A well-known crypto recovery scam recently resurfaced in a slightly modified way. Like many other scams, this one also tries to exploit the credibility and reputation of legitimate companies, including Cryptosec and Crypto Investigators. This scheme came to our attention through two channels: first, from astute individuals who contacted Cryptosec to verify claims of association made by these scammers; and more alarmingly, from victims who reached out after having already lost their crypto. Sometimes even blaming us for the losses.

In this post, we will try to shed light on this scam, not only to educate our readers about its mechanics but also to emphasize the importance of verifying the legitimacy of any individual or entity claiming an association with any reputable crypto investigation companies.

The Anatomy of the Scam

The scam begins with scammers gathering email addresses and other contact information of cryptocurrency users from a variety of sources. These lists might originate from leaked user databases of crypto exchanges or crypto-related news websites. However, the scammers don’t stop there. They also actively seek out contact information of individuals who have previously fallen victim to crypto scams and have publicly shared their experiences. Additionally, they target users of bankrupt or defunct exchanges, where individuals may have lost their crypto assets. This approach is particularly insidious as it preys on those who have already suffered losses, exploiting their hope of recovering their assets. The scammers’ objective is clear: to compile a comprehensive list of potential targets, with a special focus on those who have experienced theft or loss of cryptocurrency, as they might be more susceptible to the false promise of recovering their lost funds.

Armed with this information, the scammers launch their deceptive attack.

Phase One: The Deceptive Introduction

Victims are contacted by someone claiming to be a “crypto investigator.” This individual alleges that they have, in the course of an unrelated investigation, uncovered cryptocurrency owed to the recipient. The scammer offers to “return” this crypto, playing on the potential victim’s curiosity or greed.

In the initial phase of this scam, the approach taken by the fraudsters can vary. While email is a common medium, some targets are contacted via phone calls. Regardless of the method, the scammer invariably poses as an associate of a legitimate crypto investigations agency, such as Cryptosec, setting the stage for their scam attempt.

Above is one example of an initial email outreach from a crypto recovery scammer. Please note that we have removed all identifiable information of the scammer’s target, but we left scammer’s information. Some of the most common scammer aliases we came across are “Aaron Fisher” or “Henry Vincent” from “Blockchain Investigative Agency” or “Claim Eazy” using spoofed emails from domains such as @cryptoinvestigators.co, @cryptoinvestigation.ca, @cryptoinvestigator.info, and other variations (all those emails are fake). We also noticed scammers sometimes claiming to be associated with the UN or with the World Bank.

Please note many elements in this email that attempt to give some credibility to this initial communication, such as “Invited Expert” statement in the signature, which doesn’t mean anything, but sounds authoritative; a link to a FINRA BrokerCheck profile, which, again is completely irrelevant, and in this case fake, but adds some more “legitimacy”; the mention of various services that the fake agency performs for important clients such as “government agencies”; etc.

RED FLAG 1

A major red flag in this scam is the unsolicited contact from someone claiming to be able to return lost crypto or, in some cases, offering to "return" crypto that the target isn't even aware they are owed. This approach is a classic exploitation of human greed. Realistically, the scenario of being randomly contacted with promises of receiving crypto - whether previously stolen or supposedly owed - is highly improbable. In the real world, the recovery of stolen crypto is a complex process, often involving legal proceedings. Typically, if there is any recovery of assets, it's facilitated through legal channels and communicated via lawyers or official court documents. Therefore, any proactive outreach claiming easy recovery or unexpected windfalls of crypto should immediately be viewed with skepticism. Such offers are not standard practice and are often the bait used by scammers to lure unsuspecting victims.

Spoofed Email Address

A notable aspect of the first phase of this scam is the common use of email spoofing. Email spoofing is a technique where scammers forge the sender’s address in an email, making it appear as if it’s coming from a legitimate or trusted source, such as a well-known company. Essentially, it’s like putting on a digital disguise to impersonate someone else in an email conversation. This tactic is designed to lend an air of authenticity to their claims and to lower the guard of potential victims. However, since these email addresses are spoofed, or faked, any replies sent directly to them would not reach the scammer.

