5 most scandalous fraud cases of 2025

Cyber breaches and cryptocurrency schemes dominated headlines in 2025 as fraudsters exploited advanced technologies to steal billions. But alongside these high-tech frauds, a few classic schemes made appearances. Here’s Fraud Magazine’s most scandalous fraud cases of 2025, as voted by the ACFE’s Advisory Council.

In a year of high-profile cyber breaches and cryptocurrency schemes, the most scandalous fraud case of 2025 was a health care scheme involving medical supplies. Fraudsters may be finding ever-more sophisticated — and technologically advanced — ways to steal money, but their focus on government aid programs since the COVID-19 pandemic hasn’t changed.

And while fraudsters had a big year pushing technological boundaries to perpetrate their schemes, it was also a significant year for anti-fraud efforts. In the U.K., the failure to prevent fraud offense, a signature piece of its Economic Crime and Corporate Transparency Act 2023 (ECCTA), went into force in September 2025. The provision makes corporations liable for fraud committed by employees and other associates and could reshape corporate ethics and compliance in the U.K. In Southeast Asia, law enforcement entities took aim at the multibillion-dollar cyber scam industry and the organized criminal groups running human trafficking operations that fill cyber scam centers with forced labor.

Each year since 2018, Fraud Magazine surveys our Advisory Council members for their input on the most scandalous frauds of the year. The Advisory Council, comprising fraud subject-matter experts across the globe who provide feedback to the ACFE on various initiatives and topics, vote on the most scandalous frauds based on the amount of money stolen, impact and lives affected, and relevance to the anti-fraud profession. Here are the fraud cases from 2025 that we think will live in infamy and provide important fraud-fighting lessons for years to come.

The case of the phantom urinary catheters

In the summer of 2023, the Dallas Better Business Bureau received an unusually high number of complaints about Konaniah Medical Supplies. Medicare beneficiaries, recipients of the U.S. government’s health insurance program for older adults, noticed that the company was billing their accounts for unnecessary urinary catheters. When people tried contacting Konaniah, they discovered it didn’t have a telephone number or website. According to Texas Secretary of State business filings, the company also operated as G&I Ortho Supply in Brooklyn, New York. It billed Medicare $436 million for catheters that beneficiaries never ordered, needed or received.

During an investigation of fraudulent Medicare claims for COVID-19 testing kits, the Oklahoma Insurance Department also noticed an extremely high number of claims for urinary catheters. When the department’s Medicare assistance director queried beneficiaries about the catheters, they were confused by the claims and didn’t know why they’d been made. A doctor in Nebraska told the Times that his patients were “collectively billed nearly $2 million in 2023 for phantom catheters.”

In fact, Medicare received more than 400,000 complaints from its beneficiaries about fraudulent claims for urinary catheters. The National Association of Accountable Care Organizations (NAACO), a health care industry advocacy group, reported in 2024 that more than 450,000 Medicare recipients had been billed for phantom catheters in 2023 — a ninefold increase from previous years. The group also discovered that the bulk of claims came from only seven medical supply companies. Only one of those seven companies had a working telephone number. According to the NAACO report, Konaniah billed Medicare $202 million for catheters, a figure that the Times reported as $50 million more than what Medicare had previously paid out for catheters.

What all these hundreds of thousands of claims for catheters amount to is one of the biggest health care fraud schemes in the history of Medicare. U.S. prosecutors estimate that approximately $10.6 billion in medical supplies, mostly urinary catheters, were billed to the U.S. government and perpetrated by an international cast of criminals connected to a Russia-based operation.

According to the Centers for Medicare & Medicaid Services (CMS), 11 suppliers were responsible for 89% of all claims for catheters between January 1, 2023, and March 11, 2024. CMS suspended payments to those suppliers.

In June 2025, the U.S. government charged 11 defendants from the U.S., Estonia and the Czech Republic with health care fraud and money laundering conspiracy. Of the $10.6 billion allegedly charged to Medicare, the perpetrators collected more than $900 million.

