According to Chainalysis, crypto fraud losses estimated around  $17 billion globally in 2025, with AI-driven impersonation scams among the fastest-growing threats. The scale of these attacks shows that crypto fraud is no longer primarily opportunistic or manual. It is increasingly AI-driven and harder to detect, allowing fraudsters to scale operations that once required significant resources.

Though crypto in Africa has matured and fraud rates dropped 28% year-on-year in 2025, the rise of AI-driven threats means staying ahead of fraud is more relevant today than ever. The exchanges most at risk are the ones still relying on controls built for the fraud patterns of a few years ago.

The five patterns below reflect the AI crypto fraud patterns in Africa to watch out for, how they work, and how to protect your crypto platform in 2026.

1. AI-Generated Identity Fraud at Crypto Onboarding  

 AI-generated identities are becoming harder to spot during onboarding. Fraudsters now combine deepfakes with synthetic or stolen identity information to create accounts that appear legitimate. The result is a verified account linked to a person who does not exist.

Here's how the attack typically works:

• Deepfake Verification: Fraudsters use AI-generated faces to pass liveness checks, making the onboarding session appear genuine even when no real customer is present.
• Synthetic Identity Pairing: The deepfake is paired with identity information that looks legitimate, often combining real credentials with fabricated personal details so verification checks return clean results.
• Verified Account Creation: Once approved, the account can be used for fund movement, market manipulation, or sold to other fraud actors looking for pre-verified exchange accounts.

What makes this pattern dangerous is that it no longer requires advanced technical skills. Many of the tools used to create these identities are now available through Fraud-as-a-Service platforms.

Related: How to implement the FAFT Travel Rule for African Crypto platforms

2. AI-Coordinated Wash Trading and Pump-and-Dump Schemes

Wash trading is when the same party, or coordinated parties acting together, buy and sell the same asset to create the appearance of market activity that does not actually exist. A pump-and-dump scheme builds on that: prices are artificially inflated to attract genuine buyers, then the fraudsters sell off their holdings before the price collapses.

AI is making this faster and harder to detect. Fraudsters can now coordinate large numbers of accounts and wallets at a speed that would be impossible to manage manually. By the time suspicious activity becomes obvious, the damage is often already done.

How the scheme plays out:

• Coordinated Account Activity: AI-powered bot networks manage hundreds of accounts at once. Each account appears to behave normally on its own, but together they execute a coordinated trading strategy.
• Artificial Liquidity Creation: Fraudsters use wash trading to create the appearance of active market demand. This can make a low-volume token look more attractive than it actually is.
• Rapid Pump-and-Dump Execution: AI helps fraudsters inflate prices, attract genuine buyers, and exit their positions quickly. The entire cycle can unfold within a short period, leaving little time for intervention.

 This pattern shows that catching fake trading pushed by AI bots requires fraud detection that monitors transactions and wallet activity in real time, fast enough to catch coordinated behaviour before the damage is done. 

3. Wallet Injection Attacks

A wallet injection attack, also known as an address poisoning attack, is designed to blend into legitimate transaction flows and avoid detection. 

Fraudsters use lookalike wallet addresses and transaction-chain manipulation to make risky activity appear trustworthy. The impact is significant: address poisoning attacks have resulted in more than $83 million in confirmed losses, highlighting the limits of address-based checks.

Here's how it works:

• Lookalike wallet creation: Fraudsters create wallet addresses that closely resemble legitimate wallets. The similarity makes suspicious transactions appear more trustworthy and harder to identify at a glance.
• Transaction chain manipulation: The injected wallet sits between the source and destination of funds. This can make a transaction appear disconnected from the original source of risk.
• Screening evasion: A newly created wallet may not appear on sanctions or watchlists. If your screening process relies mainly on static lists, risk signals from connected wallets can be missed.

Detection requires analysing the full transaction chain and wallet behaviour, not just the address in isolation against a static list.

4. Fraud-as-a-Service Targeting Crypto

Fraud-as-a-Service platforms give attackers ready-made crypto fraud toolkits that lower the skill needed to run large-scale attacks. You are dealing with fake exchange interfaces, phishing kits, and identity tools designed to bypass common onboarding and user checks. The barrier to running fraud at scale has dropped significantly.

Here's what it entails:

• Fake exchange interfaces: Fraudsters replicate the login and withdrawal flows of real African exchanges closely enough to trick your users into entering credentials and OTPs. Most users only realise after funds are already gone.
• Phishing kits at scale: Attack tools are pre-configured for specific exchanges and sold to multiple actors. You are not facing one attacker, but many running the same playbook.
• Rapid kit updates: When your team blocks one variant, a new version is pushed quickly. You are constantly reacting to updates that outpace your defences.

