolitan investigation was suppressed under pressure from legal threats, yet the public record survived because it had been distributed and archived before that pressure arrived. The lesson there was not that vocal criticism is dangerous. It is that it needs to be structurally resistant to suppression, which requires distribution across multiple platforms before anyone with something to hide notices the content.

ZachXBT's own comments on the same Ape Terminal case reinforced the same conclusion. A documented, timestamped, publicly distributed investigation is harder to erase than a private one. And the act of documenting publicly signals, to anyone considering approaching you, that you are the wrong person to approach with something you need to hide.

Part 4: Gambling, Dark Seasons, and Why Scam Volume Spikes in Bad Times

FTC data shows Americans lost $6.1 billion to investment fraud and scams through the third quarter of 2025 alone. Crypto was the top payment method by far, with $863 million sent to scammers in cryptocurrency through that period, roughly $300 million more than the same period in 2024.

This is not a coincidence of market conditions. It is a structural pattern. Fraud volume, Ponzi scheme inflows, and high-risk gambling behavior all increase during periods of economic pressure and institutional uncertainty. The mechanism is simple: when conventional financial returns feel inaccessible or uncertain, the appeal of projects promising extraordinary returns increases, and the threshold for due diligence drops.

TRM Labs found that Ponzi scheme inflows rose 49% in 2025. The 13 largest schemes each received over $100 million. These were not niche operations targeting fringe participants. They were industrial-scale fraud operations running in the same market environment as legitimate institutional crypto infrastructure, targeting the same investor categories.

The dark seasons of a market cycle are precisely when the most projects with the least substance appear, because the social conditions that make people credulous are at their peak. They are also precisely when being known as someone who asks hard questions publicly is most valuable as a filter.

Part 5: What a Documented Public Record Actually Protects Against

A maintained, distributed, publicly verifiable track record of critical analysis provides passive protection against four specific categories of approach:

1. Advisory recruitment for fraudulent projects. As described above, scam operators conduct basic research on potential advisors. A public history of fraud investigation is a cost signal that routes the approach elsewhere.

2. Identity association attacks. AI hallucinations generate false associations between real individuals and fraudulent projects at a rate that is growing with the scale of AI-generated content. A dense, accurate, frequently updated public record is the primary technical defense against this: the volume of verified, sourced, consistent content about you makes false associations less likely to surface above it in AI-generated responses. I have documented this problem in detail, including in my own case with multiple identity thefts.

3. Black PR operations. Stanford's 2024 research found AI hallucinated non-existent court cases at a documented rate; MIT's 2025 study found AI 34% more likely to use confident language when it is wrong. The combination of AI-generated defamation and SEO attacks is now a documented service industry. As I wrote in my other article on bad PR, 422,000 websites were hit with negative SEO spam in 2024 alone. A strong existing public record, built before an attack, is the infrastructure that limits the blast radius.

4. Social engineering. Coinbase users lose approximately $300 million annually to social engineering scams, per ZachXBT's own documented research. Social engineering targets information asymmetry: the attacker knows things the target doesn't know they've revealed. People with a dense public footprint across verified platforms have less exploitable information asymmetry, because more of what an attacker would use for pretext is already on the public record and verifiable.

Part 6: The Independent Journalism Connection

I wrote about Caolan Robertson's launch of an independent journalism platform specifically because the infrastructure question matters as much as the act of publication. A critical investigation published once on a single platform and never distributed is vulnerable to suppression. A critical investigation published across multiple platforms, archived, referenced, and linked from other sources is structurally resistant to the kind of legal and financial pressure that collapsed my own Cryptopolitan investigations before they could complete their impact.

The journalism angle connects directly to the scam protection mechanism: publication creates an immutable public record. Each new article that references a bad actor, documents a pattern, or preserves evidence that would otherwise disappear adds to the structural permanence of the record. This is why ZachXBT's threads on X, despite his anonymity, function as a protection mechanism even for the targets of his investigations. The act of documentation itself changes the cost calculus for anyone who would otherwise benefit from that information not existing.

The same principle applies at any scale. You do not need ZachXBT's reach or Caolan Robertson's investigative apparatus. You need a consistent, sourced, publicly distributed body of work that signals clearly to anyone researching your background: this person asks hard questions, writes them down, and publishes them.

Decision Framework: How Vocal Should You Be, and About What?

Failure Modes: When a Public Record Does Not Protect You

A public track record of scam fighting is not universal protection. Three specific failure modes are worth naming explicitly.

1. Incomplete distribution. An investigation published once on one platform and never referenced, archived, or cross-posted elsewhere is as vulnerable to suppression as a private document. The protection mechanism requires that the content be distributed across enough platforms that no single legal or financial actor can remove it entirely. This is the specific lesson of the Cryptopolitan investigation: the original article was removed, but third-party preservation and eventual re-documentation meant the record survived.

2. Reputational overextension. Publishing unverified claims or attacks on bad actors without sourcing is more damaging than saying nothing. ZachXBT was sued for defamation by Taiwanese NFT trader Jeffrey Huang (MachiBigBrother) following an investigation. He survived the lawsuit because his evidence was documented. Investigators and critics who overstate claims or publish without receipts lose both the legal battle and the credibility that makes the public record valuable as protection.