One of those charged was Imam Nakhmatullaev, a top supervisor of the Russia-based criminal network. He allegedly recruited people to become “owners” of the medical supply companies and directed others to move funds through shell companies to bank accounts in China, Singapore, Pakistan, Israel and Turkey.

The charges resulted from a two-year investigation called Operation Gold Rush, the largest U.S. government health care enforcement action to date. The phantom catheter scheme was just one of many schemes ensnared in the takedown that also charged more than 320 people in schemes involving approximately $15 billion in false claims. Nearly 100 medical professionals were charged in the enforcement action and allegedly caused $2.9 billion in losses.

According to U.S. prosecutors, perpetrators bought more than 30 legal U.S. companies approved by Medicare and turned them into fraud operations. Then, starting in 2022, using personal information stolen from more than 1 million U.S. citizens, they filed billions of dollars in claims for catheters that people didn’t need or receive. Isaac Bledsoe of the U.S. Department of Health and Human Services’ Inspector General’s Office told The Washington Post, “I don’t even know if [the United States] has the ability to manufacture 1 billion catheters in such a short time. The absurdity, the brazenness of these actors is really just astounding.” According to Bledsoe, the U.S. government employed a new approach to the fraudulent billing of catheters, the “stop and caught” method instead of paying out claims before identifying fraud and clawing the money back, or the “pay and chase” approach.

In total, the government was able to “stop and catch” 99% of those payments from reaching  perpetrators’ pockets. U.S. officials say they seized millions of dollars in fraudulent funds.

Urinary catheters — flexible tubes inserted into patients’ bladders often to treat incontinence — might seem like odd items for a scheme, but they’re ideal conduits for fraud. Because of their low cost, they escape the scrutiny often applied to billing for expensive medical equipment and surgeries. Medical supply companies are also easy for fraudsters to establish. One doesn’t need a medical license or any sort of expertise (beyond perpetrating fraud) to run one.

Even more alluring for fraudsters is that durable medical equipment (DME), a category that includes catheters, wheelchairs, crutches and walkers, and other health care items, is that Medicare generally pays about 80% of DME claims prescribed by a physician. The perfect pipeline for fraud, indeed.

China executes justice for cyber scam kingpins

A paramilitary-backed organized crime syndicate based in northern Myanmar made headlines in late September when a Chinese court sentenced 11 of its ringleaders to death. Supported and protected for years by Myanmar’s military government and tolerated by some Chinese officials, the scam network operated fraudulent cryptocurrency schemes, romance scams and illegal casinos while engaging in human trafficking.

At their peak, the Ming, Wei, Bai and Liu crime families established 300 heavily guarded, large-scale scam compounds in Myanmar’s Kokang region along the Chinese border. Over the span of a decade, they imprisoned tens of thousands of trafficking victims (many of them Chinese citizens) and forced them to work more than 12 hours per day without pay. Lured to the Myanmar-China border with the promise of high-paying jobs, victims were kidnapped. Once inside the Myanmar compounds, their captors locked them in cages if they disobeyed and beat or killed them if they resisted orders, failed to meet quotas or attempted to escape.

The enterprise was big business. Since 2015, the Ming family casinos and scam compounds alone generated $1.4 billion in illicit profits, according to the Chinese court that handed down the death sentences. High-profile gang members sentenced to death include Ming Guoping and Ming Zhenzhen, the son and granddaughter, respectively, of late clan leader Ming Xuechang. Myanmar turned over Guoping and Zhenzhen in 2023 to Chinese authorities, who then arrested them for running scam centers in the town of Laukkaing in the Kokang region. In addition to the 11 ringleaders sentenced to death, five others received death sentences with a two-year reprieve. Another 12 were sentenced to between five years and life for fraud, homicide, drug trafficking and other charges.

