Overview
A retreat by regulators in the United States and elsewhere has coincided with a quieter on-chain landscape, but the quieter market hides a sharper, more damaging set of criminal tactics. Over the past year the number of classic DeFi rug pulls has fallen dramatically, even as individual incidents have grown far costlier, leaving investors vulnerable to larger, more sophisticated thefts. _Fewer attacks, bigger losses_ is the emerging pattern.
Fewer rug pulls, heavier damage
Data trackers that monitor decentralized applications and token launches show a steep decline in the count of rug pulls - a drop of roughly _66 percent year on year_ in mid 2025 - while the aggregate value drained from the sector climbed into the billions. Where 2024 saw hundreds of small memecoin exits, 2025 and early 2026 have featured fewer schemes that, when they occur, remove far larger pools of liquidity. The memecoin niche alone accounted for _more than $500 million_ in losses during 2024, underscoring how concentrated damage has become.
Regulatory pullback and shifting enforcement
Policy shifts at major agencies have changed the enforcement backdrop for digital asset firms and projects. Over the past year the Securities and Exchange Commission has reclassified and in some cases dismissed high profile crypto enforcement actions while signaling a move from aggressive litigation toward clearer rulemaking and tailored compliance pathways. That recalibration coincided with a measurable drop in the overall number of new enforcement actions recorded in fiscal 2025. The result is a looser enforcement horizon for some actors and extra work for market participants trying to spot bad projects before they launch.
Criminals adapt - AI, impersonation, and big game hunting
Security researchers and blockchain analysts report that fraudsters are redeploying capital and skills into techniques that produce larger hauls. Social engineering, AI-generated impersonations, and long-running romance or investment cons - often referred to as pig butchering - have exploded in scale, extracting far more per victim than classic rug pulls. At the same time, a small number of high-value centralized hacks and targeted exploits produced a large share of 2025 thefts, reinforcing a move toward fewer but more damaging operations. _The data point to a concentration of risk_ rather than a solved problem.
Industry pushback and what comes next
Security firms, exchanges, and analytics providers are responding with expanded audit services, richer provenance checks, and on-chain behavioral monitoring. Projects that obtain audited contracts and publicized multisignature controls are seeing less skepticism, but audits are not a silver bullet. Experts emphasize that better investor education, faster public enforcement when malfeasance is detected, and platform-level safeguards are needed to blunt the impact of larger, more sophisticated scams. Regulators face a choice: maintain a lighter touch that may foster innovation, or reintroduce more aggressive oversight to deter high-value attackers. Until that balance is clearer, the market will likely continue to see _fewer incidents that cause greater harm_.