SEC Charges Seven Entities in $14 Million Cryptocurrency Scheme Using AI and Deepfake Videos

Executive Summary

The U.S. Securities and Exchange Commission (SEC) announced on December 24, 2025, that it has filed charges against seven entities for orchestrating a crypto asset investment scam that stole over $14 million from U.S. retail investors. The elaborate fraud leveraged modern technology, including deepfake videos and AI-generated content, to create a veneer of legitimacy. The scheme involved three fake trading platforms—Morocoin Tech Corp., Berge Blockchain Technology Co., and Cirkor Inc.—and four associated "investment clubs." Victims were lured through social media, manipulated in chat groups, and ultimately defrauded on the sham platforms.

Threat Overview

The scam operated through a multi-stage process designed to exploit investor interest in both cryptocurrency and artificial intelligence.

1. Lure: The fraudsters ran social media advertisements, some containing deepfake videos of well-known financial figures, to attract potential investors.
2. Groom: Interested individuals were directed to group chats on messaging apps like WhatsApp. In these groups, the scammers posed as financial professionals and used AI-generated investment "tips" to build credibility and create a sense of an exclusive, successful community.
3. Deceive: Victims were persuaded to open accounts and deposit funds onto one of three fraudulent trading platforms (h5.morocoin[.]top, www.bergev[.]org, www.cirkortrading[.]com). These platforms falsely claimed to be licensed and offered non-existent investment products, such as "Security Token Offerings" from legitimate companies.
4. Extract: When investors attempted to withdraw their supposed profits, the platform operators demanded exorbitant "advance fees" or taxes, a classic advance-fee fraud tactic to extract more money before disappearing.

Technical Analysis

This operation was primarily a social engineering campaign enhanced by modern technology. The key TTPs include:

• T1583.001 - Acquire Infrastructure: Domains: The attackers registered and set up fraudulent websites to act as their trading platforms.
• T1566.002 - Phishing: Spearphishing Link: Social media ads and messages contained links directing users to the malicious platforms and chat groups.
• T1598.003 - Phish for Information: Spearphishing via Service: The entire operation was conducted through social media and messaging services, abusing these platforms to build trust and deliver fraudulent information.
• Social Engineering: The use of AI-generated tips and deepfake videos represents an evolution in social engineering, making the scam more convincing and harder to detect for the average person.

Impact Assessment

The primary impact was the direct financial loss of over $14 million for retail investors across the United States. The scheme specifically targeted individuals with an interest in emerging technologies, exploiting their enthusiasm and potential lack of deep technical knowledge. Beyond the financial loss, such scams erode public trust in both the cryptocurrency market and the legitimate use of artificial intelligence in finance. The SEC's action aims to not only seek restitution but also to raise public awareness about this growing form of fraud.

Detection & Response

Detecting these scams requires a high degree of skepticism from potential investors. Key red flags include:

• Unsolicited investment offers on social media.
• The use of deepfake videos or claims of celebrity endorsement.
• High-pressure tactics and promises of guaranteed, outsized returns.
• Being added to unfamiliar WhatsApp or Telegram groups for investment advice.
• Platforms that demand fees, taxes, or other payments before allowing withdrawals.

Response for victims involves immediately ceasing all contact and payments, reporting the incident to law enforcement (like the FBI's IC3) and regulatory bodies (like the SEC), and reporting the fraudulent accounts/ads to the social media platforms.

Mitigation

The most critical mitigation for this type of threat is public awareness and education.

• M1017 - User Training: Investors should be educated on the hallmarks of investment fraud. This includes verifying the registration and licensing of any trading platform or financial professional through official channels (e.g., SEC's IAPD database), being wary of social media investment schemes, and understanding that there are no guaranteed returns in investing.
• Due Diligence: Always research investment opportunities independently. Do not rely on information provided in unsolicited messages or private chat groups.
• Technology Awareness: Users should be aware of the existence and capabilities of deepfakes and AI-generated content and maintain a healthy skepticism of online videos and communications, especially when money is involved.