According to an investigation by The Washington Post, the scams sparked growing anger among hundreds of thousands of Chinese victims who lost their savings, as well as families of trafficked workers trapped in the compounds. China’s crackdown on Myanmar-based scam centers escalated after the Ming family resisted demands to shut down its lucrative operations tied to military-protected casino networks.

Tensions peaked in October 2023 when guards at a Ming-controlled compound opened fire on fleeing workers — possibly killing undercover Chinese officers — prompting Beijing to issue arrest warrants and publicly pressure Myanmar’s junta, the military group controlling the country. Frustrated by the regime’s inaction, China shifted from its usual border restraint to tacitly backing insurgent offensives by the Brotherhood Alliance, which framed its attacks as efforts to dismantle scam centers and weaken the military regime.

China’s intolerance of Myanmar’s illicit operations represents a shift in what had been a symbiotic relationship. The Washington Post revealed that as recently as May 2023 the Liu family was rubbing shoulders with top officials at a China-Myanmar border trade fair in the Myanmar capital, promoting “mutually beneficial cooperation.” Among the luminaries in attendance were China’s ambassador to Myanmar and the governor of Yunnan’s Lincang province in China.

China isn’t the only neighboring country attempting to quash scam compounds in Myanmar. Thailand has actively targeted scam compounds along the Myanmar-Thai border, particularly in Myawaddy (a town in southeastern Myanmar), and has taken a novel approach to remedying the problem. To cripple criminal operations, Thai authorities cut off utilities (electricity, gas and internet) at several compound locations. Following a scam center raid in February 2025, a Myanmar insurgent group delivered more than 260 rescued foreign nationals to Thai authorities. Despite these efforts, scam operators adapted by using satellite internet services, such as Starlink, allowing their crimes to persist.

Europol warns of AI-driven fraud after $540 million crypto ring takedown

Europol announced in June it had successfully dismantled a massive cryptocurrency investment fraud network that laundered approximately $540 million from more than 5,000 victims worldwide. Spain’s Guardia Civil, with support from law enforcement agencies in Estonia, France and the U.S., led the international crackdown, dubbed Operation Borrelli. Europol confirmed that the investigation began in 2023 and culminated in the arrest of five suspects on June 25, 2025 — three in the Canary Islands and two in Madrid.

According to Europol, the criminal syndicate operated through a global network of associates, using cash withdrawals, bank transfers and cryptocurrency transactions to funnel illicit funds. The scam followed a pattern known as “pig butchering” in which fraudsters build trust with victims over weeks or months, often via dating apps or friendly conversations, before persuading them to invest in fake crypto platforms. Fraudsters show victims fabricated trading dashboards and recite scripted conversations to maintain the illusion. Once deposits are made, funds are layered through multiple accounts, making them difficult to trace.

Investigators believe the group established a corporate and banking infrastructure in Hong Kong, routing stolen funds through a maze of payment gateways and accounts under different names and exchanges. This development came shortly after the U.S. Department of Justice filed a civil forfeiture complaint to recover more than $225 million linked to similar scams originating in Vietnam and the Philippines.

Europol described the scale, sophistication and reach of these schemes as “unprecedented,” warning that cyber-enabled fraud is poised to surpass traditional organized crime, especially with the growing use of generative artificial intelligence (AI) by transnational criminal groups. U.N. Office on Drugs and Crime analyst John Wojcik called the integration of AI into fraud operations “a powerful force multiplier for criminal activities” last year.

The expansion of cyber-enabled fraud goes beyond Europe. Interpol’s 2025 Africa Cyberthreat Assessment Report indicates that cybercrime now accounts for more than 30% of the continent’s reported crimes, including scams, ransomware, business email compromise and digital extortion. Alarmingly, 75% of countries surveyed in the report admit their legal frameworks and prosecution capabilities need improvement.

Criminals exploit legal gaps and fractured international laws, often using synthetic identities, or fake identities created by combining real information, such as a government identification number, with a fake name or address. Criminals use  the fabricated information to open accounts or rent banking access. They also recruit unwitting “money mules” to move funds illegally. 

