Crypto Investigators is a service by Cryptosec

Scam Alert: No, a ‘Crypto Investigator’ Has Not Found Your Lost Crypto

A well-known crypto recovery scam recently resurfaced in a slightly modified way. Like many other scams, this one also tries to exploit the credibility and reputation of legitimate companies, including Cryptosec and Crypto Investigators. This scheme came to our attention through two channels: first, from astute individuals who contacted Cryptosec to verify claims of association made by these scammers; and more alarmingly, from victims who reached out after having already lost their crypto. Sometimes even blaming us for the losses.

In this post, we will try to shed light on this scam, not only to educate our readers about its mechanics but also to emphasize the importance of verifying the legitimacy of any individual or entity claiming an association with any reputable crypto investigation companies.

The Anatomy of the Scam

The scam begins with scammers gathering email addresses and other contact information of cryptocurrency users from a variety of sources. These lists might originate from leaked user databases of crypto exchanges or crypto-related news websites. However, the scammers don’t stop there. They also actively seek out contact information of individuals who have previously fallen victim to crypto scams and have publicly shared their experiences. Additionally, they target users of bankrupt or defunct exchanges, where individuals may have lost their crypto assets. This approach is particularly insidious as it preys on those who have already suffered losses, exploiting their hope of recovering their assets. The scammers’ objective is clear: to compile a comprehensive list of potential targets, with a special focus on those who have experienced theft or loss of cryptocurrency, as they might be more susceptible to the false promise of recovering their lost funds.

Armed with this information, the scammers launch their deceptive attack.

Phase One: The Deceptive Introduction

Victims are contacted by someone claiming to be a “crypto investigator.” This individual alleges that they have, in the course of an unrelated investigation, uncovered cryptocurrency owed to the recipient. The scammer offers to “return” this crypto, playing on the potential victim’s curiosity or greed.

In the initial phase of this scam, the approach taken by the fraudsters can vary. While email is a common medium, some targets are contacted via phone calls. Regardless of the method, the scammer invariably poses as an associate of a legitimate crypto investigations agency, such as Cryptosec, setting the stage for their scam attempt.

Above is one example of an initial email outreach from a crypto recovery scammer. Please note that we have removed all identifiable information of the scammer’s target, but we left scammer’s information. Some of the most common scammer aliases we came across are “Aaron Fisher” or “Henry Vincent” from “Blockchain Investigative Agency” or “Claim Eazy” using spoofed emails from domains such as,,, and other variations (all those emails are fake). We also noticed scammers sometimes claiming to be associated with the UN or with the World Bank.

Please note many elements in this email that attempt to give some credibility to this initial communication, such as “Invited Expert” statement in the signature, which doesn’t mean anything, but sounds authoritative; a link to a FINRA BrokerCheck profile, which, again is completely irrelevant, and in this case fake, but adds some more “legitimacy”; the mention of various services that the fake agency performs for important clients such as “government agencies”; etc.

Spoofed Email Address

A notable aspect of the first phase of this scam is the common use of email spoofing. Email spoofing is a technique where scammers forge the sender’s address in an email, making it appear as if it’s coming from a legitimate or trusted source, such as a well-known company. Essentially, it’s like putting on a digital disguise to impersonate someone else in an email conversation. This tactic is designed to lend an air of authenticity to their claims and to lower the guard of potential victims. However, since these email addresses are spoofed, or faked, any replies sent directly to them would not reach the scammer.

The Shift to Other Communication Channels

To circumvent the limitation of scammer not receiving replies to the spoofed email address, scammers often encourage targets to continue the conversation through alternative communication channels, such as WhatsApp, Telegram or direct phone calls. This request is typically embedded in the initial email, but it can be sometimes initiated in subsequent communications or a phone call. It’s a strategic move by the scammer, ensuring that, once they gained credibility of the faked domains, any further communication reaches the scammer and that it remains under the scammer’s control.

Please notice that in this example, the scammer claims that the victim won’t need to make any upfront payments. This is another attempt to build credibility and trust. However, it’s important to understand that eventually, the victim will be asked to make payments. This request for upfront fees is the crux of the fraud. The scammer might initially state that there are no upfront charges for their “services rendered,” but as the scam progresses, they will introduce various fabricated fees that wouldn’t be paid to them, but would have to be paid to a regulator, to the exchange, to World Bank, or similar made up recipients. These upfront fees that would ostensibly be a prerequisite for the return of owed crypto could include made-up taxes, compliance fees based on fictitious regulations, a security deposit, and other non-existent charges. The entire scheme hinges on convincing the victim to pay these fraudulent fees before any “return”, which are, in reality, the primary objective of the scam.

In summary, the first phase of this scam involves attempting to gain some initial credibility and a combination of sophisticated email spoofing and a strategic push towards more direct, untraceable communication methods. Recognizing these early warning signs is crucial in avoiding falling prey to such deceptive tactics.

Phase Two: Building Excitement and Sense of Security

In the second phase of this scam, the scammer’s primary goal is to transition the victim from initial skepticism to a state of excitement about the purported financial windfall. Once the victim shows interest in response to the initial contact, the scam intensifies.

The scammers intensify their efforts through a series of communications, including emails, WhatsApp messages, and phone calls. They claim that the victim’s funds have been successfully recovered and are now securely held in a reputable exchange, such as Binance. This step is crucial in convincing the victim of the legitimacy of the process and the safety of their soon-to-be-returned assets.

