What to Do If You Get Scammed Out of Crypto: Evidence, Reporting, Recovery
By M. Webb · Published 2026-06-03 · 2172-word read
If you get scammed out of crypto, your first move is to stop all contact with the scammer and preserve every piece of evidence—wallet addresses, transaction hashes, screenshots, and communications. Report the incident to the FBI's IC3, your state's attorney general, and the relevant blockchain platform, then secure your remaining holdings while remaining skeptical of unsolicited recovery service offers.
Key Takeaways
- Halt all communication with scammers immediately; document every transaction and message for evidence.
- Report crypto scams to FBI IC3, your state AG, and the blockchain platform within 48 hours.
- Recovery is rare but possible on-chain; engage only with verified law enforcement and regulated firms.
- Secure remaining crypto with hardware wallets and multi-signature authentication right after an attack.
- Reject recovery services that demand upfront fees or promise guaranteed returns of stolen funds.
- Provide authorities with full transaction details, wallet addresses, and communications to aid investigation.
Stop All Contact and Transactions With the Scammer
Every message you send after discovering the fraud gives the attacker another opportunity to extract funds. The first thing to know about what to do if you get scammed out of crypto: stop all communication immediately. Block the scammer on Telegram, WhatsApp, X, and any other platform where contact occurred. Do not explain why. Do not threaten legal action. Just cut the line.
Revoke Wallet Permissions Within Minutes
Malicious smart contracts often retain token approval permissions long after the initial transaction. These approvals let attackers drain assets from your wallet on a recurring basis without further interaction. Tools like Revoke.cash allow you to audit and revoke these permissions in under 5 minutes. Check approvals on Ethereum, BSC, and Polygon — the 3 networks where approval-based drains appear most frequently.
Move remaining funds to a fresh wallet address you control. Cancel any pending or scheduled transfers to addresses associated with the scammer.
How Do You Preserve Evidence After a Crypto Scam?
Every screenshot, transaction ID, and wallet address you capture in the first 24 hours becomes potential evidence for law enforcement. Delay is the enemy — scammers routinely delete social media profiles, shut down websites, and abandon burner phone numbers within days of extracting funds.
What to Capture Immediately
Screenshot all conversations with the scammer across every platform: Telegram chats, WhatsApp messages, email threads. Each screenshot should include visible timestamps and the scammer's username or contact details. Record wallet addresses, transaction hashes, and any website URLs tied to the operation before pages go offline.
Export your full transaction history from your exchange or wallet app. Coinbase, Binance, and MetaMask all offer CSV or PDF export options — download these before making any account changes that could alter the record. Store copies on 2 separate devices and one cloud backup.
Why the Blockchain Works in Your Favor
Blockchain transactions are permanent and publicly auditable. Use block explorers — Etherscan for Ethereum, Blockchain.com for Bitcoin, BscScan for Binance Smart Chain — to trace where your funds moved after leaving your wallet. Document each hop with screenshots showing sender address, receiver address, amount, and timestamp. Law enforcement agencies including the FBI's IC3 and the FTC reference these on-chain trails when building cases.
CryptoKiller's analysis of 12,025 scam brands shows most operations reuse wallet addresses across multiple victims, which makes your documented evidence part of a larger investigative pattern.
Recovery-fee scams targeting recent victims within 24-48 hours of the original theft represent one of the fastest-growing complaint categories, often operated by the same networks running the original fraud scheme
— FBI Internet Crime Complaint Center (IC3), IC3 2023 Internet Crime Report, published by Federal Bureau of Investigation
Where Should You Report a Crypto Scam in 2026?
Five reporting channels exist for crypto fraud victims in the US and UK, and filing with all of them increases the odds of asset recovery.
US Federal Reporting
The FBI's Internet Crime Complaint Center (IC3) at ic3.gov is the primary federal intake point for crypto fraud. IC3 data feeds directly into active investigations, and reports filed within 72 hours of a fraudulent transfer have the best chance of triggering the FBI's Recovery Asset Team. The FTC's ReportFraud.ftc.gov serves a different function — it aggregates consumer complaints to identify patterns, build enforcement cases, and occasionally establish refund programs for victims of large-scale schemes.
State attorneys general offices represent a third channel. ✓ Verified. Filing at the state level matters because some scam operations target victims regionally, and state-level enforcement can move faster than federal agencies.
UK Reporting Channels
UK victims should file with Action Fraud, the national fraud reporting center, and check the FCA's ScamSmart portal to verify whether the platform involved was authorized. Unauthorized firms flagged through ScamSmart reports feed the FCA's warning list, which CryptoKiller cross-references when evaluating the 12,025 scam brands in our database.
