Authors

D'CENT Wallet Team

Hardware wallet security experts. Building secure crypto storage since 2018.

* AI-generated images may be used to help understand the content.

Key Answer: AI-generated deepfakes are now being used to trick crypto holders into approving fraudulent transactions — and the technology is improving faster than most defenses. A hardware wallet with clear signing and real-time threat detection reduces your exposure significantly, but the final approval is always yours: if you sign a malicious transaction, losses can still occur.

Key Takeaways

• AI deepfake scams targeting crypto holders surged over 1,400% between 2022 and 2025, according to Sumsub's Identity Fraud Report
• Deepfake video calls have been used to impersonate CEOs, exchange support staff, and even friends to authorize fund transfers
• The attack targets your trust, not your keys — deepfakes manipulate what you see and hear to make you approve transactions voluntarily
• Clear signing on a hardware device lets you verify transaction details independently of any potentially compromised screen
• Real-time threat detection can flag known malicious addresses before you sign, adding a pre-emptive safety layer

What Are AI Deepfake Scams in Crypto?

A deepfake scam uses artificial intelligence to create convincing fake videos, voice recordings, or images that impersonate real people. In the crypto space, attackers use this technology to bypass the one security layer that code alone cannot protect: your judgment.

Unlike traditional phishing (fake emails or websites), deepfake scams are designed to exploit real-time human interaction. A scammer might join a video call looking and sounding exactly like your company's CFO, instruct you to transfer funds to a "new secure wallet," and disappear once the transaction is confirmed.

According to Chainalysis, social engineering — including deepfake-enabled schemes — accounted for a growing share of the $3.4 billion stolen in crypto during 2025.

How Do Deepfake Crypto Scams Actually Work?

1. The Fake Video Call

In February 2024, a finance employee at a Hong Kong multinational transferred $25 million after a video call with what appeared to be the company's CFO and several colleagues. Every person on the call was a deepfake. The employee saw familiar faces, heard familiar voices, and followed what seemed like legitimate instructions.

2. The Fake Support Agent

Scammers create deepfake videos or voice calls impersonating exchange support staff. They contact users claiming there's a "security issue" with their account and guide them through steps that ultimately transfer funds to the attacker's wallet. The voice sounds authentic. The face matches the support page photo. The urgency feels real.

3. The Fake Influencer / KOL

AI-generated videos of well-known crypto influencers promoting fake investment opportunities or "exclusive airdrops" have appeared across YouTube and social media. The deepfake technology is now sophisticated enough that casual viewers cannot distinguish these from genuine content.

Why Traditional Security Doesn't Stop Deepfakes

The core problem with deepfake scams is that they don't attack your wallet's encryption or your private keys. They attack you.

• 2FA won't help — you're the one entering the codes because you believe the request is legitimate
• Strong passwords won't help — you're voluntarily approving the transaction
• Software wallet warnings won't help — if your computer or phone screen is compromised, warnings can be hidden or altered

This is why the security industry calls deepfakes a "human layer" attack. The cryptography is never broken — the person holding the keys is deceived.

How a Hardware Wallet Reduces Your Deepfake Risk

A hardware wallet cannot tell you whether the person on a video call is real. But it does solve the second half of the attack: it forces you to verify exactly what you're signing before it's too late.

Defense 1: Clear Signing (WYSIWYS)

Most deepfake scams succeed because the victim approves a transaction they didn't fully understand. The attacker's screen shows one thing — the actual transaction does something entirely different.

D'CENT's WYSIWYS (What You See Is What You Sign) approach displays the recipient address, amount, and network directly on the hardware device's OLED screen. This data travels from the secure chip to the display without passing through your phone or computer — so even if those devices are compromised, you see the truth on the hardware wallet.

Important limitation: Clear signing helps you verify what you're approving, but it cannot prevent a loss if you choose to sign a malicious transaction. The final check is always yours.

Defense 2: Real-Time Threat Detection

D'CENT integrates Blockaid's threat intelligence engine, which simulates transactions before execution. If the recipient address is associated with known scams, phishing campaigns, or wallet drainer contracts, you receive a warning before signing.

This adds a pre-emptive layer: even if a deepfake convinces you to initiate a transaction, the threat detection system can flag it as suspicious. However, no automated detection system catches every threat — new scam addresses are created constantly. Use this as one layer of defense, not your only one.

