The period immediately following a crypto scam is the most consequential window of time you will have. What you do — or fail to do — in the first few hours can materially affect whether your case has a viable path forward. Funds move quickly on the blockchain, scammers operate with practiced efficiency, and digital evidence can disappear if platforms are taken offline or chat histories are deleted.

This guide is written for the person who has just realized something is wrong. Perhaps a withdrawal has been blocked with an unexpected fee demand. Perhaps an "advisor" has suddenly gone silent. Perhaps you have just discovered that the trading platform you trusted does not appear in any regulatory database. Whatever the trigger, the steps below should be followed in order.

Step 1: Stop All Outgoing Payments

This is the most critical step, and it must come first. Scammers are experts at maintaining engagement even after the victim has begun to question the legitimacy of the situation. They will fabricate reasons why additional payments are necessary — taxes, insurance, verification fees, liquidity deposits, anti-money laundering compliance charges. Every one of these is fabricated.

No legitimate exchange or financial platform requires a separate payment to release your own funds. Fees are always deducted from your existing balance, never requested as a separate transaction. If you are being asked to send additional cryptocurrency to "unlock" a withdrawal, you are dealing with a scam.

Stop all communication with the entity. Do not respond to messages, do not answer calls, and do not engage with anyone who contacts you claiming they can expedite your withdrawal.

Step 2: Secure Your Accounts

Once you have stopped financial engagement, the next priority is account security. Depending on the nature of the scam, the perpetrator may have varying levels of access to your digital accounts and devices.

Exchange Accounts

Change passwords immediately on every exchange account. If you used the same password on multiple platforms, change all of them. Enable two-factor authentication using an authenticator app — not SMS. Review your API key settings and revoke any keys you did not create. Check for unfamiliar devices in your account's active sessions list and remove them.

Email Accounts

Your email is the gateway to almost everything else. Change the password, enable 2FA, and critically — check your email forwarding rules. Scammers sometimes add a forwarding rule that silently sends copies of all incoming email to an address they control. This allows them to intercept password reset links and verification codes even after you have changed your credentials.

Wallets and Devices

If the scammer had access to your device — through remote desktop software, screen sharing, or malware — consider the entire device compromised. Move any remaining cryptocurrency to a new wallet created on a clean device. If you use a hardware wallet, verify that no unauthorized transactions have been signed. If you participated in a remote access session, run a full malware scan and consider a factory reset.

Step 3: Preserve All Evidence

Evidence degrades quickly in the digital world. Scam websites go offline. Chat messages get deleted. Email accounts get deactivated. The platform you used yesterday may not exist tomorrow. Capture everything now, before anything disappears.

• Screenshot every page of the scam platform — homepage, login, dashboard, transaction history, withdrawal pages, error messages, and support chat
• Export or screenshot all chat conversations — WhatsApp, Telegram, Signal, email, and any other communication channels
• Record all transaction IDs, wallet addresses, and amounts from your exchange or wallet transaction history
• Save any documents the scammer sent — contracts, verification forms, tax receipts, identity requests
• Note the URLs, phone numbers, and email addresses used by the scammer
• Document the timeline: when did contact begin, when were funds sent, when did problems start

Store this evidence in multiple locations — a dedicated folder on your computer, a cloud storage service, and ideally a USB drive. Evidence that only exists in one location is vulnerable to loss.

Step 4: Report the Incident

Reporting serves multiple purposes: it creates an official record, it may trigger exchange-level account reviews, and it contributes to broader intelligence that helps identify and disrupt scam operations.

Report to Exchanges

If you can identify which exchange the scammer used to receive or off-ramp your funds, submit a fraud report directly to that exchange's support or compliance team. Include all relevant transaction IDs, your timeline of events, and a clear description of what happened. Most major exchanges have dedicated processes for handling fraud reports.

Report to Law Enforcement

File a report with your local police and with the appropriate national cybercrime agency. In the US, this is the FBI's IC3 portal. In the UK, it is Action Fraud. In Australia, it is ReportCyber. The report may not result in immediate action, but it establishes an official record that can support future legal proceedings.

Report to Financial Regulators

If the scam involved a platform claiming to be a regulated financial service, report it to the relevant regulatory body. This helps protect future victims and may contribute to enforcement actions against the fraudulent entity.

Step 5: Seek Professional Guidance

After completing the steps above, you will have stabilized the immediate situation. The next question is how to proceed with analysis, tracing, and potential escalation. This is where professional support can add significant value.

A structured case review can identify whether your funds reached identifiable services, assess the complexity of the transaction trail, and determine which escalation paths are most likely to be productive. Acting alone at this stage — without a clear understanding of the blockchain trail or the reporting landscape — can lead to wasted effort or, worse, engagement with recovery scams that exploit your urgency.

What Not to Do

In the aftermath of a scam, several common mistakes can make the situation worse:

• Do not try to 'negotiate' with the scammer — they are not operating in good faith and will use continued engagement to extract more money
• Do not publicly post your wallet addresses or case details on social media — this attracts recovery scammers who monitor these posts
• Do not pay anyone who contacts you unsolicited claiming they can recover your funds
• Do not attempt to hack or access the scammer's accounts — this is illegal in most jurisdictions and will not help your case
• Do not delay — every day you wait reduces the effectiveness of the steps described above

Related Guides