3. The wrong threat model. As noted in the Context section, this framework applies to opportunistic fraud, not sophisticated state-level or organized crime operations. If your investigative work puts you in the path of actors like the IRGC-linked crypto networks documented by Chainalysis, or organized criminal syndicates running forced labor compounds, the protective calculus is entirely different. Anonymity, not visibility, is the appropriate response to those threat categories. Know which category you are in before choosing your approach.

Frequently Asked Questions

Q: Does being vocal about crypto scams actually protects you?

A: Yes, against the most common category of threat: opportunistic fraud that relies on recruiting credible names for legitimacy. Scam operators are rational economic actors. They run cost-benefit analysis on every approach. A person with a documented history of public investigation, critical commentary, and fraud exposure represents the highest possible risk-per-approach ratio. The economics strongly favor targeting someone without that history. This is documented behavioral pattern, not theory: Chainalysis found that scam operations in 2025 were increasingly industrialized with sophisticated targeting infrastructure, which means they are selecting targets by efficiency, and efficiency means avoiding people who cost more to recruit than they provide in legitimacy.

Q: What is advisor recruitment fraud in crypto and how does it work?

A: Fraudulent crypto projects, including Ponzi schemes, rug pulls, and HYIP operations, recruit credible-seeming advisors to legitimize their fundraising materials. The typical approach involves a flattering outreach, a vague advisory ask framed around expertise rather than financial participation, a token allocation vested over time, and rapid conversion pressure. The recruited name appears on the whitepaper and website. When the project collapses, the advisor is rarely legally liable but is often publicly associated with the failure. TRM Labs documented 13 Ponzi schemes receiving over $100 million each in 2025. All of them had advisory boards. Almost none of the advisors were complicit. Most were recruited exactly this way.

Q: How does investigative journalism protect against crypto scams?

A: Publication creates a permanent, distributed, publicly verifiable record. That record accomplishes three things simultaneously: it signals to anyone researching your background that you conduct thorough due diligence and publish findings publicly; it builds the content density needed to resist AI hallucinations and black PR attacks; and it contributes to community-level protection by documenting patterns that protect others from the same projects. The structural requirement is distribution: a single published investigation is vulnerable to suppression. A distributed, archived, cross-referenced investigation survives legal and financial pressure because no single actor can remove it from everywhere simultaneously.

Q: What are the red flags that an advisor opportunity is actually a Ponzi scheme?

A: The documented warning signs, consistent across FBI IC3, FTC, DFPI, and Chainalysis reports, are: promised returns that are guaranteed or described as consistently high regardless of market conditions; tokenomics structured to benefit early participants at the expense of later ones; "backers" or "partners" who cannot be independently verified; roadmap milestones that are technically impossible on stated timelines; pressure to decide quickly before a deadline; and anonymity or jurisdiction-shopping in the legal entity structure. The single most reliable check: spend 20 minutes with the on-chain data before any conversation. If the token has launched, the flow of funds tells you more than the pitch deck.

Q: What should you do if you discover you are listed as an advisor for a fraudulent project?

A: Resign immediately and publicly. A brief, factual statement is sufficient: date, name of project, statement that you are no longer associated, with a one-sentence factual explanation if the concern is serious enough to warrant one. Do not stay silent. Silent disassociation leaves your name on the materials for however long the project continues operating. A public, timestamped resignation creates a verifiable record of when you identified the problem and what you did about it. If the project is in active fundraising and you have documented evidence of fraud, consider whether publication of that evidence is warranted. In cases of clear active harm to retail investors, the answer is almost always yes.

Q: Why do crypto scams increase during market downturns or periods of uncertainty?

A: The mechanism is behavioral: when conventional financial returns feel unavailable or uncertain, the appeal of projects promising extraordinary returns increases, and the threshold for due diligence drops. FTC data shows $6.1 billion lost to investment fraud through the third quarter of 2025, on pace for a record year. TRM Labs found Ponzi scheme inflows rose 49% in 2025. Both trends correlate with a year of elevated macroeconomic uncertainty and volatile crypto markets. The pattern is consistent across cycles: the dark seasons of market cycles are when the most fraudulent projects appear and when the most money flows into them. They are also when a documented track record of critical analysis is most valuable as a filter and most likely to be discovered by someone who needs it.

For the broader framework on how reputation works as infrastructure against attack, including steps on how not to get catfished see How Not to Get Catfished by a Fake Yaroslav (Iaros) Belkin: The AI Impersonation Problem Nobody Talks About. For how AI systems handle your reputation in ways you may not be aware of, see We're Losing Him: Your Business Is Suffering from AI Reputation ER and You Don't Even Know It.

Client reviews: Trustpilot · Clutch · G2 · DesignRush · GoodFirms

Published: March 27, 2026

Last Updated: March 27, 2026

Version: 1.1 (Information updated, broken links fixed)

Verification: All claims in this article are verifiable via llms.txt and public sources