RED FLAG 2

When you enter the domain from the scammer's email address into a browser, it typically leads either to a non-existent website or to a website that doesn't match the company the scammer claims to represent. For instance, in the above scam email, using the domain 'cryptoinvestigators.co' from scammer's email address and entering it into a browser would redirect you to our legitimate website, 'CryptoInvestigators.com', and not the claimed "Blockchain Investigative Agency." If the domain does lead to an actual website, your first course of action should be to contact the company you've reached through the browser. Verify with them whether the individual who sent the email is actually an employee. This step is crucial for confirming the authenticity of the sender's claims.

The Shift to Other Communication Channels

To circumvent the limitation of scammer not receiving replies to the spoofed email address, scammers often encourage targets to continue the conversation through alternative communication channels, such as WhatsApp, Telegram or direct phone calls. This request is typically embedded in the initial email, but it can be sometimes initiated in subsequent communications or a phone call. It’s a strategic move by the scammer, ensuring that, once they gained credibility of the faked domains, any further communication reaches the scammer and that it remains under the scammer’s control.

RED FLAG 3

This insistence on shifting communication away from email to platforms like WhatsApp or direct phone calls serves as the first major red flag. Legitimate investigation companies and law firms usually maintain written communications that provides audit trail. The request to move to a less formal platform should immediately raise suspicions. It's a clear indicator that the individual or entity in question may not be who they claim to be, signaling the need for heightened caution and verification.

Please notice that in this example, the scammer claims that the victim won’t need to make any upfront payments. This is another attempt to build credibility and trust. However, it’s important to understand that eventually, the victim will be asked to make payments. This request for upfront fees is the crux of the fraud. The scammer might initially state that there are no upfront charges for their “services rendered,” but as the scam progresses, they will introduce various fabricated fees that wouldn’t be paid to them, but would have to be paid to a regulator, to the exchange, to World Bank, or similar made up recipients. These upfront fees that would ostensibly be a prerequisite for the return of owed crypto could include made-up taxes, compliance fees based on fictitious regulations, a security deposit, and other non-existent charges. The entire scheme hinges on convincing the victim to pay these fraudulent fees before any “return”, which are, in reality, the primary objective of the scam.

In summary, the first phase of this scam involves attempting to gain some initial credibility and a combination of sophisticated email spoofing and a strategic push towards more direct, untraceable communication methods. Recognizing these early warning signs is crucial in avoiding falling prey to such deceptive tactics.

Phase Two: Building Excitement and Sense of Security

In the second phase of this scam, the scammer’s primary goal is to transition the victim from initial skepticism to a state of excitement about the purported financial windfall. Once the victim shows interest in response to the initial contact, the scam intensifies.

The scammers intensify their efforts through a series of communications, including emails, WhatsApp messages, and phone calls. They claim that the victim’s funds have been successfully recovered and are now securely held in a reputable exchange, such as Binance. This step is crucial in convincing the victim of the legitimacy of the process and the safety of their soon-to-be-returned assets.

The focus here is on making the victim feel that the return of their funds is not only certain but also imminent. The scammers might share fabricated success stories or provide false evidence to reinforce this belief. The aim is to transition the victim from a state of skepticism to one of anticipation and excitement, setting the stage for the next phase of the scam.

RED FLAG 4

A critical red flag in this phase is the portrayal of the crypto recovery process as straightforward and victim-involved. In reality, if there were a legitimate effort to return stolen crypto to a victim, the procedure would be markedly different and far more complex. In genuine cases of crypto recovery, the process is typically lengthy and involves intricate legal proceedings. Key to this is the establishment of the victim's identity and their rightful claim to the crypto assets. This legal process is meticulous and often requires substantial documentation and verification, far beyond simple email or phone call confirmations. 

