Former FBI agent Stephanie Talamantez talks crypto defense

Stephanie Talamantez, former FBI Special Agent and now Senior Managing Director at Guidepost Solutions, has spent over a decade at the intersection of law enforcement and financial fraud.

Having led investigations that resulted in more than $350 million in asset forfeitures and now helping recover over $450 million in stolen digital assets, she brings a rare perspective to the fast-evolving digital asset landscape.

In this Q&A, Talamantez shares her insights on the latest crypto fraud trends, how illicit funds are traced across blockchains, compliance gaps she sees in the industry, and what companies and institutions must do to protect themselves — balancing innovation with risk mitigation in a global, decentralized financial ecosystem.

You spent years at the FBI leading crypto and financial fraud investigations. How did your experience there shape your approach to digital asset risk and compliance today?

Talamantez: The expertise I acquired and built during my tenure at the FBI has been foundational to how I view and evaluate digital asset risk and compliance today. Having spent years leading cryptocurrency and financial-fraud investigations, I have a unique vantage-point, and I’ve seen both sides of the digital asset ecosystem. I’ve witnessed how these technologies can be exploited as vehicles for fraud, but I’ve also seen their importance and the legitimate utility and the real innovation they enable.

I began investigating cryptocurrency related crimes in 2014. I was there on the ground floor, which gave me a front-row seat to the evolution of the digital asset space. I witnessed not only the innovation, rapid expansion, and development of groundbreaking technology, but also the parallel creation and use of these technologies to obfuscate criminal proceeds and activities, and I’ve witnessed their role in facilitating the victimization of others. That perspective allows me to identify risks that others may overlook. The experience I gained at the FBI enabled me to spot vulnerabilities and patterns that aren’t always obvious from the outside.

While compliance in the digital-asset space is still evolving, there are foundational principles that can help companies navigate global regulatory expectations. Some standards are universal, even if they haven’t always been applied consistently in crypto. It is possible to preserve innovation and decentralization while ensuring that platforms aren’t used for fraud, victimization, or money laundering. Nothing will ever be 100% effective against combatting determined bad actors, but thoughtful controls and risk-focused approaches can significantly limit how they operate.

What are the most prevalent types of crypto-related fraud you’re seeing right now, and how have they evolved over the past few years?

Talamantez: In recent years, social engineering-based frauds and scams have surged. Beyond the many variations of pig-butchering schemes, which can range from romance-based manipulation to fraudulent investment opportunities, there has been a significant rise in other forms of social-engineering scams targeting digital-asset holders. Bad actors often leverage information gathered from a person’s online presence, data breaches, or other points of vulnerability to convincingly engage with victims.

Armed with enough personal details, these criminals can make victims believe they are speaking with customer support or someone who legitimately has access to their accounts. This deception either grants the bad actors with direct access to the victims’ accounts, enabling them to transfer the crypto themselves, or leads victims to unknowingly move their assets under the guise of “securing” them, when in reality they are facilitating their own theft.

These schemes have become so sophisticated that even highly knowledgeable and financially savvy individuals have fallen victim.

Can you walk us through how investigators trace illicit funds across blockchains, and what tools or methodologies have proven most effective?

Talamantez: Tracing is both an art and a science, especially when it comes to chain hopping, decentralized exchanges, bridges, and other asset swapping platforms. There are various blockchain explorers, as well as commercially available tools that can help analyze and track illicit funds. However, effective tracing often requires using multiple methods and data points. Some bridges and swapping platforms have their own internal explorers, but investigators need to know how to use them effectively.

Certain explorers will even list all hot wallets associated with a DeFi exchange, allowing you to trace transactions through the platform by aligning USD values and timestamps of the swaps. This is why it is critical for investigators to constantly update the tools they rely on and remain flexible in each analytic approach.

On-chain analytics does not have a one-size-fits-all solution.  Different schemes will often appear different on-chain, so understanding what you’re looking at, what patterns to look for, and which analytical tools or techniques to apply is critical to successfully tracing illicit activity across blockchain environments.

What are the most common gaps you encounter in digital asset compliance programs, and how can institutions address them before they become regulatory or financial risks?

Talamantez: The digital asset industry has often been hesitant to adopt the same compliance standards applied in traditional banking. Yet, because digital assets inevitably interact with banks or correspondent banks, these institutions remain subject to established regulatory requirements. Common gaps typically appear in Know Your Customer/Anti-Money Laundering (KYC/AML) procedures and transaction monitoring.

