You can't fake blockchain transactions just like that because all nodes have to agree on transactions.
In theory you could do a 51% attack on the smaller blockchains. But 51% attacks are not very profitable for criminals because there will always follow a liquidity crash and they are very expensive and hard to perform.
Cyber criminals will rather try to steal crypto from people instead of attacking the blockchain itself. Because they are trying to take the path of the least resistance with highest payout. You would be surprised how much people don't have 2fa authentication turned on and use the same password for different type of accounts. On the darkweb you can buy huge password lists of accounts that have been previously breached. There are specialized botnets in existence that can empty accounts on exchanges like this.
You can use this site to see if you have ever been hacked: https://haveibeenpwned.com/
Being hacked on an exchange can easily been prevent by using different passwords for all your accounts and always turn 2FA on. (Don't use SMS based 2FA)
Another great way cyber criminals use to steal crypto is with ransomeware. Or more common things like phishing for example.
That makes much more sense than trying to fake transactions on a blockchain.
It depends on what you mean exactly. One thing that's possible with Bitcoin is sending a transaction to the network, and when this isn't mined immediately, replacing it with another transaction using the same output (basically the same coins), which has a higher transaction fee.
This a feature called Replace-by-fee (RBF) which wasn't specified in the original Bitcoin protocol, although it wasn't impossible either. It was developed to deal with congestion caused by the blocksize limit. When your transaction isn't mined, you don't have to wait until it's mined during a quiet period or finally rejected after a few weeks - you can look at the fees for transactions that are currently accepted and send a new transaction with a fee just above that level. Wallets might do this automatically.
But RBF could be abused when merchants accept unconfirmed transactions. A scammer could replace the unconfirmed transaction paying the merchant with a payment to his own address. A related trick is Child pays for parent (CPFP), where you pay a higher fee for a transaction that depends on the pending transaction.
For this reason, RBF and CPFP are not implemented in Bitcoin Cash (BCH). Bitcoin Cash is meant to be used for payments, including small retail payments. When you buy a cup of coffee, you don't have the time to wait for a transaction to be confirmed in one or more blocks, so merchants will accept unconfirmed transactions for these payments. Those could still be replaced when you're unlucky, but it's considered an acceptable risk, like accepting banknotes that could be fake, checks that could bounce or credit card payments that could be reversed.