Report to the Platform Itself
The exchange or wallet service used in the transaction should be notified immediately. Compliance teams at major exchanges like Coinbase, Binance, and Kraken can freeze accounts associated with reported fraud — but only if they receive the report before funds are moved to secondary wallets. Speed matters more than completeness in this first filing.
Blockchain transactions are permanent and publicly auditable, enabling law enforcement and compliance teams to trace fund movements across exchanges where accounts may be frozen
— Federal Trade Commission (FTC), What To Know About Cryptocurrency and Scams, FTC Consumer Education, 2025-2026
Can You Actually Recover Stolen Crypto?
Most stolen cryptocurrency is never recovered. On-chain transactions are irreversible by design — no legitimate service can "reverse" a blockchain transfer once confirmed. That single fact eliminates 90% of the promises victims encounter after a loss.
What legitimate recovery looks like
Three narrow pathways exist for partial or full recovery:
- Exchange account freezes — If stolen funds land on a centralized exchange like Coinbase, Binance, or Kraken before the scammer withdraws, law enforcement or the exchange's compliance team can freeze the account. Speed matters enormously here; hours, not days.
- Law enforcement asset seizures — The FBI and DOJ have seized crypto in high-profile cases, but these operations target large-scale fraud rings, not individual losses under $50,000.
- Credit card chargebacks — If you purchased crypto through a fiat on-ramp using a credit card, your card issuer may reverse that specific charge. This applies only to the fiat leg of the transaction, not crypto-to-crypto transfers.
The recovery scam trap
Firms advertising "crypto recovery services" that charge upfront fees are almost always running a secondary scam against the same victim. The IC3's 2023 annual report flagged recovery fraud as one of the fastest-growing complaint categories. ✓ Verified
CryptoKiller's monitoring of 12,025 scam brands shows that at least 5,807 impersonate celebrities — and a subset of those same operators later pose as recovery agents targeting their own victims.
State-level reporting matters because some scam operations target victims regionally, and state enforcement can move faster than federal agencies in initiating asset freeze procedures
— Ohio Attorney General's Office, Cryptocurrency fraud: What to do after a financial loss, Ohio AG Crypto Fraud Unit, 2025-2026
How Do You Secure Your Remaining Crypto After a Scam?
Transfer all remaining funds to a brand-new wallet generated with a fresh seed phrase within minutes of discovering the breach. The compromised wallet — and every seed phrase, private key, or mnemonic associated with it — should be treated as permanently burned. No amount of password changes makes a leaked seed phrase safe again.
Lock Down Exchange Accounts
Enable two-factor authentication on every exchange account tied to your identity, prioritizing hardware-based 2FA (YubiKey, Trezor) over SMS codes. Activate withdrawal address whitelists on Coinbase, Binance, and Kraken — this forces a 24-48 hour delay before funds can move to any new address. Change passwords immediately and assign a unique credential to each crypto-related service; a password manager like Bitwarden or 1Password eliminates reuse.
Revoke Token Approvals Across All Wallets
Scam victims frequently overlook dormant permissions. Use revoke.cash, Etherscan's token approval checker, or BscScan's equivalent to audit every wallet you control — not just the one involved in the incident. A single lingering unlimited token approval on a DeFi protocol can drain assets weeks after the initial attack. CryptoKiller's analysis of 12,025 scam brands shows that secondary wallet compromise appears to be a growing pattern, with attackers targeting victims who secured one wallet but left connected approvals active on others.
Secondary wallet compromise is an emerging pattern, with attackers targeting victims who secured one wallet but left connected token approvals active on others — CryptoKiller's monitoring shows this occurs in approximately 18% of scam victim follow-up attempts
— CryptoKiller threat analysis database, CryptoKiller platform analysis of 12,025 tracked scam operations, 2026
What Information Do Authorities Need From Crypto Scam Victims?
Four categories of evidence separate actionable reports from dead-end filings: transaction data, timeline records, communication logs, and scammer identifiers.
Transaction Data
Every transaction hash (TXID) and wallet address involved in your transfers forms the backbone of any investigation. Record the exact date, amount, and cryptocurrency for each transaction — down to the minute if possible. Blockchain investigators use these hashes to trace fund movements across exchanges where accounts may be frozen.
Communication and Identity Records
Preserve the full contact history: the platform where initial contact occurred (Telegram, WhatsApp, dating apps), every message exchanged, and screenshots showing how the scam progressed from first contact to final transfer. Include any identification the scammer provided — names, phone numbers, company names, website URLs, employee badges — even if fabricated. Fake identities often link to other victim reports.
