Crypto recovery scam

Recovery scams target people who have already lost money to a previous scam — usually crypto, sometimes wire fraud or romance. The "recovery agent" claims to be a blockchain investigator, an asset-recovery firm with FBI contacts, a "certified fraud examiner," or even a government employee.

They offer to recover the lost funds for an upfront fee, a "tracing retainer," or a percentage of the recovery. They never recover anything. Once you pay, they invent new fees — release fees, customs charges, anti-money-laundering compliance — until you stop paying.

The FTC has explicitly warned that no legitimate party recovers crypto by charging an upfront fee. If anyone reaches out to you offering this, especially after you've publicly posted about a loss, that pitch is the scam.

The agent reaches out within days or weeks of you posting about a loss in:

• a Reddit thread (r/cryptoscams, r/scams, r/btc),
• a Telegram or Discord support channel,
• a comment on a YouTube video about scams,
• or an IC3 / FTC complaint that somehow got leaked or scraped.

A typical opener:

"Hi, I came across your post about your loss to [scam name]. My name is [first name + clean Anglo surname] and I work with a blockchain forensics firm contracted by the FBI. We've successfully recovered over $40M for victims of pig-butchering scams. I traced your transactions and identified the destination wallet. We can begin the recovery process today. The retainer is $500 in USDT and our commission is 15% on what we recover. Time is critical — the funds will be moved through a mixer in 48 hours."

The specifics rotate. The structure does not.

• They contacted you — you did not contact them.
• They promise recovery, especially with a specific dollar amount or success rate.
• They want payment upfront, often in crypto or wire.
• They claim to know which exchange holds your funds without seeing your transaction IDs.
• They impersonate a real agency or firm. Real federal agencies do not cold-DM victims.
• They reference a deadline ("the funds move to a mixer in 48 hours") that creates urgency.
• They ask for your wallet seed phrase, exchange login, or remote-screen access "to investigate."

• Fake law-enforcement contact. Someone claiming to be FBI / IC3 / Secret Service offers to "process your recovery" if you pay a fee.
• Fake exchange compliance team. "Your stolen funds were located at Binance. Pay the AML release fee and we'll send them back."
• Fake recovery firm with a real-looking website. Often reuses logos of legitimate forensics firms (Chainalysis, TRM Labs). The real firms do not work consumer-direct.
• Lawyer / paralegal pitch. "I'm an attorney representing victims of [scam name]. Pay the retainer and join the class action." The class action does not exist.
• TikTok / YouTube influencer recommendation. A "thank-you testimonial" channel promotes a recovery service in comments under scam-loss videos.

1. Treat any upfront fee as the definitional red flag. No legitimate recovery service collects payment before recovery.
2. Look up the firm independently. Search "[firm name] scam" or "[firm name] complaints." Search the address, the phone number, the names on the team page.
3. Verify a "blockchain trace" yourself. The blockchain is public — anyone with the transaction hash can trace it. The agent has no exclusive view.
4. If they claim to work for an agency, hang up and call the agency directly using a number from its official .gov website. Federal agents do not contact victims via WhatsApp.
5. Never share your seed phrase, exchange login, or screen-sharing access. A legitimate investigator does not need them.

• Stop communicating immediately. They will pitch a second "release fee" — do not pay it.
• Report the recovery scam itself to the FTC and IC3. Note that this is a second incident layered on top of the original loss.
• If you used a credit card for the fee, contact the issuer and dispute the charge. Credit cards have better chargeback windows than wires.
• If you sent crypto, report the destination wallet address to the exchange you sent from. Some exchanges flag and freeze inbound deposits from known scam wallets.
• Change passwords and revoke wallet permissions for any service you connected to the agent's tools or website.

• Do not pay any "release fee," "tax," or "AML clearance" to unlock recovered funds. The funds do not exist.
• Do not post the details of your original loss publicly. Recovery scammers scrape those posts.
• Do not join "victim support group chats" hosted by people you do not know. They are recruiting grounds for follow-on scams.
• Do not install any "tracing dashboard" software, browser extension, or app the agent provides.

• FTC: reportfraud.ftc.gov — the broadest US fraud intake; reports flow to thousands of law-enforcement agencies.
• FBI IC3: ic3.gov — the right destination when the scam is internet-enabled (phishing, BEC, romance, crypto).
• CFPB: consumerfinance.gov/complaint — for complaints about banks, money transmitters, payment apps, credit cards, debt collection.
• IdentityTheft.gov — if any identity information (SSN, driver's license, account credentials) was shared.
• Your bank or payment platform. Call the number on the back of your card or use the app's in-product help. Time matters — wires can sometimes be recalled within hours; ACH and Zelle are harder but worth trying.

Are there any legitimate crypto recovery services? Some legitimate forensics firms (Chainalysis, TRM Labs, CipherTrace) work with law enforcement and exchanges. They do not work consumer-direct, and they do not charge upfront retainers to individuals. If you need recovery help, work through law enforcement instead.

Why do scammers target people who already lost money? Because victim lists are valuable. Once you've shown willingness to send money in a scam scenario, you're more likely to be desperate enough to try again. Many recovery scammers are running the same operation as the original scam under a different name.

The agent showed me a "trace report" with my transactions. How? The blockchain is public. Anyone with your wallet address or a transaction hash can produce a "trace report." It proves nothing about their ability to recover funds.

What about social-media testimonials from people they helped? Fake. The testimonials are often paid actors, AI-generated headshots, or cross-posted stock photos. Treat them as marketing copy, not evidence.