Forensic Standards: Chain-of-custody · Verifiable on-chain trail · Regulator-ready packets
12 cases under review
1327 wallets traced this month
Free Case Evaluation →
Forensic Standards: chain-of-custody · verifiable on-chain trail · regulator-ready packets data sources: Etherscan · SlowMist · CertiK
12cases under forensic review 1327wallets traced this month Submit Wallet for Trace →

Written by

cryptoandcode

in

cac-forensics ~ trace –case CAC-2026-046 –chain btc –rails bank

Case File // CAC-2026-046 // Operator: AHP Capital (clone)

The Broker With a Borrowed Licence: Recovering €86,500 From the AHP Capital Clone

A retired engineer in Dublin checked the regulator’s register before he wired a cent. The firm was there. What he didn’t notice was that AHP Capital had copied an authorised firm’s name and registration number — everything except the real contact details. Acting fast on the bank rail is what brought almost all of it back.

OperatorAHP Capital →
VectorClone of a regulated firm (APP fraud)
InstrumentCloned licence + bank transfer → BTC
ChainBank wire (SEPA) → Bitcoin
Reported loss€86,500
Exposure window6 weeks
Recovered92% (€79,580)

The Entry Point

AHP Capital presented itself as an established, regulated investment firm. It quoted a genuine registration number and a real company name lifted from the public register — a tactic called a clone firm. When our client looked the number up, the authorised entity appeared, and he relaxed.

Over six weeks he made several SEPA transfers from his bank to accounts AHP provided. The firm then “converted” the deposits to Bitcoin inside its own platform.

Where It Broke

The registration number was real; the people using it were not. The bank details, phone numbers, and domain all differed from the genuine firm — the only things a clone cannot copy. The fiat he sent was moved to an exchange, converted to BTC, and forwarded to a consolidation wallet.

Because the loss began as bank transfers he was deceived into authorising, it qualified as authorised push payment (APP) fraud — which opened a reimbursement route alongside the on-chain trace.

I checked the register. The number was real. It never occurred to me that someone could simply borrow it.

The Trace

  1. Proved the clone

    We documented, line by line, where AHP Capital’s contact details diverged from the authorised firm on the register — the evidence the bank and regulator needed.

  2. Mapped the fiat-to-crypto bridge

    We followed the SEPA transfers to the receiving accounts and identified the exchange where euros became Bitcoin.

  3. Filed the APP reimbursement claim

    With the clone evidence, we supported his bank’s recall and APP-fraud reimbursement process on the fiat leg.

  4. Traced and froze the BTC leg

    The converted Bitcoin consolidated toward a single wallet that deposited to a regulated exchange; a documented freeze request held it.

  5. Reconciled both rails

    Bank reimbursement plus the on-chain freeze covered the great majority of the loss.

Outcome

92% recovered

€79,580 of €86,500 came back — most via the bank’s APP-fraud reimbursement on the wires, the remainder from the frozen Bitcoin. The small shortfall was a hop that cleared a no-KYC service before we reached it. Clone-firm cases reward speed and documentation: the register entry that fooled him also gave us the paper trail to unwind it.

Red Flags in the Code

  • A firm quotes a real registration number but the contact details differ from the register entry.
  • Pressure to transfer to accounts in a different name or country than the firm.
  • The website domain is newer than the firm’s claimed history.
  • Deposits are “converted” to crypto inside the platform rather than on an exchange you control.
  • Always call the firm using the number on the regulator’s register, not the one they gave you.

Recognise this pattern?

If your loss looks like this one, send us the transactions and the platform. We’ll tell you honestly whether the chain still holds a trail worth following.

Request a Forensic Review

More posts