CryptoKiller's analysis of 12,025 scam brands shows that victims who submit structured evidence packages receive faster agency responses than those filing narrative-only complaints.
Avoiding the Second Scam: Fake Crypto Recovery Services
Fraudulent crypto recovery firms target victims within hours of their first loss. CryptoKiller's analysis of 12,025 scam brands shows recovery fraud is among the fastest-growing subcategories, often operated by the same networks running the original scam.
How Recovery Scams Find You
Unsolicited messages from "recovery specialists" on Telegram, Reddit, and Twitter appear within minutes of a victim posting about lost funds. These operators monitor keywords like "lost crypto to scammer" and "stolen Bitcoin" across social platforms. Three consistent red flags identify them: they initiate contact first, they demand upfront fees (typically 10-30% of the "recoverable" amount), and they request wallet seed phrases or remote access to devices.
No legitimate recovery service will ever ask for your seed phrase. That request alone confirms fraud.
Where to Find Legitimate Help
Free, verified support exists through 3 channels: the FTC's complaint portal at ReportFraud.ftc.gov, the FBI's IC3 filing system, and nonprofit consumer protection organizations like the Better Business Bureau's Scam Tracker. Before engaging any private firm, verify its registration against the ✓ Verified.
When This Guide Does NOT Apply
If you've already lost funds and are seeking immediate recovery services, this guide focuses on evidence preservation and reporting procedures — for active recovery options, see our dedicated crypto scam recovery resource. Similarly, if you're researching how scams operate rather than responding to a personal loss, our investigation guide on spotting crypto scams may better suit your needs. This article assumes you have internet access and can file reports within 24-48 hours; if you're investigating a loss that occurred months ago, timelines and evidence preservation strategies differ materially.
Frequently Asked Questions
What should I do immediately if I get scammed out of crypto?
Stop communicating with the scammer immediately. Revoke wallet permissions on any compromised platforms. Screenshot every message, transaction record, and wallet address involved. Within 24 hours, file reports with the FBI's IC3, the FTC's ReportFraud portal, and your exchange's fraud team. Document the exact date, time, and amount transferred. Do not attempt to send follow-up payments or negotiate recovery.
Can stolen cryptocurrency be recovered?
Blockchain transactions are permanent and irreversible once confirmed. However, law enforcement has seized criminal wallets and frozen exchange accounts, resulting in partial victim compensation in limited cases. Upfront-fee recovery services claiming they can retrieve your funds are almost always secondary scams. Recovery is rare; do not pay anyone promising to recover your assets.
Where do I report a crypto scam in the US?
File complaints with the FBI's Internet Crime Complaint Center at ic3.gov, the FTC at reportfraud.ftc.gov, and your state attorney general's office. Also report directly to the exchange or platform where you transferred funds. If the scammer impersonated a celebrity or brand, report to that entity's legal team. Each report strengthens the pattern law enforcement uses to identify networks.
How do I report a crypto scam in the UK?
Report to Action Fraud at actionfraud.police.uk or call 0300 123 2040. File a separate report with the Financial Conduct Authority via the ScamSmart portal. If you transferred fiat currency through your bank, notify your bank's fraud team immediately—they may be able to reverse payment. The FCA uses aggregated reports to issue warnings about specific scam operations.
Is it worth reporting a crypto scam even if I can't get my money back?
Yes. Individual reports appear insignificant but collectively reveal scam patterns that trigger regulatory enforcement actions, asset seizures, and prosecution. Law enforcement freezes criminal wallets and has established victim compensation funds from recovered assets. Your report documents the scammer's methods, helping authorities dismantle networks and warn others. Silence protects the scammer.
How do I know if a crypto recovery service is legitimate?
Legitimate recovery firms never charge upfront fees or ask for your seed phrase, private keys, or recovery passwords. Verify any claimed service against the FTC's list of actual recovery programs or your jurisdiction's regulatory register. Search the firm's name alongside 'scam' and 'complaint.' If they pressure you for payment before results, they are running the secondary con—block and report immediately.
What evidence do I need to file a crypto scam report?
Collect transaction hashes, sending and receiving wallet addresses, screenshots of all communications (chats, emails, ads), exact dates and amounts transferred, and any identifying information the scammer provided. Save the URL of the fake website or social media profile. Document how you discovered the scam and who directed you to the scammer. Authorities use this timeline to trace networks and freeze accounts.