Cryptocurrency has transformed financial transactions and online interactions, but it has also created new avenues for cybercrime. This study examines factors influencing susceptibility to crypto-enabled (ransomware, DDoS) and crypto-dependent (crypto-fraud, crypto-cyberattack) crimes using a nationally representative U.S. sample of 406 adults, guided by routine activities theory. In particular, the study investigates the major risk factors associated with different types of cybercrime victimization and examines whether these factors vary across crime types. Results show that password change frequency was the only consistent capable guardianship factor, predicting increased victimization risk across all crimes. Online gaming was a consistent motivated offender factor, linked to higher risk of ransomware, DDoS, and crypto-fraud. Frequent social media use lowered ransomware risk. Prior IT work experience, privacy scores, technology comfort scores, online banking, and online shopping were significant suitable target indicators. Findings highlight the need to improve digital literacy and promote proactive security behaviors to reduce cybercrime vulnerability.
AbhishtaA.van HeeswijkW.JungerM.NieuwenhuisL. J.JoostenR. (2020). Why would we get attacked? An analysis of attacker's aims behind DDoS attacks. Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications, 11(2), 3–22.
2.
AkdemirN.LawlessC. J. (2020). Exploring the human factor in cyber-enabled and cyber-dependent crime victimisation: A lifestyle routine activities approach. Internet Research, 30(6), 1665–1687. https://doi.org/10.1108/INTR-10-2019-0400
3.
AllisonP. D. (2009). Missing data. In MillsapR. E.Maydeu-OlivaresA. (Eds.), The SAGE handbook of quantitative methods in psychology (pp. 72–89). Sage Publications Ltd.
4.
AlqahtaniA.SheldonF. T. (2022). A survey of crypto ransomware attack detection methodologies: An evolving outlook. Sensors, 22(5), 1837.
5.
BallardM. E.WelchK. M. (2017). Virtual warfare: Cyberbullying and cyber-victimization in MMOG play. Games and Culture, 12(5), 466–491.
6.
BentovI.LeeC.MizrahiA.RosenfeldM. (2014). Proof of activity: Extending bitcoin's proof of work via proof of stake. ACM SIGMETRICS Performance Evaluation Review, 42(3), 34–37.
7.
BergmannM. C.DreißigackerA.von SkarczinskiB.WollingerG. R. (2018). Cyber-dependent crime victimization: The same risk for everyone?Cyberpsychology, Behavior and Social Networking, 21(2), 84–90. https://doi.org/10.1089/cyber.2016.0727
BöhmeR.ChristinN.EdelmanB.MooreT. (2015). Bitcoin: Economics, technology, and governance. Journal of Economic Perspectives, 29(2), 213–238.
10.
BosslerA. M.HoltT. J. (2009). On-line activities, guardianship, and malware infection: An examination of routine activities theory. Deviant Behavior, 30(1), 974–2891.
11.
BrennerS. W. (2007). Cybercrime: Re-thinking crime control strategies. In JewkesY. (Ed.), Crime online. Willan.
12.
BrooksR. R.YuL.OzcelikI.OakleyJ.TusingN. (2021). Distributed denial of service (DDoS): A history. IEEE Annals of the History of Computing, 44(2), 44–54.
13.
ChangF. C.ChiuC. H.MiaoN. F.ChenP. H.LeeC. M.HuangT. F.PanY. C. (2015). Online gaming and risks predict cyberbullying perpetration and victimization in adolescents. International Journal of Public Health, 60, 257–266.
14.
ChoiK.LeeC. S.MerizaldeJ. (2023). Spreading viruses and malicious codes. In HumerD.ByrneJ. M. (Eds.), Handbook on crime and technology (pp. 232–250). Edward Elgar Publishing.
15.
ChoiK.ScottT.LeClairD. (2016). Ransomware against police: Diagnosis of risk factors via application of cyber-routine activities theory. International Journal of Forensic Science & Pathology, 4(7), 253–258. https://vc.bridgew.edu/crim_fac/29
16.
CohenL.FelsonM. (1979). Social change and crime rate trends: A routine activity approach. American Sociological Review, 44(4), 588–608.
17.
CongW.HarveyC.RabettiD.WuZ.-Y. (2025). An anatomy of crypto-enabled cybercrimes. Management Science, 71(4), 3622–3633. https://doi.org/10.1287/mnsc.2023.03691
18.
