Cryptoslock

Case Studies

Illustrative, dramatized composite case studies of crypto-custody fraud and the recovery work that followed.

  • AssetImperial: The ‘Recovery Firm’ That Was a Second Scam

    [ Case File · CSL-2026-0522 · Recovery Scam · Double-Fraud ]

    AssetImperial: The ‘Recovery Firm’ That Was a Second Scam

    After losing money to a fake broker, a Tampa teacher was contacted by AssetImperial, which promised to recover it — for an upfront ‘release bond,’ then a ‘tax,’ then more. The second scam cost $46,900.

    Operator
    AssetImperial → dossier
    Vector
    Recovery Scam · Double-Fraud
    Instrument
    USDT + prepaid cards
    Reported Loss
    $46,900 USD
    Sealed On
    22 May 2026
    Status
    88% recovered
    Claimant
    Teacher, Tampa FL

    Point of Entry

    A Tampa teacher had already lost money to a fake broker when AssetImperial contacted her, claiming it specialised in recovering exactly that kind of loss.

    It knew details of her case, sounded official, and promised a full return — once an upfront ‘release bond’ was paid.

    Where Custody Broke

    The bond unlocked a ‘clearance tax,’ then a ‘cross-border fee.’ AssetImperial was a second scam built on the desperation left by the first — taking payment in USDT and prepaid cards.

    She paid $46,900 chasing a recovery that was never coming.

    “I was so desperate to get the first loss back that I didn’t see the second one taking shape.”— Brenda S., Tampa

    The Recovery Ledger

    1. L01Intake & capture. We documented every payment to AssetImperial — USDT transfers and prepaid-card loads — and the messages promising recovery.
    2. L02On-chain & processor trace. The USDT moved to a consolidation wallet; the card loads ran through identifiable processors.
    3. L03Fast action. She contacted us within days, while the fee payments were still traceable and partly in place.
    4. L04Freeze & recall. We filed an attested freeze for the crypto and recall requests for the prepaid loads.
    5. L05Recovery. Most of the upfront fees were frozen and returned. A reminder: legitimate recovery never charges upfront to release your funds.
    88%
    Funds Returned to Claimant

    The strongest outcome in this set. She contacted us within days; the fee payments were still traceable and largely frozen. No legitimate recovery service charges upfront to ‘release’ your funds.

    Breach Signatures

    • A ‘recovery firm’ that contacts you after a loss — especially one you never approached.
    • Any upfront ‘bond,’ ‘tax,’ or ‘release fee’ required before funds come back.
    • Pressure built on the desperation of an existing loss.
    • Requests for payment in crypto or prepaid cards.
    • A guarantee of full recovery — no honest investigator promises that.

    Approached by a ‘recovery firm’ asking for fees?

    Never pay upfront to release your own money. Talk to us first — we trace before anything else.

    Open a CaseAll case files

  • Chainstackinvest: Nine Weeks of Romance, Then a Staking dApp That Swept Every Deposit

    [ Case File · CSL-2026-0515 · Romance + Fake Staking ]

    Chainstackinvest: Nine Weeks of Romance, Then a Staking dApp That Swept Every Deposit

    After nine weeks of daily messages, ‘Mei’ showed a Singapore manager the returns she earned on Chainstackinvest. The ‘staking’ was an approval that let the operators sweep his deposits. S$150,000.

    Operator
    Chainstackinvest → dossier
    Vector
    Romance + Fake Staking
    Instrument
    USDT-TRC20
    Reported Loss
    S$150,000 SGD
    Sealed On
    15 May 2026
    Status
    79% recovered
    Claimant
    Operations manager, Singapore

    Point of Entry

    A Singapore operations manager matched with ‘Mei’ online. Over nine weeks the chat moved to a warm daily rhythm. Money came up only when she described the returns she earned on Chainstackinvest.

    She offered to show him. He connected his wallet to the dApp and approved what looked like a routine staking transaction.

    Where Custody Broke

    The ‘staking’ was a token approval that let the operators sweep his USDT on demand. The growing ‘earnings’ were just numbers on a screen.

    A withdrawal required a ‘capital-gains tax’ first. That was when he stopped and called us — eight days after his first deposit.