ProPublica reported that Chinese-language Telegram groups are offering scammers the ability to rent U.S. bank accounts at major institutions such as Bank of America, Chase, Citibank and PNC. These accounts are then used to launder illicit proceeds. Telegram has begun removing some of these channels in response. Meanwhile, Meta disclosed that it has detected and removed more than 7 million Facebook accounts linked to scam operations in Asia and the Middle East since early 2024.

The ‘tuna bond’ case was a $2 billion whale of a scandal

It was a massive fraud case that tanked Mozambique’s economy in 2016, and, in 2025, a major figure in the scandal got his comeuppance. Mozambique’s former finance minister, Manuel Chang, was sentenced to more than eight years in prison for conspiring to commit wire fraud and money laundering for his role in bribing investors of a maritime project to develop the tuna-fish-rich waters off the coast of the southeast African country. Investors lost $2 billion in the scandal.

United Arab Emirates (UAE)-based shipbuilding firm, Privinvest Group, paid Chang $7 million in bribes in exchange for loans intended to improve Mozambique’s fishing industry and maritime security. Chang signed guarantees on the loans without permission from the Mozambican Parliament and helped Privinvest divert more than $200 million in loan proceeds.

The full scope of the scandal, known as the “tuna bond” affair, was revealed when Mozambique defaulted on its sovereign debt in 2016. With Chang’s involvement, between 2013 and 2016, Credit Suisse and an unidentified investment bank arranged for $2 billion in loans to go to companies owned by the Mozambican government. The government ended up borrowing approximately 12% of the country’s gross domestic product between 2013 and 2015. The government-owned companies defaulted on more than $700 million in repayments, and the maritime projects fell through. Donors, including the International Monetary Fund, also pulled support from Mozambique, causing the country’s currency to collapse.

Chang was arrested in South Africa while fleeing to the UAE in December 2018. In July 2023, he was extradited to the U.S. to be tried by the District Court in Brooklyn, New York, to prevent preferential treatment from political allies in his home country. After a four-week trial, he was sentenced to pay restitution to his victims and $7 million in forfeiture. In October 2021, Credit Suisse and its U.K. subsidiary admitted to defrauding U.S. and international investors in an $850 million loan deal and were ordered to pay $475 million to authorities in the U.S. and U.K. In December 2025, Swiss authorities filed charges against its largest bank, Credit Suisse, and it’s owner UBS, for “organisational deficiencies” that failed to prevent wrongdoing tied to the scandal.

The CEO approved a transaction; hackers hit the $1.5 billion crypto jackpot

In February 2025, Ben Zhou, CEO of the world’s second-largest crypto exchange, thought he was approving a routine transaction, but he unintentionally gave control of an account to North Korean hackers who stole $1.5 billion in cryptocurrency. The security hack is the largest on record and demonstrates the insidiousness of international cybercrime.

The hackers slipped through Dubai-based cryptocurrency exchange Bybit’s security by manipulating Safe, the free software storage service the crypto exchange was using. Hackers broke into the system, compromised a computer belonging to a Safe developer and planted malicious code to manipulate transactions. Then, they sent Zhou an invitation to approve a transfer to the CEO. Once he approved, the hackers took over the account.

Tracing the outflow of crypto transactions on the blockchain, analysts identified the hackers as the Lazarus Group, a North Korean government syndicate. They laundered the crypto by spreading it across many different online crypto wallets.

Bybit oversees $20 billion in customer deposits but didn’t have enough Ether — the digital currency stolen by the hackers — to cover the losses. The hackers withdrew approximately half of the currencies within hours, and Bybit quickly had to borrow from other firms and draw from corporate reserves. The hack caused the price of bitcoin to plunge 20%, the steepest drop since the collapse of FTX in 2022.

