Crypto Scam Recovery Guide

Immediately: stop the bleeding

The first hour is for preventing further loss, not recovering what is already gone.

• Stop all payments to the platform. If the scammer is still asking for "one more deposit to release your withdrawal" or "a tax payment to unlock the funds", that is part of the scam — no legitimate withdrawal has ever required an additional deposit.
• Contact your bank or card issuer if you funded the scam through a card or wire transfer. Request a chargeback if within the eligibility window (typically 120 days for cards, shorter for bank transfers). The sooner you report to your bank, the better your odds.
• Secure your existing accounts — change passwords on email, exchange accounts, banking, and any wallet where you hold remaining crypto. Enable two-factor authentication everywhere that offers it. If the scam involved remote access to your device (common in "investment manager" scams), treat the device as compromised and scan it from a clean device or reinstall the operating system.
• Cut all contact with the scammer. Do not engage with follow-up messages, do not threaten legal action in-message, and do not negotiate. Scammers who detect a victim is aware are a documented risk for retaliation via social engineering or doxxing attempts.

Preserve every piece of evidence

What you preserve in the first 48 hours is what you or a recovery professional will have to work with. Screenshots disappear, chat histories get deleted, wallet addresses get rotated. Copy everything before you do anything else.

• Screenshot every conversation with the scammer — full-screen, including timestamps and usernames. Export chat histories from WhatsApp, Telegram, Instagram, or wherever the contact took place.
• Save every transaction ID, wallet address, bank reference number, and date. For on-chain transactions, a block explorer link (e.g. etherscan.io, blockchain.com) is sufficient.
• Capture the scam platform itself — landing page URL, dashboard screenshots, "portfolio" screenshots, any login pages. If the site is still up, use a service like archive.today to create a permanent archived copy.
• Save any celebrity endorsement videos or ads that led you to the platform. Deepfake evidence is critical for both prosecution and platform takedowns.
• Write a timeline in plain language while the details are fresh — first contact, first deposit, escalating amounts, first withdrawal attempt, moment you realised something was wrong. This becomes the narrative for every report you file.

Reporting to authorities — by jurisdiction

Report to the police and national fraud agency in your country of residence. Reporting does not guarantee recovery — but it is the only path to official case numbers, which are often required for chargebacks, insurance claims, and any eventual civil action. Many jurisdictions now have dedicated cybercrime or financial-fraud units.

• United States — IC3.gov (FBI Internet Crime Complaint Center), ReportFraud.ftc.gov (Federal Trade Commission), and your state attorney general. For securities-related fraud, tips.sec.gov and cftc.gov/complaint.
• United Kingdom — Action Fraud (actionfraud.police.uk) and the Financial Conduct Authority (fca.org.uk/contact/report-scam-unauthorised-firm).
• European Union — Your national police fraud unit. In Germany, BaFin and your local Polizei. In France, Pharos (internet-signalement.gouv.fr) and AMF. In Italy, CONSOB and Polizia Postale.
• Australia — Scamwatch (scamwatch.gov.au), ReportCyber (cyber.gov.au/report), and ASIC (asic.gov.au/report-a-concern).
• Canada — Canadian Anti-Fraud Centre (antifraudcentre-centreantifraude.ca) and the RCMP.
• Other jurisdictions — Your national police cybercrime unit and financial regulator. Most countries now have an online reporting portal for financial fraud.

Recovery scams: avoid at all costs

Recovery scams target people who have just been scammed. They advertise heavily on the same platforms (social media, YouTube comments, Telegram, forums) and offer to recover your funds — for an upfront fee, or for "tax", "escrow", or "blockchain unlock" payments. They are almost always the same criminal networks behind the original scam, or closely adjacent ones working off the same leaked victim lists.

There is no legitimate recovery service that requires payment before work begins. There is no "blockchain unlock fee", "wallet freezing fee", or "government tax" that you can pay to release your crypto. There is no hacker who can "reverse the transaction" on Bitcoin or Ethereum — the chains do not work that way, and anyone claiming to offer this is lying.

• Red flag — Upfront fees, "tax" payments, "escrow" deposits, or any payment required before the service produces results.
• Red flag — Guarantees of recovery. No legitimate service guarantees recovery because no legitimate service has that power.
• Red flag — Contact through unsolicited direct message (DM), email, or phone call after your original loss — especially if the contact mentions specific details of your case that you did not make public.
• Red flag — "Partnerships" with recognisable authorities or companies (FBI, Interpol, banks) that cannot be verified by calling the authority directly.
• Red flag — High-pressure timelines, "limited-time offers", or any urgency to act before you can verify the service.
• Red flag — Requests for remote access to your device, your exchange accounts, or your existing wallets.

Legitimate paths to work through

Genuine routes to possible recovery are slower, unglamorous, and often partial — but they exist.

• Chargeback through your card issuer or bank, if within the eligibility window. This is the highest-probability recovery path for card-funded scams.
• Exchange account freezing — if the scammer's wallet is linked to a known custodial exchange, law enforcement can sometimes freeze funds before they move. Report early enough and with enough specificity for this to be possible.
• Civil action against the platform operator — only realistic if the operator is identifiable and within a jurisdiction that will enforce a judgment. Requires a lawyer and is typically cost-effective only above six-figure losses.
• Insurance — some crypto platforms, custodial wallets, and payment providers carry policies covering specific fraud scenarios. Check the terms of any platform through which the funds transited.
• Class action — for large scams with many victims, class-action suits are sometimes filed. These are typically organised by law firms specialising in financial fraud, not by individual victims.

What we can do

CryptoKiller is an investigation platform, not a recovery service. We do not offer to recover funds and we do not take fees from victims. What we do is investigate and publish the brand you lost funds to, so future victims are warned. Your submitted report — through /report — becomes part of the evidence base and materially increases the visibility of the scam.

If your case involves details that law enforcement or a regulator is already investigating, we will coordinate with them when appropriate. We do not share victim reports publicly without consent. Reporter identity is never disclosed.

Frequently Asked Questions