Moreover, in legitimate scenarios, recovered crypto assets would be under the strict custody of courts or law enforcement agencies, not a third-party individual or entity claiming to be a crypto investigator. These assets would remain in secure custody until the legal process is fully resolved. 

Contrary to the scammer's narrative of keeping the victim updated and involved in every step, in real legal proceedings, the victim's involvement is typically minimal. They would not be part of ongoing discussions or receive regular updates about the recovery process. The communication would be formal and through official channels, often mediated by legal representatives.

The scammer's version of a quick and personal recovery process, where the victim is directly and continuously involved, is highly unrealistic and diverges significantly from how legitimate legal recovery operations function. This should be a clear warning sign to anyone approached with such a claim, signaling the need for skepticism and thorough verification.

Phase Three: The Request for Fees and Creating Urgency

Having established a sense of security and excitement, the scammers move to the critical stage of the scam – requesting payment of various fees before the recovered funds can be released.

Introducing Fabricated Fees

The scammers now claim that certain fees must be paid before the funds can be released to the victim. These could include made-up regulatory fees, security deposits that need to be paid to the exchange, cost recovery for third parties involved in the recovery, taxes, or some other made-up fees. The victim, already convinced of the legitimacy of the process and eager to receive their funds, may not immediately recognize these requests as fraudulent.

In this example, we have a counterfeit ‘Binance Guarantee Letter’ where the scammer demands the victim deposit 10% of the alleged value of the crypto purportedly set to be returned. This deposit is falsely justified as a requirement under some fabricated regulation and is claimed to be payable to Binance before the release of the recovered funds. Observe the various tactics employed by scammers to lend credibility to this scam – from the unauthorized use of Binance’s name and the FCA (the financial regulatory body in the UK), to the sophisticated language used in the “contract.” Additionally, the document is embellished with the signature of a supposed official, all designed to manipulate the victim into believing in the authenticity of the request.

Manufacturing Urgency

At this stage, the scammers are focused on preventing the victim from questioning the legitimacy of the process. They might discourage the victim from consulting with others or seeking external advice, often using high-pressure tactics and time-sensitive threats to maintain control over the situation. To compel the victim to act quickly, the scammers create a false sense of urgency. They might assert that if these fees are not paid promptly, the recovered funds could be seized by the government or lost due to bureaucratic hurdles. These claims are entirely false but are presented convincingly to pressure the victim into acting without delay.

The ultimate goal in this phase is to get the victim to pay the fabricated fees without hesitation. The scammers use a combination of false assurances, urgency, and psychological pressure to achieve this.

RED FLAG 5

A significant red flag in these scams is the false sense of urgency imposed by the scammers. Scammers pressure victims into making hasty decisions. They might concoct scenarios suggesting that the recovered funds are at risk of being seized or lost if certain fees aren't paid promptly. This tactic is designed to create panic and a sense of impending loss, pushing the victim to act quickly without giving them time to think critically or seek advice.

In contrast, real-world legal and financial procedures are methodical and rarely subject to such abrupt deadlines. Genuine processes are marked by clear, structured timelines and involve formal communication, often with ample time provided for response and action. Often these cases span many months or years.

Any scenario where you are pressured to act quickly, especially under the threat of losing funds or missing out on an opportunity, should be viewed with extreme caution. This sense of urgency is a common strategy used by fraudsters to bypass your rational thinking and should be recognized as a serious red flag. Legitimate organizations understand the complexities of legal and financial processes and do not impose unrealistic time constraints for payments or decisions.

Phase Four: The Cycle of Continuous Fees

In Phase Four of the scam, the victim, having already paid an initial fee, finds themselves entangled in an ongoing cycle of deceit. Contrary to what one might expect, the scammers do not vanish after receiving the first payment. Instead, they recognize an opportunity to exploit the victim further.