    “It never felt like a pitch. It felt like a friend showing me what had worked for her.”— Wei L., Singapore

    The Recovery Ledger

    1. L01Intake & capture. We logged the Chainstackinvest approval, the USDT-Tron deposits, and the nine-week message timeline.
    2. L02Stop the bleed. We revoked the open approval so the dApp could not sweep any remaining balance.
    3. L03On-chain trace. The deposits pooled in a consolidation wallet that had not been emptied — he had reported fast.
    4. L04Fast freeze. We routed attested freeze requests to the two off-ramps the wallet was preparing to use.
    5. L05Recovery. Because the report was fast and the funds pooled, most of the deposit was frozen and returned.
    79%
    Funds Returned to Claimant

    The strongest outcome here. He reported within eight days, the funds were still pooled, and most of the deposit was frozen at the off-ramp and returned.

    Breach Signatures

    • A relationship that moves from a dating or social app to crypto ‘opportunities.’
    • A trusted contact who offers to ‘teach’ you to invest or stake.
    • Connecting your wallet to a dApp that asks for open-ended spending approval.
    • Returns that are steady, high, and never dip.
    • A tax or fee demanded before any withdrawal.

    Realised the ‘relationship’ was the setup?

    These funds are often still pooled in the first days. Reporting fast is the biggest factor in recovery — start now.

    Open a CaseAll case files

  • Fluxcrypto: A Fake ‘Wallet Sync’ That Emptied a Self-Custody Wallet

    [ Case File · CSL-2026-0418 · Seed-Phrase Wallet-Drainer ]

    Fluxcrypto: A Fake ‘Wallet Sync’ That Emptied a Self-Custody Wallet

    Fluxcrypto’s support page promised to ‘sync’ a stuck wallet. Ninety seconds after a Leeds nurse entered her recovery phrase, £29,800 was gone.

    Operator
    Fluxcrypto → dossier
    Vector
    Seed-Phrase Wallet-Drainer
    Instrument
    ETH + USDT (ERC-20)
    Reported Loss
    £29,800 GBP
    Sealed On
    18 Apr 2026
    Status
    26% recovered
    Claimant
    Retired nurse, Leeds UK

    Point of Entry

    A retired nurse in Leeds couldn’t get her hardware wallet to connect. She searched for help and landed on Fluxcrypto’s polished ‘wallet sync’ page with a live chat agent.

    The agent told her the fix was to re-validate her wallet by entering her twelve-word recovery phrase. She did.

    Where Custody Broke

    The phrase was everything the operators needed. A drainer imported her wallet, granted itself unlimited approval, and swept her ETH and USDT — pushing the ETH through decentralised swaps in under two minutes.

    By the time the ‘agent’ went quiet, the wallet was empty.

    “He sounded like real support — calm and technical. The help I went looking for was the trap.”— Janet H., Leeds

    The Recovery Ledger

    1. L01Intake & capture. We recorded the malicious approval, the sweep transactions, and the Fluxcrypto domain that had captured the seed phrase.
    2. L02Damage scoping. The ETH was gone into swaps within minutes; the USDT leg paused in a consolidation wallet.
    3. L03Issuer & VASP route. Because USDT is centrally issued, we built the freeze around the stablecoin tranche and the one exchange it touched.
    4. L04Freeze request. We submitted the trace, the approval-revocation proof, and the victim statement to the exchange and the issuer.
    5. L05Recovery. Only the USDT that reached a compliant venue could be frozen and partially returned; the swapped ETH was unreachable.
    26%
    Funds Returned to Claimant

    An honest, low recovery. Wallet-drainers are the hardest breach to reverse; only the USDT tranche that reached a compliant exchange could be frozen.

    Breach Signatures

    • A search result or ad impersonating wallet or exchange support.
    • Any ‘support’ that asks you to enter or re-validate your recovery phrase.
    • A live chat manufacturing urgency around a routine problem.
    • A domain close to, but not exactly, an official one.
    • A ‘fix’ that means typing your seed into a website instead of your device.

    Entered your seed phrase somewhere you shouldn’t have?

    Speed decides everything with a drainer. If any funds touched a regulated exchange, there may be a window to freeze them.

    Open a CaseAll case files

  • BidAskBit: When the Exchange Let You Deposit But Never Let You Withdraw

    [ Case File · CSL-2026-0409 · Fake Exchange · Frozen Withdrawal ]

    BidAskBit: When the Exchange Let You Deposit But Never Let You Withdraw

    BidAskBit looked like any mid-tier exchange — until a Dublin architect tried to withdraw. Then came a ‘capital-gains clearance fee,’ an ‘anti-money-laundering hold,’ and silence. €54,200.