The focus here is on making the victim feel that the return of their funds is not only certain but also imminent. The scammers might share fabricated success stories or provide false evidence to reinforce this belief. The aim is to transition the victim from a state of skepticism to one of anticipation and excitement, setting the stage for the next phase of the scam.

Phase Three: The Request for Fees and Creating Urgency

Having established a sense of security and excitement, the scammers move to the critical stage of the scam – requesting payment of various fees before the recovered funds can be released.

Introducing Fabricated Fees

The scammers now claim that certain fees must be paid before the funds can be released to the victim. These could include made-up regulatory fees, security deposits that need to be paid to the exchange, cost recovery for third parties involved in the recovery, taxes, or some other made-up fees. The victim, already convinced of the legitimacy of the process and eager to receive their funds, may not immediately recognize these requests as fraudulent.

In this example, we have a counterfeit ‘Binance Guarantee Letter’ where the scammer demands the victim deposit 10% of the alleged value of the crypto purportedly set to be returned. This deposit is falsely justified as a requirement under some fabricated regulation and is claimed to be payable to Binance before the release of the recovered funds. Observe the various tactics employed by scammers to lend credibility to this scam – from the unauthorized use of Binance’s name and the FCA (the financial regulatory body in the UK), to the sophisticated language used in the “contract.” Additionally, the document is embellished with the signature of a supposed official, all designed to manipulate the victim into believing in the authenticity of the request.

Manufacturing Urgency

At this stage, the scammers are focused on preventing the victim from questioning the legitimacy of the process. They might discourage the victim from consulting with others or seeking external advice, often using high-pressure tactics and time-sensitive threats to maintain control over the situation. To compel the victim to act quickly, the scammers create a false sense of urgency. They might assert that if these fees are not paid promptly, the recovered funds could be seized by the government or lost due to bureaucratic hurdles. These claims are entirely false but are presented convincingly to pressure the victim into acting without delay.

The ultimate goal in this phase is to get the victim to pay the fabricated fees without hesitation. The scammers use a combination of false assurances, urgency, and psychological pressure to achieve this.

Phase Four: The Cycle of Continuous Fees

In Phase Four of the scam, the victim, having already paid an initial fee, finds themselves entangled in an ongoing cycle of deceit. Contrary to what one might expect, the scammers do not vanish after receiving the first payment. Instead, they recognize an opportunity to exploit the victim further.

Exploiting the Sunk Cost Fallacy

At this stage, the victim is not just hopeful of receiving their promised funds but is also influenced by the sunk cost fallacy. Having already invested money, they feel compelled to continue paying in the hope of recovering their initial outlay along with the promised crypto. This psychological trap makes it difficult for the victim to acknowledge the scam and cut their losses.

Manufacturing New Fees

The scammers, aware of the victim’s vulnerability, continue to invent new, urgent fees that supposedly need to be paid for the victim to receive their funds. These fees are presented as the final hurdles before the large sum is released. Each new fee is accompanied by a fabricated rationale and a sense of urgency, designed to keep the victim in a state of anticipation and compliance. With each new fee, the scammers reassure the victim that the release of their funds is imminent. This tactic is deliberately used to maintain the victim’s hope and belief in the process. The victim, driven by the desire to recoup their losses and the expectation of a significant return, finds themselves trapped in a cycle of continuous payments.

The Emotional and Financial Toll

This phase is particularly damaging as it not only leads to increased financial loss but also takes a significant emotional toll on the victim. The continuous cycle of hope and disappointment, coupled with the financial strain, can be extremely distressing.

Recognizing this phase for what it is – a relentless exploitation of trust and hope – is crucial. Victims need to understand that legitimate processes do not operate in this manner and that continuing to pay these fabricated fees will only lead to further loss. Breaking free from this cycle requires acknowledging the reality of the scam, no matter how difficult that may be due to the emotional and financial investment already made.


The scam we’ve dissected here, with its multiple phases and psychological manipulations, serves as a stark reminder of the sophistication and persistence of these fraudulent schemes. Keep in mind that many other scams employ the same manipulations outlined here. The red flags presented here are applicable more widely than just in the discussed scenario.

Key Takeaways

  1. Recognize the Red Flags: Each phase of the scam presents distinct warning signs, from unsolicited contact and requests for upfront payments to the creation of false urgency and escalating fees. Being able to identify these red flags is crucial in protecting oneself from becoming a victim.
  2. Understand Legitimate Processes: Familiarize yourself with how genuine legal and recovery processes work. Remember, they are characterized by transparency, predictability, and do not operate on a basis of conditional fees or assets held hostage.
  3. Verify and Validate: Always verify the legitimacy of any individual or entity claiming to represent a company or legal process. Use official channels for verification and be wary of requests to shift communication to less formal platforms.
  4. Avoid Sunk Cost Fallacy: Be aware of the psychological trap of the sunk cost fallacy. Do not let previous investments cloud your judgment about the legitimacy of ongoing demands for money.
  5. Seek Professional Advice: If you find yourself in a situation where you’re unsure, seek advice from legal professionals or financial advisors. An external perspective can provide clarity and help you make informed decisions.

The fight against crypto scams requires both awareness and education. Sharing knowledge about these scams, their tactics, and how to avoid them is key to building a more secure and trustworthy digital currency environment. Remember, in the realm of cryptocurrency, if something seems too good to be true, it probably is. Stay informed, stay skeptical, and prioritize your security in every transaction and interaction.

Related Posts

Share via
Copy link