Crypto Investment Scams: FBI Issues Warning on Physical Cash Couriers

The monetization of cybercrime is undergoing a major paradigm shift. For years, the digital assets landscape was plagued by entirely remote exploits, but on June 15, 2026, the Federal Bureau of Investigation (FBI) issued a jarring public service announcement—Alert Number I-061526-PSA—warning the public that threat actors are now deploying physical couriers to execute in-person cash pickups. This represents a highly physical, low-tech evolution of traditional crypto investment scams, commonly referred to as “pig butchering” or “romance baiting”. By integrating real-world courier networks into their operations, cybercriminals have successfully bridged the gap between digital social engineering and physical extraction, presenting a formidable challenge to law enforcement and financial institutions alike.

The Offline Shift: Why Crypto Investment Scams are Going Physical

To understand why transnational criminal syndicates are turning to physical couriers, one must examine the rapid maturation of digital defense systems. Historically, perpetrators of crypto investment scams relied entirely on digital pathways to steal funds. Victims were instructed to initiate international bank wires, execute ACH transfers, or buy digital assets directly through legitimate Virtual Asset Service Providers (VASPs). Once purchased, the cryptocurrency would be transferred to wallets controlled by the fraudsters, mixed, and laundered across various decentralized protocols.

However, the financial sector has aggressively pushed back. Under pressure from regulatory bodies, banks and legitimate crypto exchanges have implemented highly sophisticated transaction-monitoring algorithms, enhanced Know Your Customer (KYC) protocols, and aggressive anti-money laundering (AML) detection systems. Suspicious transfers are increasingly flagged, delayed, or outright blocked, especially when older or vulnerable bank customers attempt to wire large sums of money to newly created exchange accounts.

Furthermore, proactive federal interventions have squeezed scammers’ digital pipelines. Launched in January 2024, the FBI’s proactive initiative, Operation Level Up, has focused on identifying and notifying active victims of cryptocurrency investment fraud before they completely deplete their assets. By late 2025, Operation Level Up had successfully identified and notified over 8,103 victims. Shockingly, 77% of these victims were entirely unaware they were being scammed until federal agents intervened, resulting in more than $511 million in prevented losses.

As these digital gates slammed shut, organized crime syndicates—operating out of massive scam compounds in Southeast Asia, the Middle East, and parts of Africa—were forced to adapt. They realized that while a bank wire can be intercepted by fraud departments, and a blockchain transaction is forever recorded on a public ledger, a physical handoff of paper currency or gold completely circumvents the electronic financial system. Cash handoffs leave no digital transaction footprint for bank AML systems to detect, making the initial phase of the theft completely invisible to traditional cyber defenses.

Anatomy of the Couriers’ Tradecraft: From Digital Trust to Physical Extraction

The operational flow of this newly evolved threat is a highly coordinated, multi-phased campaign that seamlessly blends psychological manipulation with physical logistics. The scheme unfolds across several distinct stages:

1. The Romance Bait and Social Engineering Hook

The scam begins in the digital realm. Fraudsters use social media platforms, online dating applications, or unsolicited SMS messages (the classic “wrong number” text) to establish contact. Scammers frequently assume highly polished, fabricated personas of successful cryptocurrency investment experts or potential romantic partners. They deploy a tactic known as “love bombing”—showering the victim with intense affection, consistent attention, and false empathy—to build rapid psychological compliance and lower the victim’s natural defenses.

2. The Pivot to Fabricated Exchanges

Once trust is solidified, the conversation naturally steers toward cryptocurrency wealth creation. The scammer encourages the victim to download specific trading applications or visit a customized web portal. These portals are entirely fraudulent, often hosted on typosquatted domains that mimic legitimate brands. The platform’s back-end database is directly manipulated by the scammers to display fake, compounding, and highly lucrative investment returns. Believing they are achieving extraordinary financial success, the victim is enticed to invest even larger sums of money.

3. The Fabricated “Account Hold” and the Cash Demand

The critical pivot occurs when the victim either attempts to withdraw their supposed profits or when their bank begins blocking outward digital transfers to the fake exchange. To resolve this, the scammer introduces an artificial crisis: they claim the victim’s account has been “flagged” by compliance, or that a steep, mandatory “regulatory withdrawal tax” or “liquidity fee” must be paid to unlock their capital. Because the bank has blocked further electronic wires, the scammer proposes an alternative: the victim must liquidate their retirement accounts, withdraw physical cash, or purchase physical gold and precious metals.

