Oops, something went wrong, please try the following steps:

  1. Reload the page;
  2. Clear the cache in your browser;
  3. Try another browser;
  4. Disable/Enable VPN.

If these steps do not help, please contact our support at: [email protected] or use this link. We will get back to you as soon as possible.

  • Main
  • Blog
  • News
  • How ChangeNOW Helped Recover $220K From a Phishing Attack

How ChangeNOW Helped Recover $220K From a Phishing Attack

Phishing is one of the biggest crypto threats in 2025 | Learn how a $220K scam was stopped through early detection, blocked funds, and coordinated recovery efforts

crypto phishing. .png

Welcome to the ChangeNOW Safety Reports series. Here, we focus on what really matters: security, transparency, and integrity in the crypto space. So we’re here to call out bad actors who twist crypto ideals for personal gain. Today, we’re taking a closer look at one such case.

A Coordinated Effort to Reverse a $220K Phishing Attack

A crypto user recently fell victim to a clever phishing scam and ended up losing more than $220,000. It all started with a single click on a malicious link that took them to a fake site mimicking a trusted crypto platform. Believing it was the real deal, they entered their wallet info, and just like that, the attacker gained full access to their funds.

As soon as the incident came to our attention, we initiated a prompt and coordinated response adjusting settings of our risk-management system to intercept those funds should perpetrator have attempted to swap them via our service. Not long after, the attacker tried to make a move, initiating the exchange using stolen crypto.

Upon freezing the funds, a rapid manual review by our security team confirmed the suspicion, and this wasn’t a false positive. We then contacted the Singapore Police Force, providing them with all relevant data about the wallet addresses, transaction history, and the frozen assets. Authorities quickly responded and confirmed that the funds were part of an active investigation. With the proper legal steps in place, they moved to seize the assets in coordination with us.

Once everything was verified and cleared from a legal standpoint, we were able to return the stolen funds to their rightful owner. What could’ve ended in a major loss was avoided, all thanks to quick detection, swift action, and strong coordination between ChangeNOW and law enforcement.

Phishing on the Rise: A Look at 2025’s Biggest Crypto Threat

In 2025, phishing has taken the lead as the most common attack method in the crypto space. According to CertiK’s Hack3d H1 2025 report, there were 132 reported phishing incidents between January and June, more than double the number of smart contract exploit cases, which came in at 53 during the same time frame.

While smart contract exploits have long been the go-to method for technical attacks in Web3, phishing has overtaken them thanks to its simplicity and high success rate. Unlike code-level exploits that require technical expertise, phishing depends on social engineering, tricking users into giving up private wallet keys or seed phrases or unknowingly signing malicious transactions.

Financially, phishing caused an estimated $410.75 million in losses in just the first half of 2025, making it the second most damaging type of attack by dollar value. Wallet compromises still hold the top spot, with 34 major incidents leading to a massive $1.71 billion in stolen funds.

That said, phishing losses were even higher in early 2024, nearly $496 million in just the first six months. The drop we’ve seen this year might be a sign that users are getting wiser, thanks to stronger security tools, clearer wallet warnings, and a community that’s learning how to spot the red flags.

Phishing is still a serious problem, no doubt. But the decline in stolen funds is encouraging; it suggests that better tech and smarter users are starting to turn the tide.

Why Phishing Threats Call for Immediate Action

Phishing isn’t about hacking code, it’s about tricking people. Instead of finding bugs in smart contracts or blockchain systems, these attacks work by fooling you into giving up sensitive info like wallet keys, seed phrases, or login details.

Usually, it kicks off with something that seems innocent, maybe a realistic-looking email, a fake support chat, or a website that’s almost a dead ringer for the real thing. But behind the scenes, it’s all designed to steal access and drain funds fast. And once that happens, your wallet can be emptied in minutes, no hacking tools, no malware, just timing and manipulation. In crypto, speed is everything. The longer a phishing scam flies under the radar, the harder it is to track or get the stolen crypto back. Scammers move quickly, shuffling funds through a chain of wallets or dumping them into privacy-focused blockchains where following the trail gets nearly impossible.

That’s why catching these scams early is so important. In a recent $220K theft, our system spotted a suspicious transaction right away. Our AML team acted fast, freezing the funds, launching an investigation, and working closely with law enforcement in Singapore to stop the thieves. This case is a clear reminder: even in a decentralized world, people still need protection. No matter how advanced the tech gets, social engineering stays a huge risk because, in the end, humans are always the weakest link.

Link-based phishing is one of the most widespread (and dangerous) scams in the crypto space. It works by luring users to fake websites through misleading links, all designed to steal sensitive information like wallet logins, seed phrases, or private keys.

How It Works

The Hook: It usually starts with a message that feels urgent, maybe an email, a text, or a DM pushing you to act right away. Common examples include:

  • “Your wallet has been compromised! Click here to secure it.”
  • “You’ve earned a free crypto reward; claim it now!”
  • “Your exchange account needs immediate verification.” The message contains a link that looks real at first glance but actually redirects you to a fake or malicious site. That site might be: A perfect clone of a trusted platform (like a fake ChangeNOW login page) A shortened URL that hides the actual destination A domain that uses tricks or misspellings (like changen0w.io instead of changenow.io) Once you enter your login details or seed phrase, the scammer takes full control of your wallet. And in some cases, just clicking the link can silently install malware on your device.

Past Cases Involving Social Engineering Attacks

Unfortunately, this isn’t the first time we’ve dealt with phishing-related scams. At ChangeNOW, we’ve had to step in more than once to respond quickly to large-scale social engineering attacks.

Lately, our team has taken an active role in several investigations, often partnering with U.S. federal agencies to help victims recover stolen funds.

In one case, we worked with Homeland Security Investigations (HSI) to track down and freeze nearly $295,000 in crypto that had been stolen through impersonation scams and fake support chats.

In another case, nearly $2 million was intercepted before it could be laundered through anonymizing wallets, thanks to real-time detection by our AML system and rapid coordination with the FBI.

In a third instance, we helped recover roughly $260,000 that had been stolen through carefully crafted social engineering and not technical hacks.

What ties these cases together is simple: not a single one involved breaking code. These attacks worked by breaking trust, using fake interfaces, impersonating identities, and building messages to provoke fear or urgency.

Our Commitment to Victims and Law Enforcement

This is what happens when responsible crypto platforms and law enforcement work together. Privacy and security can absolutely coexist, but only if we’re proactive.

To be clear:

  • ChangeNOW never profits from frozen or recovered funds.
  • We take legitimate cases seriously and respond with speed and transparency.

Why Our AML Systems Matter

We take user privacy seriously as a non-custodial platform, but we also know the weight of responsibility that comes with working in crypto. That’s why we use smart tools to spot suspicious transactions as they happen. Sometimes that means temporarily pausing a few transactions to double-check for anything suspicious. It’s a small trade-off to help keep the platform secure. But technology alone isn’t enough, so we keep our team sharp with ongoing training, strong industry partnerships, and constant updates to stay ahead of emerging threats.

Final Thoughts

Crypto has the power to give people real financial freedom, but that freedom comes with responsibility. Decentralization doesn’t mean doing away with accountability. It’s about finding the right balance between innovation and doing the right thing. If you’ve been affected by a crypto scam, don’t sit on it. Reach out to us anytime at compliance@changenow.io; we’re here to help.

NewsChangeNOW
Exchange Crypto
icon-btc
BTC
icon-eth
ETH

Unlock the power of exchange with Pro features

  • Staking
  • Cashback
  • VIP plan for free
  • More benefits