Defense 3: Biometric Authentication

Every transaction on D'CENT requires fingerprint confirmation on the device itself. An attacker cannot remotely approve transactions — they would need your physical wallet and your fingerprint. The biometric template is stored in the EAL5+ Secure Element and never leaves the chip.

5 Mistakes That Make You Vulnerable to Deepfake Scams

Mistake 1: Trusting a video call as proof of identity.
AI can now generate real-time video of anyone using just a few reference images. A video call is no longer reliable verification. Always confirm requests through a separate, pre-established communication channel.

Mistake 2: Rushing a transaction because someone said it's urgent.
Urgency is the primary tool of social engineering. Legitimate requests can wait for verification. If someone pressures you to act immediately, that's a warning sign — not a reason to speed up.

Mistake 3: Approving transactions on your phone or computer screen only.
Software screens can be manipulated. A hardware wallet with clear signing shows you the actual transaction data on an independent display that attackers cannot alter remotely.

Mistake 4: Clicking links from "official" messages without verifying the source.
Deepfake voices in voicemails, AI-generated emails from "your exchange," and fake customer support channels are all growing rapidly. Always navigate to official sites directly — never through links in messages.

Mistake 5: Assuming deepfakes are easy to spot.
Current AI technology produces deepfakes that are virtually indistinguishable from real content in many cases. Relying on your ability to "detect" a deepfake is not a viable security strategy.

Your Anti-Deepfake Checklist

• ☐ Verify all fund transfer requests through a separate communication channel (call back on a known number, not the one provided)
• ☐ Use a hardware wallet with clear signing — verify every transaction on the device screen before approving
• ☐ Enable real-time threat detection for pre-emptive warnings on suspicious addresses
• ☐ Require biometric confirmation for every transaction (fingerprint, not just a PIN)
• ☐ Never approve transactions under time pressure — legitimate requests can wait
• ☐ Establish a code word or verification protocol with team members and family for high-value requests
• ☐ Review and revoke unnecessary token approvals monthly
• ☐ Keep your hardware wallet firmware updated to benefit from the latest security improvements
• ☐ Bookmark official exchange and wallet URLs — never trust links from messages or calls
• ☐ Treat any unexpected "support" contact as suspicious until independently verified

Frequently Asked Questions

Can a deepfake steal my crypto directly?
No. A deepfake cannot access your private keys or bypass your wallet's encryption. It works by deceiving you into approving a transaction. The technical security of your wallet remains intact — the vulnerability is in human decision-making, which is why independent verification tools like clear signing are critical.

How can I tell if I'm talking to a deepfake?
Honestly, it's becoming increasingly difficult. Current AI can produce real-time video and voice that is nearly indistinguishable from reality. Rather than trying to detect deepfakes, focus on process-based security: verify all fund requests through a separate channel, use a hardware wallet for transaction verification, and never approve transactions under time pressure.

Does a hardware wallet protect against all deepfake scams?
A hardware wallet significantly reduces your risk by providing an independent display for transaction verification and requiring physical biometric confirmation. However, if a deepfake convinces you to sign a malicious transaction on the device, the loss can still occur. The hardware wallet is a powerful defense layer, not a guarantee of complete protection.

What is clear signing and why does it matter for deepfake defense?
Clear signing means the hardware wallet shows you the full transaction details (recipient, amount, network) on its own screen before you approve. Even if a deepfake has compromised your computer or phone screen to show false information, the hardware device displays the actual transaction data directly from the secure chip. Your eyes on the device become the final verification step.

Are AI deepfake scams getting worse?
Yes. According to Sumsub, deepfake-related fraud increased over 1,400% between 2022 and 2025. As AI tools become cheaper and easier to use, the barrier to creating convincing deepfakes continues to drop. This is why prevention through hardware-based verification is more important than relying on detection.

What should I do if I suspect I've been targeted by a deepfake scam?
Immediately stop all communication with the suspected deepfake source. Do not approve any pending transactions. Contact the real person or organization through a known, verified channel. Review your recent wallet activity for unauthorized approvals. If you've already signed a transaction, check if you can revoke any token approvals using tools like Revoke.cash.