Keep Factually independent
Whether you agree or disagree with our analysis, these conversations matter for democracy. We don't take money from political groups - even a $5 donation helps us keep it that way.
Which cryptocurrency exchanges have the highest volume of accounts tied to phishing and fraud schemes?
Executive summary
Reporting and public analyses show major exchanges regularly receive funds tied to phishing, fraud and other illicit activity, but coverage stops short of a definitive ranking of "highest volume of accounts" tied to those schemes. Investigations and datasets cited by International Consortium of Investigative Journalists (ICIJ) and news reporting identify Binance, OKX and other large venues as recurring destinations for illicit proceeds — for example, ICIJ found Binance accounts received at least $408 million in tether from one illicit source and OKX at least $226 million in tether in a related period [1]; the New York Times reports victims’ stolen funds have flowed onto major exchanges including Binance [2]. Available sources do not provide a clear, source-by-source leaderboard of account counts tied specifically to phishing campaigns.
1. Big exchanges appear frequently in tracing work — but “accounts tied to phishing” isn’t a single, settled metric
Investigative reporting and blockchain-analytics work routinely trace proceeds of scams and scams-linked entities into large exchanges; ICIJ’s analysis found substantial tether flows into Binance and OKX over a 12-month window [1], and New York Times reporting documents victims’ stolen funds reaching major exchanges including Binance [2]. However, those pieces measure flows of funds, not a transparent count of “accounts tied to phishing,” and do not claim to produce a ranked list of exchanges by number of phishing-linked accounts [1] [2]. Available sources do not mention a peer-reviewed or government dataset that lists exchanges ordered by the volume of phishing-linked accounts.
2. Why fund-flow studies are imperfect proxies for “phishing accounts”
Blockchain analysis can show that funds originating from a scam wallet later go to exchange-controlled addresses, but translating that into a count of compromised user accounts requires internal exchange records, legal process and consistent definitions of “tied to phishing.” The ICIJ reporting quantifies tether received from a named illicit actor but emphasizes the difficulty of determining what happens after dirty money reaches an exchange because the on‑chain trail is obscured once funds enter custodial platforms [1]. The New York Times piece similarly notes that whether an exchange broke the law or simply received stolen funds is nuanced and often depends on internal compliance actions [2].
3. Government and law‑enforcement efforts point to widespread abuse of exchanges but focus on networks, not simple tallies
The U.S. Department of Justice’s recent Scam Center Strike Force and related DOJ announcements stress dismantling transnational scam networks and working with exchanges to block or seize assets traced back to scams [3] [4]. Those initiatives treat exchanges as part of the money-movement ecosystem and emphasize seizure and recovery rather than publishing exchange-by-exchange account counts tied to phishing [3] [4]. Available sources do not present a government-produced ranking of exchanges by number of phishing-linked accounts.
4. Phishing is primarily an attacker-to-user vector; exchanges are often destinations, not always the point of compromise
Security commentary and consumer guidance stress that phishing targets users (fake sites, credential harvesting, drainers) rather than directly “hacking” exchange infrastructure; Ledger and Outlook India both emphasize phishing’s role in tricking individuals to surrender credentials or sign malicious transactions [5] [6]. Consumer and regulator trackers—like California’s DFPI scam tracker—are complaint-based and document how scammers direct victims to create or fund exchange accounts, but the DFPI explicitly notes its data are based on complainants’ descriptions, not independently verified exchange records [7].
5. Two competing interpretations in reporting — culpability vs. utility as a tracing point
One line of reporting highlights exchanges’ roles in enabling laundering by receiving stolen funds (ICIJ shows large tether inflows from illicit sources to exchanges) and questions compliance practices [1]. Another emphasizes exchanges’ public statements about investing in compliance and collaborating with law enforcement, noting it can be hard to tell post-hoc whether an exchange broke the law or was simply receiving illicit deposits before detection [2]. Both perspectives are present in the New York Times reporting and ICIJ work [2] [1].
6. Practical takeaways for the public and investigators
For consumers: phishing defenses (2FA, anti-phishing tools, careful URL hygiene) remain the first line of defense because phishing targets individuals rather than exchange infrastructure [6] [5]. For researchers and law enforcement: meaningful rankings would require standardized definitions and access to exchanges’ internal data; current public investigations quantify dollar flows to exchanges (e.g., $408M to Binance, $226M to OKX in ICIJ’s sample) but stop short of account-level leaderboards [1].
Limitations: reporting cited here measures money flows and systemic patterns, not a verified, comparative count of phishing-linked exchange accounts; available sources do not provide such a ranked list [1] [2] [3].