Many decentralized platforms lack robust controls, and financial institutions may not have the tools or resources to fully trace transactions and ensure that funds fall within the regulatory guidelines and within their internal risk appetite. This can reduce a bank’s willingness to engage in a partnership or onboard digital assets. Additionally, many digital asset companies are taking a “wait and see” approach due to the shifting regulatory landscape over the past few years. This could potentially lead to vulnerabilities for these companies down the road.

Given that crypto is inherently global, how do cross-border investigations and recoveries typically work, and what are the biggest challenges?

Talamantez: Cryptocurrency related frauds are without question a global issue. Investigations often span multiple continents, and achieving a successful outcome requires international collaboration. Digital assets move quickly, making reliance on the traditional treaty processes (MLATs), impractical. While many digital asset exchanges will comply with international subpoenas, they do not always honor third-party requests, meaning law enforcement must be involved. Some exchanges may temporarily freeze assets if notified of their connection to fraud, but law enforcement must lead any recovery efforts.

When it comes to digital asset recovery, strong collaborative efforts between the public and private sectors are critical. Recent large-scale seizures tied to major fraud schemes have shown just how effective these partnerships can be. One of the biggest challenges we are currently facing in recovery efforts is lack of resources. Digital asset fraud schemes have expanded rapidly over the past few years, and law enforcement simply does not have the capacity to pursue all these cases. This can leave many victims without meaningful avenues for recourse. Private firms like Guidepost Solutions can help bridge that gap by tracing funds and supporting efforts to freeze assets, but the actual return of those assets ultimately requires law-enforcement action.

Heading into 2026, what key regulatory priorities or changes should crypto firms and financial institutions be preparing for?

Talamantez: Over the past year, regulatory attention has been heavily focused on stablecoins, leaving much of the broader digital asset space in a gray area. While there has been a clear shift away from enforcement-driven regulation, that approach could shift again in a few years. I expect that in 2026, the regulatory focus will remain once again on stablecoins. The GENIUS Act outlined a framework for stablecoins, with an effective date 18 months after its signing, which will land in early 2027. As a result, 2026 will largely center on preparing for and implementing those rules. Meanwhile, other regulatory guidance has appeared to stall, and is not expected to regain traction in 2026, posing challenges for sectors outside the stablecoin ecosystem.

In their role, financial institutions should be preparing their infrastructure to start accepting and/or doing business with entities that accept stablecoins. They should be establishing a new risk matrix and beefing up their KYT in preparation for the 2027 implementation.

Guidepost has helped recover hundreds of millions in stolen digital assets. Are there particular cases or lessons that illustrate the importance of proactive fraud prevention?

Talamantez: Fraud prevention is critical, especially if you hold crypto assets. Changing passwords and securing any cloud-based data is essential. Technology is great; until it isn’t. The fear of one losing their digital assets has created the perfect environment for social engineering attacks. That anxiety causes people to act quickly, which is exactly what bad actors are counting on.  When these fraudsters contact unsuspecting victims, they are often so convincing and knowledgeable that they can override a victim’s initial hesitation. It’s usually only hours or even a day later, once the adrenaline fades and the situation is re-evaluated, that victims realize something was off, and that they may have been victimized. Unfortunately, by then, it is already too late.

In addition to proactive fraud-prevention measures, the most important advice I can give is: Pause before you act. Hang up, step back, and take a moment to reassess the situation. Avoid clicking on links from unsolicited messages or emails, and if you need to verify something, contact the company using a known, trusted number. Giving yourself a few moments to pause can make all the difference in preventing fraud.

For companies entering the digital asset space, what are the top strategies or practices you recommend to safeguard against fraud and regulatory risk?

Talamantez: Regulatory risk can be minimized by establishing a strong compliance framework from the onset. Once the framework is in place, consider engaging a third party to stress-test and evaluate its effectiveness, while continuously reviewing and updating company policies and guardrails to ensure they remain effective and aligned with evolving regulations.

Training is essential because, at the corporate level, most fraud incidents are driven less by technology or infrastructure gaps and more by human factors. Employees can inadvertently become the weakest link by clicking on phishing links, sharing sensitive information, falling for social-engineering schemes, or using their company email and password to sign up on other sites that may be exposed to data breaches, allowing their credential pairs to fall into the wrong hands.