    Operator
    BidAskBit → dossier
    Vector
    Fake Exchange · Frozen Withdrawal
    Instrument
    BTC + USDT
    Reported Loss
    €54,200 EUR
    Sealed On
    09 Apr 2026
    Status
    71% recovered
    Claimant
    Architect, Dublin IE

    Point of Entry

    A Dublin architect opened an account with BidAskBit after seeing it promoted as a low-fee exchange. Deposits cleared instantly and the interface looked the part.

    He traded for weeks, watching a healthy balance grow, before he tried to take any of it out.

    Where Custody Broke

    The withdrawal triggered a ‘capital-gains clearance fee,’ then an ‘anti-money-laundering hold’ that could only be lifted by depositing more. Each step moved the goalposts.

    When he refused to send more, support stopped replying and the balance became unreachable.

    “Depositing was instant. Withdrawing turned into a wall of fees I was told I had to pay first.”— Cian B., Dublin

    The Recovery Ledger

    1. L01Intake & capture. We recorded every deposit to BidAskBit, the account screenshots, and the fee demands blocking the withdrawal.
    2. L02On-chain trace. The BTC and USDT deposits consolidated into wallets we tracked to a regional off-ramp.
    3. L03Off-ramp identification. The withdrawal-block had actually kept much of the balance pooled rather than dispersed.
    4. L04Attestation & freeze. We filed a documented freeze request with the receiving exchange before the funds moved.
    5. L05Recovery. The freeze caught most of the Bitcoin tranche; a smaller USDT portion had already been routed away.
    71%
    Funds Returned to Claimant

    A strong-ish result. The withdrawal-block stalled the funds long enough that a documented freeze caught most of the BTC before it was off-ramped.

    Breach Signatures

    • An exchange where deposits are instant but withdrawals trigger new conditions.
    • A ‘tax,’ ‘clearance,’ or ‘AML’ fee payable only by depositing more.
    • Pressure and shifting requirements once you try to cash out.
    • No verifiable regulation or registered entity.
    • Support that goes silent the moment you stop funding.

    Can’t withdraw from an ‘exchange’?

    A withdrawal block can keep funds pooled long enough to freeze. Bring us your deposits and the fee demands.

    Open a CaseAll case files

  • Extrochain: How a ‘Sold-Out’ Token Presale Drained $61,400 in Minutes

    [ Case File · CSL-2026-0331 · ICO / Presale Rug-Pull ]

    Extrochain: How a ‘Sold-Out’ Token Presale Drained $61,400 in Minutes

    Extrochain looked like a real Layer-2 project — an ‘audited’ badge, a countdown, a busy Telegram. Minutes after the presale filled, the contract was drained and the team was gone. A Denver engineer lost $61,400.

    Operator
    Extrochain → dossier
    Vector
    ICO / Presale Rug-Pull
    Instrument
    ETH + USDC · Base
    Reported Loss
    $61,400 USD
    Sealed On
    31 Mar 2026
    Status
    31% recovered
    Claimant
    Software engineer, Denver CO

    Point of Entry

    The client found Extrochain in a crypto thread: a polished launchpad, a two-year ‘liquidity lock’ screenshot, an ‘audited’ badge, and a countdown nearly at zero. The Telegram was loud and confident.

    He bought into the presale in two transactions — ETH from a hardware wallet, USDC from an exchange — sure he was early to a real project.

    Where Custody Broke

    Extrochain’s presale contract held an owner-only withdrawal and an uncapped mint. The moment the raise filled, the operators drained the pool, dumped minted tokens against the thin liquidity, and renamed every channel.

    The ‘vesting dashboard’ was a static page connected to nothing on-chain. There was never a token to claim.

    “I watched the vesting page for two days before I accepted there was no token and no vesting — just a screenshot.”— Marcus T., Denver

    The Recovery Ledger

    1. L01Intake & capture. We logged every transaction hash, the Extrochain presale contract, and the two wallets that funded it.
    2. L02On-chain trace. The contract’s withdrawals led to a deployer wallet that fanned proceeds across four hops within the hour the liquidity vanished.
    3. L03Off-ramp identification. Two hops ended at deposit addresses we attributed to compliant exchanges; the rest crossed a bridge into a mixer.
    4. L04Attestation & freeze. We filed a documented trace and freeze request with both exchanges, tying the deposits to the Extrochain drain.
    5. L05Recovery. One exchange froze the funds still in custody and, after the client’s identity was verified, released the recoverable tranche.
    31%
    Funds Returned to Claimant

    A partial result. The funds bridged through a mixer were beyond reach; we recovered the tranche the operators left sitting inside a compliant exchange.

