AI Fraud Is Forcing Advisors to Tighten Crypto Controls
AI is making crypto scams more convincing, pushing advisors back toward dual authorization, out-of-band verification, and on-chain reconciliation. European custodians and asset managers are also feeling the pressure on their controls.

Key Takeaways
- AI is making crypto fraud cheaper and more convincing, which means advisors can rely less on spotting scams and more on classic controls.
- CoinDesk highlights dual authorization, out-of-band verification, and independent reconciliation as ways to better protect client assets.
- This also matters in Europe, where exchanges, custodians, and asset managers need stricter verification and account controls.
AI is driving down the cost of crypto fraud while making it look more legitimate, and CoinDesk says that leaves advisors with less room to depend on instinct alone. Instead, the newsletter argues they should lean on the same basic financial controls that have long helped catch bad actors. This week’s Crypto for Advisors newsletter looks at how verification, separation of duties, and reconciliation can help shield client assets from increasingly sophisticated impersonation attempts.
Fraud Is Getting More Convincing
At the heart of the issue is a shift in the fraud business model. Scams are no longer just about blasting out as many messages as possible. With AI, attackers can generate tailored, convincing audio, video, and text much faster, which makes it far easier to impersonate a client, fund manager, or support representative in a way that can be hard to spot during a quick call.
CoinDesk points to how large the problem has become. The FBI reported in 2025 a record $20.9 billion (€18.2 billion) in cybercrime losses, with crypto as the most used payment method. Chainalysis estimates that during the same period, up to $17 billion (€14.8 billion) flowed into crypto scams, and that operations using AI tools were about 4.5 times more profitable than those without AI. The average scam amount also jumped sharply, to $2,764 (€2,410).
Those figures reflect a wider move in finance away from static safeguards and toward real-time monitoring and coordination. In crypto, that shift matters even more because once a transaction is finalized, it cannot be undone.
Old Controls Still Work
The newsletter says the best defense is not trying to outguess deepfakes, but sticking to processes that have worked in traditional finance for years. One of the most important is dual authorization, which prevents any single person from moving assets or approving a transfer on their own. Out-of-band verification is just as important: any change to a wallet address or transfer instruction should be confirmed through a separate, prearranged channel.
CoinDesk also says independent reconciliation is a must. Since balances can be checked directly on-chain, advisors can regularly compare records with blockchain data and spot discrepancies sooner. For firms that manage crypto for clients, due diligence on custodians and platforms matters too, including SOC reports, proof of reserves, and asset segregation practices.
The newsletter connects this to the U.S. custody rule under the Investment Advisers Act and to ASU 2023-08, the accounting standard that requires fair-value reporting for crypto holdings. For advisors, the issue is not only security, but also having clear, verifiable control over client assets.
Why This Matters for Europe
For European crypto firms, this is not just a U.S. compliance issue. AI-driven fraud, on-chain balance checks, and tighter account controls also affect exchanges, custodians, and asset managers that operate under European rules or serve clients across several jurisdictions. In practice, that could mean more demand for stronger verification steps, tighter account permissions, and infrastructure that makes fraud harder to carry out.
The newsletter’s expert section adds another technical angle. According to ORO, money managers could move away from legacy externally owned wallets and toward programmable smart accounts, such as ERC-4337 or EIP-7702, so security rules can be built directly into the account itself. That would shift protection from manual review to automated guardrails, with human escalation whenever something looks off.