The continuous update cycle means rule-based detection is structurally behind the attack tooling at every point in the cycle.

5. AI-Assisted Social Engineering Targeting Crypto Users

AI voice cloning and deepfake videos are now used to impersonate exchange support staff and push your users into authorising withdrawals or sharing credentials. These attacks feel real because the voice or face can closely match actual staff profiles pulled from public sources. Your users often have no clear way to tell the difference.

Here's how it plays out:

• Voice cloning attacks: Fraudsters clone a support staff member's voice, call your users under the guise of urgency, and pressure them into confirming withdrawals or sharing 2FA codes.
• Deepfake video attacks: Fraudsters use video calls featuring cloned staff identities to walk users through fake verification steps that lead to credential or seed phrase exposure.
• Identity gap exploitation: These attacks succeed because there is no reliable real-time way for you or your users to verify voice or face authenticity during support interactions.

The real signal shows up after the interaction, not during it. Voice cloning and deepfake videos are becoming a standard part of the AI fraud toolkit, and African exchanges are not exempt from this. The same trust gap that makes traditional social engineering work is exactly what these tools are built to exploit.

What These Patterns Mean for African Exchanges

These patterns show what this means at the platform level and for Africa specifically, as adoption and trading volume keep growing:

• Onboarding controls are no longer enough: Every pattern above either bypasses onboarding checks or appears after a clean onboarding. Treating onboarding as the finish line leaves the rest of the customer lifecycle unwatched, exactly where these attacks operate. You need monitoring that continues across the full lifecycle, not a one-time gate at signup.
• Identity checks do not capture the full risk: Fraud now shows up in behaviour, not just identity. Wash trading and coordinated activity often look normal at the account level, so a system that only checks who someone is will pass every account involved in a coordinated scheme. Visibility needs to connect identity to transaction behaviour across the network. 
• Static rules fall behind quickly: Fraud tactics are adjusted specifically to pass known checks, so a rules-based system is always reacting to last month's attack. By the time a rule catches one variant, fraudsters have moved to the next. You need behavioural detection that adapts as attack methods change.
   

How Dojah's Profiled Risk Supports African Crypto Exchanges

Across every pattern in this article, the same gap shows up: fraud either bypasses onboarding controls or appears once an account has already passed verification. A platform that only checks people at the door has no visibility into what happens once they are inside.

 Dojah’s Profiled Risk is built to close that gap by watching identity, behaviour, and transactions together across the full user and wallet lifecycle:

• Against identity-based fraud: Profiled Risk connects onboarding checks with device and session signals so accounts that look valid at signup but behave unusually can be flagged early. This helps reduce reliance on identity checks alone.
• Against coordinated trading behaviour: Post-onboarding monitoring looks at account activity over time to spot patterns that do not match normal user behaviour. This helps surface coordinated or automated activity across multiple accounts.
• Against suspicious transaction flows: Transaction monitoring connects identity and wallet activity so risk is not assessed in isolation. This helps you see when wallet behaviour does not match expected user patterns.
• Against social engineering: Sudden changes in account behaviour, especially around sensitive actions, are flagged as anomalies. This helps detect when an account may have been taken over after a successful social engineering attempt.

Profiled Risk gives you a connected view of identity, behaviour, and transactions across the lifecycle, closing the gaps that AI-driven crypto fraud creates.

See how Profiled Risk helps you stay ahead of AI-driven fraud across your crypto platform. 

Frequently Asked Questions on AI Fraud Patterns in Crypto: What African Exchanges Need to Know in 2026

1. What are the main AI fraud patterns African crypto exchanges should watch for in 2026?
The patterns covered in this article include AI-generated identity fraud, AI-coordinated wash trading and pump-and-dump schemes, Fraud-as-a-Service targeting crypto platforms, and AI-assisted social engineering.

2. Why is AI making crypto fraud harder to detect in Africa?
AI helps fraudsters automate attacks, create convincing fake identities, and coordinate activity at scale, making traditional rule-based controls less effective.

3. Can onboarding checks alone stop AI-driven fraud?
No. Many attacks happen after a user has passed onboarding, which makes ongoing monitoring just as important as verification at signup.

4. How should African exchanges respond to these AI-driven fraud trends?
By combining identity checks with continuous monitoring of user behaviour, wallet activity, and transaction patterns, rather than relying on onboarding checks alone.