4. The Physical Handshake and Serial Number Authentication

Once the victim has secured the physical cash or gold, the scammers arrange a pickup at the victim’s residence or in a public area, dispatching a local courier to retrieve the funds. To alleviate any anxiety the victim might feel about handing thousands of dollars to a stranger, the scammers introduce a brilliant piece of tradecraft: a physical multi-factor authentication (MFA) check.

The scammer provides the victim with a unique code, password, or the specific serial number of a U.S. dollar bill. When the courier arrives, they present that exact dollar bill or recite the agreed-upon password to authenticate themselves as a “legitimate” representative of the investment firm. This clever exploitation of physical security protocols gives the transaction a false air of institutional safety, prompting the victim to willingly hand over the cash.

5. The Endless Extortion Loop

After the courier departs, the scammers manually credit the victim’s fraudulent online wallet, showing a visual representation of the deposit. This visual confirmation reinforces the victim’s belief that the system is legitimate. However, when the victim attempts to withdraw the newly updated balance, the scammers initiate the cycle all over again, demanding additional cash for “compliance clearance,” “processing penalties,” or “local taxes,” and sending the courier back for subsequent pickups.

Tracing the Data: The True Cost of Financial Manipulation

The physical evolution of these scams comes amidst an unprecedented surge in broader cybercrime. According to the FBI’s 2025 IC3 Annual Report released in April 2026, the financial scale of cyber-enabled fraud has broken historic records. The data highlights a sobering reality of modern digital crime:

• Record-Breaking Losses: In 2025, total reported cybercrime losses in the United States surpassed $20.8 billion, representing a staggering 26% year-over-year surge from 2024.
• The Cryptocurrency Premium: Cryptocurrency-related fraud accounted for the single highest financial toll, with 181,565 complaints totaling over $11.3 billion in losses.
• Investment Fraud Dominance: Pure investment scams were the primary driver of reported losses, accounting for more than $8.6 billion.
• Targeting the Elderly: Older adults (aged 60 and older) bore the heaviest financial burden, suffering $7.7 billion in losses—a massive 37% increase from the prior year.
• The Severity of Crypto Scams: While the average loss across all general cybercrimes was $20,699, the average loss skyrocketed to $62,604 when cryptocurrency was involved in the scheme.

Furthermore, the rapid commercialization of artificial intelligence has added fuel to the fire. In 2025, AI-facilitated scams accounted for 22,364 complaints and nearly $893 million in losses, as criminals utilized highly convincing voice clones, deepfake videos, and automated social profiles to establish trust with victims before steering them toward fake investment platforms.

Mitigation and Defeating the Courier Scam Loop

The integration of physical courier pickups means that traditional endpoint security software and network firewalls are no longer enough to protect individuals. Because the critical point of failure occurs in the physical world through human compliance, defensive action must focus on behavioral awareness and strict asset verification. The FBI, IC3, and global cybersecurity agencies advise the public to adhere to several critical mitigation protocols:

• Absolute Refusal of Cash/Gold Pickups: Under no circumstances should you agree to hand over cash, gold, or precious metals to a courier. No legitimate financial institution, cryptocurrency exchange, or government agency will ever send a physical courier to your home or a public location to collect funds.
• Rigorous Platform Domain Auditing: Before placing funds into any trading application, perform extensive OSINT (open-source intelligence) research. Do not simply trust the name of the application. Perform a WHOIS lookup on the domain URL to check its registration date, search security forums for complaints, and inspect screenshots of the application for spelling errors or inconsistent branding.
• Maintain Strict Operational Security (OPSEC): Avoid disclosing details regarding your personal finances, physical address, daily routines, retirement assets, or home security setup to individuals you have exclusively met online.
• Cease Communication on “Wrong Number” Texts: Legitimate business opportunities and lifelong partners do not materialize from a mistaken SMS message. Immediately block and report any unsolicited contact that attempts to shift the conversation to wealth generation, crypto trading, or personal financial hardships.
• Preserve Physical Evidence: If you or a loved one has fallen victim to a courier pickup, immediately document every available physical metric. This includes the physical description of the courier, the license plate and make of their vehicle, exact times of the encounters, and all digital communication logs.

If you suspect you are being targeted by an active cash-courier investment scheme, stop all communication immediately and file an official complaint with the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov. Acting quickly, preserving physical evidence, and notifying local law enforcement can assist investigators in intercepting domestic courier networks and disrupting these highly predatory criminal pipelines.