The P2P scams every merchant should know in 2026
Scale changes your risk. A casual P2P user might see one scam attempt a year. A merchant doing dozens of orders a day is fishing in the same pond as every fraudster in the market, every day. The good news: merchant-side P2P fraud is not creative. The same four patterns cause most losses. All four are documented by the exchanges themselves, and all four die against the same few habits.
The numbers say this deserves your attention. Chainalysis estimates around $17 billion was stolen through crypto scams and fraud in 2025, with AI-assisted scam operations roughly 4.5× more profitable than the old kind. Binance's own security reporting says it blocked $10.5 billion in risky funds and stopped nearly 23 million scam and phishing attempts between early 2025 and early 2026, including computer-vision checks built specifically for fake P2P payment screenshots. The platforms filter a lot. What gets through is aimed at you.
1. The fake payment proof
The oldest one. The buyer marks the order as paid and sends a screenshot of a bank transfer. The screenshot is edited, or simply generated. Then comes the pressure: "I've paid, please release, I'm in a hurry." Binance documents the pattern and the defense in its own words: check your actual account, not the image.
Rule: the screenshot is not money. You release when the funds are in your account, at the full amount, from the right name. Never sooner. There is no polite exception. The buyer's urgency is not your problem. In fact, urgency is usually the warning sign.
2. The SMS spoof
A version of #1. Instead of a screenshot, you get a text message that looks exactly like your bank's payment alert. Faking a sender name is easy, and Binance documents this pattern specifically. The defense is the same reflex: an SMS is not your balance. Log into the bank app itself, every time, no matter how real the message looks.
3. The chargeback
Here the payment is real. The buyer pays from an account they control (or stole) and receives your crypto. Then they dispute the transfer with their bank, claiming fraud or an unauthorized transaction. The bank reverses it. As Binance's guide puts it, a successful chargeback means you lose twice: the crypto you released and the money you thought you had.
The defenses: prefer payment methods that are hard to reverse in your market. Treat easily disputed methods as high-risk on the sell side. And keep the order receipt, the chat log and the buyer's identity for every trade. Reversals are fought with paperwork, and merchants who keep records win far more of those fights. This same paper trail is also what unfreezes your account when a bank flags you. For most merchants, that freeze risk is bigger than the scams themselves.
4. The triangulation
The nastiest one, because the payment is real and the payer is innocent. A scammer sells something fake online to a victim and gives the victim your bank details as "payment." At the same time, the scammer opens a P2P order with you. The victim's money lands in your account. The name does not match your buyer, and that is the point. You release the crypto to the scammer, and weeks later the victim's fraud report lands on your bank account. Binance documents two variants of it, including one where two orders share a single payment proof.
The kill switch: the payment sender's name must exactly match the buyer's verified name on the platform. Money from any third party, any name that is not the buyer's, goes back where it came from, and the order gets cancelled or appealed. No exceptions for "it's my brother's account."
The merchant's checklist
- Release only against your real bank balance. Never a screenshot, never an SMS.
- Name match, always: payment sender = verified buyer. Third-party money goes back.
- Keep everything: receipts, chats, the KYC status of the people you trade with. Records beat both chargebacks and bank freezes.
- Stay in the platform chat. Off-platform contact removes the referee, and it breaks the ad rules anyway.
- Choose your payment methods by how hard they are to reverse, not just by how popular they are.
- Never share your API keys or credentials with "helpers." If you automate, use keys that can only read the market and edit ads. A key with no withdrawal permission is a key that is not worth stealing.
One honest note, since we sell software in this market: a pricing bot does not protect you from scams. What it automates is your ad price. Releasing crypto stays a human decision, and these four patterns are exactly why. Automate the price war. Never automate the release button.