Australian Scam Ring Impersonates Police to Steal Crypto Wallets

The AFP-led Joint Policing Cybercrime Coordination Centre (JPC3) said the cyber-criminals are first acquiring personal data such as email addresses and telephone numbers. They then file false reports via Australia's official cyber-crime reporting tool, ReportCyber using the victim's details. By doing so, the criminals set up the conditions for a plausible impersonation of law enforcement.

It usually works this way: The victim receives a call from an individual claiming to be from the AFP, informing them of a data breach related to cryptocurrency and finance and that they may be implicated in this. They provide their reference number from the ReportCyber submission to add an air of authenticity. They then ask the victim to check the status of the report via the ReportCyber portal, which requires the victim to insert their email address, thus verifying to the attackers that their personal details are, in fact, valid.

It is at this stage that the script escalates: a follow-up caller impersonates a representative from the victim’s cryptocurrency platform, citing the same reference number for the report. That representative eventually asks the victim to transfer funds from their wallet on the platform into what is supposed to be a “Cold Storage” account for security. One of the victims who acted out AFP’s scenario grew suspicious and ultimately ended the call without transferring any assets.

AFP Detective Superintendent Marie Andersson said the scam is “calculated and sophisticated”, and it appears legitimate because the victim’s personal data has been checked, while a “report” is followed by a phone call in quick succession. She added legitimate law-enforcement officials will never request access to someone's cryptocurrency account, wallet seed phrase, bank account or financial credentials.

The AFP stresses that while the ReportCyber system remains a legitimate and valuable resource to report cyber-crime by Australians, it is now being misused by criminals to lodge reports on behalf of victims without their knowledge. It becomes an unwitting springboard for malicious impersonation in this misuse.

Experts in the crypto and cyber-security domain said this episode fits into the broader trend of fraudsters targeting the crypto-asset space using the users' inherent trust in official channels and leveraging opacity in wallet seed phrases and self-custody logic. While the AFP release focuses on Australia, the modus operandi certainly has global parallels: scammers claim to be from government agencies, demand transfers to "safe accounts," or coax victims into handing over seed phrases or wallet credentials.

One of the big differences here is how this scam incorporates the government portal, ReportCyber, into the scheme. Taking a real system and applying it to the fraudsters' benefit raises the ante on the realism of the claim-instantly, the impersonation becomes far more convincing. And by establishing urgency-you must act now, or your funds are at risk-they force victims into rapid decisions without reflection.

This means that the implications for the cryptocurrency community and self-custody users are pretty clear: Your first line of defense is recognition. Should you receive any unsolicited contact purporting to be from law enforcement seeking wallet access, seed phrases, transfers or log-in credentials, take that as a red flag. Genuine law-enforcement officials will never require any of these, according to the AFP.

From a technical standpoint, seed phrases are the master key to self-custody crypto wallets once given or typed into a phony interface, the wallet can be siphoned by the scammer. Platforms and custodians should continue to educate users on the importance of never sharing seed phrases or accountant credentials, and urging users to verify any police contact via official phone numbers or separate channels rather than through the number provided by the caller.

This scam, in regulatory terms, creates a reputational risk to the broader digital-asset ecosystem in Australia. As users grow increasingly wary of scams, this may erode trust in self-custody and decentralized finance, further entrenching calls for heavier regulatory oversight or custodial controls. The AFP warning may pre-empt further guidance or enforcement by the Australian Securities and Investments Commission or the Australian Transaction Reports and Analysis Centre with respect to crypto-asset service providers' obligations for educating users.

As self-custody wallets and NFTs keep gaining more mainstream adoption, the attack surface for crypto-related scams keeps expanding. The crossover between traditional policing language and digital-asset technicalities is new territory for many users, and it underlines how scams are adapting to it. It's a reminder that in this changing world of crypto, some of the old principles of skepticism and verification still apply.