Updated Jul 16, 2026, 2:57 p.m. Published Jul 16, 2026, 2:54 p.m.

5 min read

Crypto for Advisors

Summary

You’re reading Crypto for Advisors, CoinDesk’s weekly newsletter that unpacks digital assets for financial advisors. Subscribe here to get it every Thursday.

Happy Thursday, advisors!

In today’s newsletter, Kriti Bansal examines the rise of AI-driven fraud and provides a framework of rigorous financial controls to help advisors secure client assets against sophisticated impersonation tactics.

Then, in “Ask an Expert,” Varun Choudhary, CEO of ORO, discusses how money managers can automate defensive layers against fraud by transitioning to programmable smart accounts and using automated monitoring to create programmatic security guardrails at the account level.

Happy reading.


AI Is changing crypto fraud — the best defense is old-fashioned financial control

As AI makes impersonation cheap and convincing, an advisor’s strongest protection isn’t a better eye for fakes — it’s the verification, separation of duties and reconciliation they already know.

For most of crypto’s history, fraud was a volume business: send enough phishing messages and a few would land. But artificial intelligence has changed the economics of fraud. Deception is now cheaper to produce, more personalized and markedly more convincing — and increasingly, it arrives in the form of someone your client already trusts.

The scale is significant: the FBI’s Internet Crime Complaint Center reported a record $20.9 billion in cybercrime losses in 2025, with cryptocurrency the most common payment channel (FBI). Chainalysis estimates that as much as $17 billion flowed to crypto scams over the same period, and found that operations linked to AI tools were roughly 4.5 times more profitable than those without. The average scam payment more than tripled year over year, to $2,764.

Strengthening defenses against AI fraud

Average crypto scam payment, 2024–2025. Source: Chainalysis, 2026 Crypto Crime Report.

For advisors, the instinct is to get better at spotting fakes. That is unlikely to be a durable strategy: synthetic video and cloned audio are already convincing and continue to improve. The more reliable protection is one advisors already understand: financial control. An advisor’s fiduciary duty to safeguard client assets, and the SEC’s custody rule under the Investment Advisers Act, do not depend on detecting a deepfake. They depend on verification, separation of duties and reconciliation. In digital assets, where a transaction is irreversible once settled, those controls matter more, not less.

Strengthening defenses against AI fraud

A practical control framework advisors can apply to digital-asset workflows.

  • Impersonation at scale. Chainalysis recorded a roughly 1,400% increase in impersonation scams. Real-time face-swap tools, voice cloning and large language models let a bad actor appear as a client’s advisor, a fund principal or a support agent — including on live video. Verifying identity by “hopping on a call” is no longer sufficient.
  • Automated persistence. “Pig butchering” investment scams, built on weeks of relationship-building, cost victims $7.2 billion in 2025. AI systems now sustain those conversations continuously and across many targets at once.
  • Low-cost fabrication. Convincing fake trading platforms, synthetic testimonials and fabricated news segments can now be produced in minutes rather than by a professional team.

Controls that hold

  • Dual authorization for asset movement. No single person and no single approval should be able to move client funds or authorize a transaction. Requiring two independent approvers means a convincing impersonation of one individual is not enough to move money. This is among the oldest controls in finance, and among the most effective against AI-enabled impersonation.
  • Out-of-band verification. Any instruction to transfer funds or change a wallet address should be confirmed through a separate, pre-agreed channel — for example, a call to a known number, not a reply to the request itself. Urgency should prompt more scrutiny, not less.
  • Independent reconciliation. Because balances are verifiable on-chain, advisors can reconcile client holdings against the blockchain on a regular schedule, performed by someone independent of whoever initiates transactions. An unexplained discrepancy is often the first indication of a problem.
  • Custodian and platform diligence. Review a custodian’s SOC reports, proof of reserves and asset-segregation practices. The digital-asset accounting standard ASU 2023-08, which requires fair-value reporting of crypto holdings, gives advisors more disclosure to request and verify.

The bottom line

AI has not created new categories of fraud so much as lowered the cost of executing old ones. That shift places a greater burden of proof on everyone who handles client assets. The advisors best positioned to protect their clients will not be those who become most skilled at identifying fakes, but rather those who make disciplined financial controls a routine part of how digital assets are held and moved. In an environment where nearly anything can be convincingly imitated, a verified process is the one thing that cannot be. Where is your practice least prepared?

- Kriti Bansal, vice president finance and accounting, AlphaPoint


Ask an Expert

Q. Can advisors work with AI to ensure clients are safe against fraud?

A.Yes, but AI should support advisors and not act as autonomous decision-maker. It can flag unusual wallet behavior, suspicious contracts, phishing patterns and risky approvals before damage happens. The biggest vulnerability today is granting AI agents direct, unmitigated wallet permission and this can turn the agent itself into a massive attack vector for social engineering or bad on-chain data.

Q. What security in real time looks like in the age of AI?

A. In the age of AI the real time security needs to be predictive and proactive and not reactive. Real-time security means warnings before signing, continuous wallet monitoring, instant alerts on abnormal activity and blocking risky approvals before funds can move.

Q. How can a money manager automate a defense layer that acts as a continuous threat monitor?

A.Money managers must move away from legacy externally owned wallets and transition to programmable smart accounts such as ERC-4337 or EIP-7702. This transition allows one to write automated, programmatic security guardrails directly at the account level. They can use automated monitoring for wallets, approvals, contract risks, transaction patterns and exposure limits, with human escalation for anything unusual.

  1. 1
  2. 2
  3. 3
  4. 4
  5. 5
  6. 6
  7. 7
  8. 8
  9. 9
  10. 10

Read full story at CoinDesk