#42: OpenAI CEO warns AI fraud crisis is coming, ghost-tapping, Block joins the S&P 500
From ghost taps to a growing storm, this week was full of chatter and concern about where fraud is headed. OpenAI’s CEO says the AI-fraud crisis is nearly here. A new wallet-draining scam highlights just how clever and patient criminals can be. And Block joins the S&P 500, pushing stablecoins and alt payments further into the mainstream spotlight.
Let’s get into it.
NATE'S TAKE - JULY 29, 2025
Top Three This Week
- “Very Soon”: Sam Altman sounds the alarm on AI fraud
- Ghost tapping: A wallet-draining scam gets creepier and harder to catch
- Block joins the S&P 500 and sends a signal
1. “Very Soon”: Sam Altman sounds the alarm on AI fraud
Sam Altman made headlines this week for a striking statement: “We are likely to face a pretty big misuse problem [with AI] very soon,” and “societal misalignment...in the not-too-distant future.” The OpenAI CEO has often spoken about AI’s risks in broad terms, but this week’s comments were sharp, specific, and widely shared.
In particular, he called out fraud, identity theft, and deceptive scams as top concerns, warning that synthetic voices and deepfakes could collapse trust in online interactions and give bad actors unprecedented tools.
This isn’t hypothetical. We’ve already seen phishing kits using AI-generated support agents, bots capable of real-time conversation, and “fraud as a service” offerings get smarter and more scalable. Altman’s comments are a reminder that the tools are getting cheaper, the barriers are dropping, and the urgency to adapt is rising.
If trust breaks down at the customer interaction level, the fallout hits everyone, from support teams to risk ops to brand safety. It's time to take synthetic fraud as seriously as account takeover.
2. Ghost tapping: A wallet-draining scam gets creepier and harder to catch
A blog from Gareth Owain-Elms made waves on LinkedIn last week for highlighting a new tactic: ghost tapping. In these scams, victims unknowingly approve a crypto wallet connection to a malicious dApp or website. Once approved, attackers don’t drain the wallet all at once. Instead, they sell access to other fraudsters who are instructed to make small, spread-out purchases to avoid detection.
It's a clever evolution: one compromise creates an entire revenue stream for multiple fraud actors, operating in a slow, low-friction way that mimics normal user behavior.
Low-and-slow fraud isn't new, but monetizing access this way makes it even harder to detect through volume or velocity. It’s a perfect example of how modern scams mimic real users and abuse legitimate flows.
In fraud terms, think session replay + distributed abuse + clean user behavior. Combating this requires granular visibility into user journeys and behavioral context. The signals are there, you just need to know where to look.
3. Block joins the S&P 500 and sends a signal
Block (Cash App’s parent company) officially joined the S&P 500 last week, alongside other financial heavyweights. On the same day, they announced that Apple’s Tap to Pay is now live for Cash App merchants, adding more fuel to their payments strategy. But the inclusion in the S&P 500 may be the bigger deal: it legitimizes the company’s stablecoin payments push and signals that “alt” rails are going mainstream.
This comes just weeks after Coinbase (also in the S&P 500) launched its stablecoin product with Shopify. Together, these moves reflect a growing shift: stablecoins are gaining institutional acceptance just as more merchants are questioning card networks’ power over fees, policy, and even content moderation.
Stablecoins and real-time payments don’t just disrupt rails, they change fraud vectors. Chargebacks don’t exist. Recourse is limited. Onchain transparency offers signal, but also risk.
If these rails grow, fraud teams will need to rethink detection, recovery, and even UX assumptions. The systems built for cards won’t apply cleanly here, and that change is coming faster than many expect.
===
That’s all for this week! For more insights, follow us on LinkedIn or X, and if you want to learn more about what we do, visit www.specprotected.com.
Ready to get started with Spec?
Nate Kharrl, CEO and co-founder at Spec, has built leading solutions for application security and fraud challenges since the early days of the cloud era. Drawing from his cyber experience at Akamai, ThreatMetrix, and eBay, Nate helped found Spec to focus on the needs of businesses operating in a landscape of increasing AI risks. Under Nate’s leadership, Spec grew from its mid-pandemic founding to raise $30M in venture-backed funding to build solutions used by Fortune 500 companies transacting billions in online commerce. Spec’s service offerings today include protective measures for websites and APIs that specialize in defending against attacks designed to bypass bot defenses and risk assessment platforms.
Frequently Asked Questions
“With Spec, we can mitigate fraudulent activity, protect our revenue, and create a better user experience so that Indiegogo can remain a trusted crowdsourcing platform.”
Payments Manager