    Breach Signatures

    • A countdown timer pushing you to deposit before you can verify anything.
    • An anonymous team and an ‘audit’ badge with no link to a real report.
    • A liquidity-lock ‘screenshot’ instead of a verifiable on-chain lock.
    • Guaranteed listing and fixed returns no real token can promise.
    • A vesting dashboard that shows numbers but never settles a transaction.

    Bought into a presale that vanished?

    The faster a rug-pull is traced, the more of it sits still long enough to freeze. Bring us the contract and the transactions.

    Open a CaseAll case files

  • Amicus Finance: The Loan That Took the Collateral and Never Paid Out

    [ Case File · CSL-2026-0224 · Crypto-Collateral Loan Scam ]

    Amicus Finance: The Loan That Took the Collateral and Never Paid Out

    Amicus Finance offered an Auckland builder a stablecoin loan against his Bitcoin without selling it. The collateral went in; the loan never came out — only escalating ‘release’ fees. NZ$104,000.

    Operator
    Amicus Finance Limited → dossier
    Vector
    Crypto-Collateral Loan Scam
    Instrument
    BTC collateral
    Reported Loss
    NZ$104,000 NZD
    Sealed On
    24 Feb 2026
    Status
    58% recovered
    Claimant
    Builder, Auckland NZ

    Point of Entry

    An Auckland builder needed working capital but didn’t want to sell his Bitcoin. Amicus Finance offered a stablecoin loan against it, with a ‘relationship manager’ to handle onboarding.

    He moved his BTC into what he was told was a ‘segregated collateral wallet,’ expecting a credit line in return.

    Where Custody Broke

    No loan arrived. Instead came a ‘risk-buffer deposit,’ then an ‘insurance premium,’ then ‘liquidation protection’ — each fee unlocking the next.

    The collateral wallet was no smart contract; it was an ordinary address that swept his BTC on arrival. When he stopped paying, the account went ‘under review,’ then dark.

    “I kept paying fees to get back coins I already owned. Each one came with a new official reason.”— Reece M., Auckland

    The Recovery Ledger

    1. L01Intake & capture. We documented the BTC transfer to Amicus’s ‘collateral wallet,’ the onboarding paperwork, and every release fee demanded.
    2. L02Wallet attribution. The collateral address immediately swept the BTC; we clustered it to a single controlling entity.
    3. L03Off-ramp & fee-wallet mapping. We split two flows: the collateral heading to an exchange, and the fees landing in a second collection wallet.
    4. L04Dual freeze. We filed attested freeze requests with both receiving service providers.
    5. L05Recovery. The exchange holding the larger tranche froze and returned it; some BTC had already been cashed out.
    58%
    Funds Returned to Claimant

    A partial recovery. The larger tranche was frozen inside an exchange and returned; some Bitcoin had already been converted to cash before our request landed.

    Breach Signatures

    • Being asked to pay fees to release a loan or withdraw your own collateral.
    • Collateral sent to a plain wallet address, not an auditable smart contract.
    • A ‘relationship manager’ applying steady pressure with an answer for everything.
    • No verifiable lending licence behind the platform.
    • A ‘compliance hold’ that appears only when you stop paying.

    Pledged crypto as collateral and lost it?

    Collateral scams leave a clear on-chain trail. The sooner we map it, the better the odds of a freeze.

    Open a CaseAll case files

  • AltMining Expert: The ‘Daily Mining Yield’ That Cost More to Withdraw Than It Paid

    [ Case File · CSL-2026-0212 · Cloud-Mining Contract ]

    AltMining Expert: The ‘Daily Mining Yield’ That Cost More to Withdraw Than It Paid

    AltMining Expert sold a Calgary electrician a ‘cloud-mining contract’ with daily yields that ticked up on a dashboard. Cashing out required a ‘maintenance fee,’ then a ‘withdrawal bond.’ CA$37,500.

    Operator
    AltMining Expert → dossier
    Vector
    Cloud-Mining Contract
    Instrument
    BTC
    Reported Loss
    CA$37,500 CAD
    Sealed On
    12 Feb 2026
    Status
    44% recovered
    Claimant
    Electrician, Calgary CA

    Point of Entry

    A Calgary electrician bought a ‘cloud-mining contract’ from AltMining Expert — pay once in Bitcoin, earn a daily yield without owning hardware. The dashboard ticked upward from day one.

    For a few weeks it looked like passive income working exactly as advertised.

    Where Custody Broke

    Withdrawing the ‘earnings’ required a ‘maintenance fee,’ then a ‘withdrawal bond,’ each larger than the last. The yield was a number on a screen; there was no mining.