Exploiting the Sunk Cost Fallacy

At this stage, the victim is not just hopeful of receiving their promised funds but is also influenced by the sunk cost fallacy. Having already invested money, they feel compelled to continue paying in the hope of recovering their initial outlay along with the promised crypto. This psychological trap makes it difficult for the victim to acknowledge the scam and cut their losses.

Manufacturing New Fees

The scammers, aware of the victim’s vulnerability, continue to invent new, urgent fees that supposedly need to be paid for the victim to receive their funds. These fees are presented as the final hurdles before the large sum is released. Each new fee is accompanied by a fabricated rationale and a sense of urgency, designed to keep the victim in a state of anticipation and compliance. With each new fee, the scammers reassure the victim that the release of their funds is imminent. This tactic is deliberately used to maintain the victim’s hope and belief in the process. The victim, driven by the desire to recoup their losses and the expectation of a significant return, finds themselves trapped in a cycle of continuous payments.

The Emotional and Financial Toll

This phase is particularly damaging as it not only leads to increased financial loss but also takes a significant emotional toll on the victim. The continuous cycle of hope and disappointment, coupled with the financial strain, can be extremely distressing.

Recognizing this phase for what it is – a relentless exploitation of trust and hope – is crucial. Victims need to understand that legitimate processes do not operate in this manner and that continuing to pay these fabricated fees will only lead to further loss. Breaking free from this cycle requires acknowledging the reality of the scam, no matter how difficult that may be due to the emotional and financial investment already made.

RED FLAG 6

A crucial red flag in this phase is the manner in which the process is portrayed to operate, which starkly contrasts with legitimate legal procedures. In legitimate legal processes, if any fees are involved, they are typically known in advance and communicated clearly at the outset. There is transparency and predictability in the structure of these fees, which is in direct opposition to the scam where new fees continuously emerge, each presented as an unexpected but necessary hurdle.

Another key aspect to understand is that in legitimate scenarios, the payment of fees is not a precondition for the release of a victim's assets. Genuine legal processes do not operate on a quid pro quo basis where assets are held hostage until certain fees are paid. This practice of continuously demanding payment under the pretext of releasing assets is a tactic exclusive to fraudulent schemes.

The pattern of introducing new, unforeseen fees as a prerequisite for releasing funds is a significant warning sign. It indicates a departure from the norms of legal and regulatory processes. In legitimate cases, assets are not used as leverage to extract additional payments from the rightful owner.

Conclusion

The scam we’ve dissected here, with its multiple phases and psychological manipulations, serves as a stark reminder of the sophistication and persistence of these fraudulent schemes. Keep in mind that many other scams employ the same manipulations outlined here. The red flags presented here are applicable more widely than just in the discussed scenario.

Key Takeaways

1. Recognize the Red Flags: Each phase of the scam presents distinct warning signs, from unsolicited contact and requests for upfront payments to the creation of false urgency and escalating fees. Being able to identify these red flags is crucial in protecting oneself from becoming a victim.
2. Understand Legitimate Processes: Familiarize yourself with how genuine legal and recovery processes work. Remember, they are characterized by transparency, predictability, and do not operate on a basis of conditional fees or assets held hostage.
3. Verify and Validate: Always verify the legitimacy of any individual or entity claiming to represent a company or legal process. Use official channels for verification and be wary of requests to shift communication to less formal platforms.
4. Avoid Sunk Cost Fallacy: Be aware of the psychological trap of the sunk cost fallacy. Do not let previous investments cloud your judgment about the legitimacy of ongoing demands for money.
5. Seek Professional Advice: If you find yourself in a situation where you’re unsure, seek advice from legal professionals or financial advisors. An external perspective can provide clarity and help you make informed decisions.

The fight against crypto scams requires both awareness and education. Sharing knowledge about these scams, their tactics, and how to avoid them is key to building a more secure and trustworthy digital currency environment. Remember, in the realm of cryptocurrency, if something seems too good to be true, it probably is. Stay informed, stay skeptical, and prioritize your sec