The rise of bitcoin doubler scams promoted through prominent social media channels marks a noticeable uptick in crypto scam targeting the general public, many of whom are likely unfamiliar with cryptocurrency or the pervasive nature of these scams. Blockchain analysis and cryptocurrency investigations services like CipherTrace can help these victims obtain the information they need to potentially recover their funds.
What investigators need so they can help recover your funds
Step One to Recovering Your Crypto—Find Your Transaction IDs (TXIDs)
Before investigators can begin tracing your assets, they will need all the transactions IDs identifying the funds you sent to the scammers. These transaction IDs will allow investigators to “follow the money” and see exactly where your coins are moving. While it is still possible to conduct an investigation without transaction IDs, knowing these will expedite any investigation and reduce potential complications.
How to identify a transaction ID
On most blockchains, a transaction ID (TXID) is a unique string of letters and numbers that represent a record of the movement of cryptocurrency from one address to another. This can sometimes be referred to as the transaction hash. This hash identifies the datetime, sending addresses, receiving addresses, transaction amounts, fees, and more. A Bitcoin transaction hash, for example, is displayed as a 65-digit-hexadecimal number, as seen below.
A visual representation of a Bitcoin transaction.
Depending on the exchange or wallet you are using, you may need to dig deeper into your transaction information to find the transaction ID, as demonstrated below.
In order to locate the transaction ID in a BRD wallet, users must click “Show Details” to reveal the additional transactional information.
I can’t find my transaction ID
Not all exchanges and wallets provide TXIDs for you. However, because most blockchains are public, you should still be able to find it yourself through blockchain explorer websites like blockchain.com.
Using bitcoin as an example, start by locating the address you sent your bitcoin to and paste this into the search bar of the blockchain explorer website. This will display all incoming and outgoing transactions to and from that address. To locate your transaction ID, there are two things you should look for:
Date/time
Amount sent
If the date/time and the amount received a match with your transaction, then you can identify your transaction ID by locating the hash associated with the transaction, as seen below.
My transaction ID doesn’t match my address when searching on a blockchain explorer
If you believe you have identified your transaction on a blockchain explorer by matching the data/time and transaction amount, but the sending address doesn’t match your sending address, there is no need to panic. If you sent your funds from your account at a cryptocurrency exchange, your deposit address at the exchange will rarely be the same address that is used to conduct outgoing transactions.
This is because of the way cryptocurrency exchanges typically group outgoing transactions to maximize cost efficiency. What you are likely seeing is an address associated with one of the exchange’s hot wallets. While funds may appear to be sent and received to your account at an exchange, these systems are typically all internal and do not reflect actual movement on the blockchain. Instead, exchanges commonly move transactions in and out of their hot wallets to best fulfill customer transactions, grouping orders together to minimize the number of outgoing transactions while maximizing cost efficiency in an attempt to keep fees low for users.
The figure above demonstrates how exchanges move funds on the blockchain by grouping outgoing transactions together. For this reason, any funds leaving an exchange are likely to have multiple inputs (sending addresses) and multiple outputs (receiving addresses). If you are sending funds from an exchange, there is no need to be alarmed if you see this type of activity when looking for your address on a blockchain explorer.
Step Two to Recovering Your Crypto—Writing Your Narrative
A clean and concise narrative of your incident will help give your case color, aiding in an investigator’s understanding of the flow of funds. Important information to include in your narrative are:
- all transaction IDs,
- where you sent your crypto from (private wallet, account at exchange X, etc.),
- where you believed you were sending your funds (perpetrator’s private wallet, arbitrage account at XYZ, etc.), and
any details regarding the scam and scammers.
Additionally, law enforcement will usually require proof of ownership of the original source of funds. Please ensure that you still have access to any accounts you initially used to send money to the scammers.
Step Three to Recovering Your Crypto—Contacting Investigators
CipherTrace offers two services to the victims of crypto thefts and scams. For larger losses, CipherTrace Professional Services can assist you with every aspect of the recovery, from investigation to helping law enforcement write their subpoenas to testifying in support of our analysis.
Smaller thefts can utilize our Defenders League for pro bono asset recovery support, where our team of investigative interns will supply you with the information law enforcement needs to begin an official investigation.
If you are the victim of a crypto theft or scam, you can contact us here: https://ciphertrace.com/bitcoin-scam-and-theft-asset-recovery/
I was hacked. Do these steps apply to me?
Yes! Investigators will still need the transactions IDs for the hack and a complete narrative to contextualize their trace.
Next Steps—Contacting Law Enforcement and Reporting to IC3
Reporting mechanisms for cyber-crimes such as crypto fraud vary from country to country.
In the United States, you can go to your local police station to lodge a complaint. You can also report the crime to the Internet Crime and Complaint Center (IC3) at https://www.ic3.gov/
In Europe, Europol is a great resource for finding the reporting website of your country: https://www.europol.europa.eu/report-a-crime/report-cybercrime-online. For Member States without a dedicated online option in place, Europol recommends going to your local police station to lodge a complaint.
When it comes to lost cryptocurrencies, the probability of successful asset recovery depends on several factors, including amount lost, obfuscation techniques used, and whether or not the funds have moved to a regulated exchange.
While the CipherTrace Defenders League takes on most cases, regardless of the amount of cryptocurrency lost, many law enforcement agencies have value thresholds for investigations. Lodging your complaint with your federal government will increase your chance of asset recovery if a larger investigation is ever opened against your scammer.