Some people are faced with a situation where checking the risk score of a blockchain address no longer makes sense and when receiving “dirty” cryptocurrency is no longer scary — after all, scammers, unfortunately, have already stolen all your cryptocurrency.
At such a moment, the analysis of what could have been done to prevent this situation fades into the background. It is important to understand what to do next to try to return the stolen cryptocurrency.
OBSERVATION FROM AML CRYPTO:
Most victims of fraudsters believe that returning cryptocurrency is an unrealistic task. This belief is based on the myth of the complete anonymity of cryptocurrencies, as well as the harsh reality that law enforcement agencies often do not have the necessary competence in the field of cryptocurrencies. However, taking a number of specific actions significantly increases the chances of recovering stolen funds.
If you have become a victim of crypto scams, you should immediately take the following measures:
1. Describe your incident in a structured manner
After something unpleasant has happened and funds have been lost, your task is to approach the situation as objectively and without emotions as possible. Document every detail of the incident: what happened, how it happened, who was involved, when it happened, under what circumstances, what the interaction steps were, and where the funds were transferred. Being specific and accurate in detail will help in future investigations or interactions with law enforcement.
2. Save all possible evidence
Save all emails related to the fraudulent transaction, screenshots of messages from instant messengers and social networks, as well as any other possible evidence.
In the case of telegram communication, export the full chat in JSON format to extract the account ID — this information may be needed by specialists. If there were telephone conversations, take a photo of the call history. Record the names of the attackers’ websites and save payment receipts, especially if fiat funds were used. You need to act quickly: some data may be lost, and attackers may try to erase some information.
The information you collect will be very useful in providing incident details to relevant authorities and cybersecurity experts.
3. Conduct a quick analysis of where the funds are currently located
The blockchain is like an open ledger: every transaction is recorded. Knowing the user’s address, you can track where and how much money he sent. Using a blockchain explorer, you can track the movement of funds.
If this process seems too complicated to you, you can contact professionals in specialized companies. They have tools that not only visualize the flow of funds, but also overlay markup on addresses, facilitating data analysis.
4. Monitor any movement of stolen funds
Stolen cryptocurrency funds are usually quickly converted into fiat money. To do this, scammers have a limited number of options available to them:
-
CEX (centralized crypto exchanges)
-
OTC P2P deals (over-the-counter transactions between individuals)
-
ATM (cryptocurrency ATMs)
Stolen funds can travel through transit addresses, use blockchain bridges, and interact with smart contracts and mixers to make their movement more difficult to track.
The importance of receiving notifications of every movement of funds cannot be overstated, as this allows for a timely response, for example, if funds have arrived at the deposit address of the exchange.
5. Conduct advanced blockchain investigation. If you don’t have enough knowledge, contact companies that provide blockchain analytics
It’s time to scrutinize every transaction and every address. It is necessary to analyze the nature of the behavior of the funds, as well as the mention of related data on the Internet. This information should be organized in such a way that it is ready for presentation to law enforcement agencies and crypto exchanges. It is important to highlight key transactions, highlighting their hashes, and provide the data in a format that can be understood by any party that will assist in the return.
6. Identify points of possible information about the attacker
Here is key information to provide to law enforcement for follow-up requests:
-
The phone numbers from which the attackers contacted you, along with the time and date of the calls. Despite the possibility of using temporary numbers, attackers can make a mistake.
-
Fraud site domain. Law enforcement agencies will be able to request information about the owner, IP logs and payment information from the domain registrar and hosting provider.
-
Advertising platforms where you have seen scam ads. Similar to the domain, the attacker, in order to run advertising, registered a personal account
-
Telegram user-name and telegram ID, if the communication was via telegram, you can get a lot of useful information about the attacker… the groups he belongs to, his other messages, etc.
-
Fraudster profiles on social networks. Social networks collect extensive data about users, including logins, location, contacts and interests.
-
Sites with reviews about scammers. Attackers often publish fake reviews about their fraudulent service, but in addition to “lies,” these reviews contain digital clues about the user who left them
-
Email addresses. Mail services store information about logins, locations, and devices used.
-
Exchanges and crypto exchangers that an attacker could use to launder funds. This information will allow law enforcement agencies to send requests for the provision of data under the KYC (Know Your Client) procedure.
7. If you detect a transfer of stolen funds to an exchange, immediately contact technical support
Regardless of the location of the exchange, they do not seek to support illegal activities on their platform. **Most licensed exchanges actively cooperate with law enforcement agencies, blocking funds if fraud is suspected.**If you notice that your funds have been transferred to an exchange, please contact their technical support. Please note that a double application will be required: first in person or through a specialist, and then on behalf of law enforcement agencies.
Recovering stolen funds is not an easy path. But if you do nothing, then the probability of a return tends to zero. We wish you to be strong on this journey! If you need help, please contact us!