ConnollyL. Y.WallD. S. (2019). The rise of crypto-ransomware in a changing cybercrime landscape: Taxonomising countermeasures. Computers & Security, 87, Article 101568.
19.
ContiM.GangwalA.RujS. (2018). On the economic significance of ransomware campaigns: A Bitcoin transactions perspective. Computers & Security, 79, 162–189.
20.
DouligerisC.MitrokotsaA. (2004). DDoS attacks and defense mechanisms: Classification and state-of-the-art. Computer Networks, 44(5), 643–666.
21.
EngleT. A.MaherC. A.JonesM. (2025). Afraid of the unknown: Crypto literacy and fear of online fraud. Journal of Economic Criminology, 7, Article 100135. https://doi.org/10.1016/j.jeconc.2025.100135
FBI Internet Crime Compliant Center. (2023). Cryptocurrency fraud report.
24.
FelsonM.CohenL. E. (1980). Human ecology and crime: A routine activity approach. Human Ecology, 8(4), 389–406.
25.
GarbaK. H.LazarusS.ButtonM. (2026). An assessment of convicted cryptocurrency fraudsters. Current Issues in Criminal Justice, 38, 164–180.
26.
GomezG.Van LiebergenK.CaballeroJ. (2023, November26–30). Cybercrime bitcoin revenue estimations: Quantifying the impact of methodology and coverage [Conference session]. CCS ’23, Copenhagen, Denmark.
27.
GopinathS.OlmstedA. (2022). Mitigating the effects of ransomware attacks on healthcare systems. arXiv:2202.06108. https://arxiv.org/abs/2202.06108
28.
HoltT. J.van WilsemJ.van de WeijerS.LeukfeldtR. (2020). Testing an integrated self-control and routine activities framework to examine malware infection victimization. Social Science Computer Review, 38(2), 187–206.
29.
HoltfreterK.ReisigM. D.Leeper PiqueroN.PiqueroA. R. (2010). Low self-control and fraud: Offending, victimization, and their overlap. Criminal Justice and Behavior, 37(2), 188–203.
30.
HuangD. Y.AliapouliosM. M.LiV. G.InvernizziL.BurszteinE.McRobertsK.LevinJ.LevchenkoK.SnoerenA. C.McCoyD. (2018, May20–24). Tracking ransomware end-to-end. The 39th 2018 IEEE Symposium on Security and Privacy, San Francisco, CA, USA, (pp. 618–631).
31.
JamesG.WittenD.HastieT.TibshiraniR. (2013). An introduction to statistical learning: With applications in R (Vol. 103). Springer.
32.
JansenJ.LeukfeldtR. (2016). Phishing and malware attacks on online banking customers in the Netherlands: A qualitative analysis of factors leading to victimization. International Journal of Cyber Criminology, 10(1), 79–91.
33.
JungerM.MontoyaL.HartelP.HeydariM. (2017, June19–20). Towards the normalization of cybercrime victimization: A routine activities analysis of cybercrime in Europe [Paper presentation]. International conference on cyber situational awareness, data analytics and assessment (CyberSA 2017), London, UK (p. 8).
KapoorA.GuptaA.GuptaR.TanwarS.SharmaG.DavidsonI. E. (2022). Ransomware detection, avoidance, and mitigation scheme: A review and future directions. Sustainability, 14(1), 8.
36.
KaurG.BondeU.PiseK. L.YewaleS.AgrawalP.ShobhaneP.Maheshwaris.PinjarkarL.GangardeR. (2024). Social media in the digital age: A comprehensive review of impacts, challenges and cybercrime. Engineering Proceedings, 62(1), 6.
37.
KrishnanL. P.VakiliniaI.ReddivariS.AhujaS. (2024, April29–30). Analyzing cryptocurrency social media for price forecasting and scam detection [Conference session]. 2024 12th International Symposium on Digital Forensics and Security (ISDFS) (pp. 1–6), San Antonio, United States. IEEE.
38.
KristiansenS.JensenA. V. (2023). Victimization in online gaming-related trade scams: A study among young Danes. Nordic Journal of Criminology, 24(2), 1–17.
39.