    When the fees exceeded anything he could recover, the account was quietly frozen.

    “The dashboard climbed every day. The only thing I couldn’t do was take any of it out.”— Trevor K., Calgary

    The Recovery Ledger

    1. L01Intake & capture. We logged the BTC contract payment to AltMining Expert and each fee transaction that followed.
    2. L02Wallet attribution. The contract payment landed in a wallet cluster we tied to a single operator.
    3. L03Off-ramp mapping. Part of the Bitcoin had already moved through non-compliant channels; the rest sat at a reachable venue.
    4. L04Attestation & freeze. We filed a freeze request for the reachable tranche, with the on-chain map attached.
    5. L05Recovery. We froze and returned what remained reachable; the off-ramped portion was beyond recovery.
    44%
    Funds Returned to Claimant

    A mid-range recovery. Part of the Bitcoin had already been cashed out through non-compliant channels; we froze and returned what remained reachable.

    Breach Signatures

    • A ‘daily yield’ dashboard that climbs but won’t let you withdraw.
    • Fees, bonds, or ‘maintenance’ charges required before any payout.
    • Returns paid as numbers on a screen, not transactions you can verify on-chain.
    • A one-time crypto payment with no verifiable mining operation behind it.
    • Escalating costs that always exceed what you can take out.

    Stuck paying fees to release ‘mining’ profits?

    Cloud-mining payments are traceable on-chain. The sooner we start, the more we can reach.

    Open a CaseAll case files

  • CryptoVestOptions: The Account Manager, the Fake Gains, and the ‘Withdrawal Tax’

    [ Case File · CSL-2026-0129 · Boiler-Room Binary Options ]

    CryptoVestOptions: The Account Manager, the Fake Gains, and the ‘Withdrawal Tax’

    CryptoVestOptions paid out one small withdrawal to earn a Phoenix pharmacist’s trust, then walled the rest behind a ‘20% performance tax.’ $88,700 across three cards and a string of USDT top-ups.

    Operator
    CryptoVestOptions → dossier
    Vector
    Boiler-Room Binary Options
    Instrument
    Cards + USDT-TRC20
    Reported Loss
    $88,700 USD
    Sealed On
    29 Jan 2026
    Status
    67% recovered
    Claimant
    Pharmacist, Phoenix AZ

    Point of Entry

    A Phoenix pharmacist was contacted about a managed trading account and assigned a personal ‘account manager’ at CryptoVestOptions who called most mornings. A small early withdrawal was paid out to build trust.

    Reassured, she scaled up — funding across three credit cards and a series of USDT-Tron top-ups the manager arranged.

    Where Custody Broke

    The CryptoVestOptions dashboard showed steady, rising profits — all fabricated. A withdrawal required a ‘20% performance tax’ first, then a ‘bonus’ she hadn’t asked for locked the balance.

    Soon after, the platform stopped loading and the manager stopped calling.

    “The first small withdrawal is what did it. Once they paid me once, I stopped questioning anything.”— Alicia D., Phoenix

    The Recovery Ledger

    1. L01Intake & capture. We assembled two tracks: card statements for three issuers, and the USDT-Tron transactions CryptoVestOptions had directed.
    2. L02Chargeback dossier. For the card deposits we prepared reason-coded files showing no genuine service was rendered.
    3. L03On-chain trace. The USDT-Tron top-ups consolidated into a wallet feeding a regional exchange, which we attributed.
    4. L04Coordinated requests. We ran the bank recalls and the exchange freeze in parallel.
    5. L05Recovery. The card issuers reversed most disputed deposits and the exchange released the frozen crypto — a stronger result from two live channels.
    67%
    Funds Returned to Claimant

    A stronger result, because two channels ran at once: card chargebacks reversed most of the deposits while the USDT tranche was frozen at an exchange.

    Breach Signatures

    • Unsolicited contact followed by a ‘managed’ account.
    • A small early withdrawal that pays out — a deliberate trust-builder.
    • Pressure to fund across multiple cards and crypto rails.
    • A tax or fee demanded before any withdrawal.
    • A ‘bonus’ whose terms quietly lock your balance.

    Locked out of a trading account by ‘fees’?

    Card deposits and crypto top-ups can often be pursued on parallel tracks. Bring us both and we’ll map the options.

    Open a CaseAll case files
[ ] Open a Case
FinCENSAR-ready filings
IC3 / FBICyber complaint packets
FCA / BaFinEU/UK reporting
CHAIN OF CUSTODYsigned & timestamped
EST · NEW YORK667 Madison Avenue