In 2024, North Korea stole $800 million in cryptocurrency. But, as blockchain intelligence firm TRM Labs posted about the 2025 Bybit attack on its website, the Lazurus Group was able to launder more than half of what it stole in 2024 in just six days over the course of February 2025. According to TRM, the speed with which the hackers moved such a large amount of crypto suggests that North Korea has greatly expanded its money-laundering infrastructure, presenting new challenges for investigators and cybersecurity experts.

Dishonorable mentions

With so many audacious schemes cooked up by fraudsters each year, it can be difficult narrowing down the list of frauds to just five. While the following cases might not be the most scandalous, we still think they deserve a dishonorable mention.

Chatbot crime spree

In August 2025, artificial intelligence (AI) firm Anthropic reported that its chatbot was used by a hacker to create a wave of cybercrime. The chatbot called Claude reportedly extorted 17 companies while on its crime spree.

The hacker allegedly prompted Claude to identify vulnerable companies and develop malware to steal sensitive data. The chatbot then organized and analyzed the stolen files for extortion purposes, assessed financial documents to calculate bitcoin demands, and drafted wording for ransom emails.

Extortion demands ranged from $75,000 to more than $500,000. A defense contractor, a financial institution and several health care providers were among the companies attacked. The hacker (and Claude) allegedly stole files related to sensitive defense information regulated by the U.S. State Department. According to intelligence experts, the hacker operated outside the U.S. over a period of three months.

From Forbes to federal prison

Charlie Javice, founder of student financial aid startup Frank, was sentenced to more than seven years in prison for defrauding JPMorgan Chase in its $175 million acquisition of her company. Prosecutors showed that Javice, who appeared in Forbes’ 2019 30 Under 30 list, fabricated records to make it appear that Frank had more than 4 million users. In reality, it had fewer than 300,000.

Frank’s software aimed to streamline the application process for student loans. The fraud occurred during JPMorgan’s purchase of Frank in 2021. Judge Alvin K. Hellerstein, who presided over Javice’s conviction in March 2025 of conspiracy, bank fraud and wire fraud, called it a “large fraud” and rejected the defense’s arguments for leniency. Javice expressed remorse in court, saying she will “spend [her] entire life regretting” her actions.

The no-tax lap dance

What do you get when you mix a New York state tax auditor and five gentlemen’s club executives who don’t want to pay taxes? You get a classic bribery scheme.

In September, the New York Attorney General’s office announced that it had charged executives of Houston, Texas-based RCI Hospitality Holdings, including its CEO, with bribing a New York tax official. RCI is a purveyor of more than 60 exotic dance clubs and sports bars across the U.S., including the famed Rick’s Cabaret. Tax official Alton Plunkett was allegedly awarded with free trips to RCI’s exotic dance clubs in Florida and New York, as well as private dances, all in exchange for favorable tax audits that allowed RCI to avoid paying more than $8 million in sales tax.

This bank goes above and beyond for its clients

In May, Swiss banking giant UBS agreed to pay $510 million in fines for its subsidiary Credit Suisse’s role in helping its U.S. clients evade more than $4 billion in taxes they owed to the IRS.

According to prosecutors, Credit Suisse helped its wealthy customers open and maintain undeclared offshore accounts and helped them conceal their assets from the U.S. government. The bank also faked records on behalf of its clients.

When UBS acquired Credit Suisse in 2023, it noticed numerous suspicious transactions and alerted the U.S. government. The U.S. Department of Justice spent several years investigating Credit Suisse, and it might not be done with the bank yet. Part of the deal between UBS and the U.S. government includes the bank’s cooperation in other investigations.

Anna Brahce is the assistant editor of Fraud Magazine. Contact her at abrahce@ACFE.com.

Crystal Zuzek is the associate editor of Fraud Magazine. Contact her at czuzek@ACFE.com.

Jennifer Liebman, CFE, is editor-in-chief of Fraud Magazine. Contact her at jliebman@ACFE.com.