LeeC. S.ChuaY. T. (2023). The role of cybersecurity knowledge and awareness in cybersecurity intention and behavior in the United States. Crime & Delinquency, 70(9), 2250–2277.
40.
LeukfeldtE. R.KleemansE. R.StolW. P. (2017). A typology of cybercriminal networks: From low-tech all-rounders to high-tech specialists. Crime, Law and Social Change, 67(1), 21–37. https://doi.org/10.1007/s10611-016-9662-2
41.
MadarieR.Weulen KranenbargM.de PootC. (2025). Cybersecurity expert perspectives on data thieves’ actions in digital environments: Potential refinements for routine activity theory. Deviant Behavior. Advance online publication. https://doi.org/10.1080/01639625.2025.2453440
MarcumC. D. (2008). Identifying potential factors of adolescent online victimization for high school seniors. International Journal of Cyber Criminology, 2(2), 346.
44.
MarttilaE.KoivulaA.RäsänenP. (2021). Cybercrime victimization and problematic social media use: Findings from a nationally representative panel study. American Journal of Criminal Justice, 46(6), 862–881.
45.
MikkolaM.OksanenA.KaakinenM.MillerB. L.SavolainenI.SirolaA.ZychI.PaekH.-J. (2024). Situational and individual risk factors for cybercrime victimization in a cross-national context. International Journal of Offender Therapy and Comparative Criminology, 68(5), 449–467. https://doi.org/10.1177/0306624X20981041
46.
MittalM.KumarK.BehalS. (2023). Deep learning approaches for detecting DDoS attacks: A systematic review. Soft Computing, 27(18), 13039–13075.
47.
MudassirK.HaqueS. (2017). Cyber security and ethics on social media. Journal of Modern Developments in Applied Engineering & Technology Research, 1(2), 51–58.
48.
NäsiM.DanielssonP.KaakinenM. (2023). Cybercrime victimisation and polyvictimisation in Finland—Prevalence and risk factors. European Journal on Criminal Policy and Research, 29(2), 283–301.
49.
NazarioJ. (2009). Politically motivated denial of service attacks. In CzosseckC.GeersK. (Eds.), The virtual battlefield: Perspectives on cyber warfare (pp. 163–181). IOS Press.
50.
NunnallyJ. C. (1978). Psychometric theory (2d ed.). McGraw-Hill.
51.
PalanisamyR.NormanA. A.KiahM. L. M. (2022). BYOD policy compliance: Risks and strategies in organizations. Journal of Computer Information Systems, 62(1), 61–72.
52.
Paquet-CloustonM.HaslhoferB.DupontB. (2019). Ransomware payments in the bitcoin ecosystem. Journal of Cybersecurity, 5(1), tyz003. https://doi.org/10.1093/cybsec/tyz003
53.
SafarinaN.HalimahL. (2019). Self-control and online game addiction in early adult gamers. Journal of Physics: Conference Series, 1375(1), 012094.
54.
TrozzeA.KampsJ.AkartunaE. A.HetzelF. J.KleinbergB.DaviesT.JohnsonS. D. (2022). Cryptocurrencies and future financial crime. Crime Science, 11(1), 1.
55.
UmarM. (2025). The impact of cyber-attacks on different dimensions of cryptocurrency markets. Technology in Society, 81, Article 102865.
56.
United States Census Bureau. (2023). 2021 ACS 1-year estimates.
57.
Van OuytselJ.PonnetK.WalraveM. (2018). Cyber dating abuse victimization among secondary school students from a lifestyle-routine activities theory perspective. Journal of Interpersonal Violence, 33(17), 2767–2776.
58.
Van’t Hoff-de GoedeM. S.Van de WeijerS.LeukfeldtR. (2024). Explaining cybercrime victimization using a longitudinal population-based survey experiment. Are personal characteristics, online routine activities, and actual self-protective online behavior related to future cybercrime victimization?Journal of Crime and Justice, 47(4), 472–491.
59.
WangA.ChangW.ChenS.MohaisenA. (2018). Delving into internet DDoS attacks by botnets: Characterization and analysis. IEEE/ACM Transactions on Networking, 26(6), 2843–2855.
60.
YuanY.WangF. Y. (2018). Blockchain and cryptocurrencies: Model, techniques, and applications. IEEE Transactions on Systems, Man, and Cybernetics: Systems, 48(9), 1421–1428.
