Forensic Standards: Chain-of-custody · Verifiable on-chain trail · Regulator-ready packets
12 cases under review
1321 wallets traced this month
Free Case Evaluation →
Forensic Standards: chain-of-custody · verifiable on-chain trail · regulator-ready packets data sources: Etherscan · SlowMist · CertiK
12cases under forensic review 1321wallets traced this month Submit Wallet for Trace →

cat ~/cases/*.log

Case Files: Reading the Chain Line by Line

Real investigations from our casework. Each file follows one operator from our Scam Brokers directory — how the loss happened, how we traced it through the code, and exactly how much we recovered. The outcomes are mixed, because real ones are: some of these came back almost whole, others only in part.

New here · start with the field guideHow Stolen Crypto Is Traced: Eight Scam Patterns, Read From the Chain →
CAC-2026-041.log
DeFi arbitrage bot

AITech Wealth Management: the arbitrage vault that drained on deposit

A vault showed 1.8% daily returns for eleven weeks. On-chain, every deposit left the contract the same hour. We followed the bridge to a cash-out exchange.

Reported loss$84,200
Recovered47%
read the trace →
CAC-2026-042.log
SIM-swap takeover

Amadeus Markets: a SIM-swap account takeover caught inside 36 hours

“No Service” wasn’t a network outage — it was an attacker holding a phone number to bypass SMS 2FA. Speed turned a total loss into a mostly-recovered one.

Reported loss£163,000
Recovered81%
read the trace →
CAC-2026-043.log
Wallet-drainer phishing

Abyss World Asset: one malicious signature emptied an NFT wallet

She never typed a seed phrase — she clicked “Sign” on a fake claim page. A sweeper bot did the rest in 90 seconds. An honest, partial recovery.

Reported lossCAD 52,400
Recovered19%
read the trace →
CAC-2026-044.log
Presale rug-pull

Any Coin Capital: a presale where liquidity was “locked” for 7 days

The lock was real — for a week. The audit was a logo. We read the contract, found the rug transaction, and clawed back part of the pool.

Reported loss$41,500
Recovered36%
read the trace →
CAC-2026-045.log
Fake exchange

305Markets: the exchange that froze every withdrawal behind a fee

The balance climbed on screen; withdrawals returned an error demanding a release “tax.” Splitting the card and crypto trails early recovered the larger half.

Reported lossAUD 96,800
Recovered64%
read the trace →
CAC-2026-046.log
Clone firm / APP

AHP Capital: the broker that borrowed a regulated firm’s licence

A real registration number, copied. The contact details — the one thing a clone can’t fake — gave us the trail. Bank recall plus an on-chain freeze.

Reported loss€86,500
Recovered92%
read the trace →
CAC-2026-047.log
Romance + staking

Amari Capital: a romance that became a $164,000 staking trap

Five months of trust, then a blocked withdrawal. The funds were layered through dozens of hops. An honest account of a hard one to recover.

Reported loss$164,000
Recovered22%
read the trace →
CAC-2026-048.log
Recovery scam

AssetImperial: the “recovery firm” that scammed a scam victim again

They knew exactly what he’d already lost — and charged upfront fees to “get it back.” We unwound the second fraud and named the rule that stops it.

Reported loss$31,900
Recovered58%
read the trace →

Wondering if your loss is traceable?

Send us the basics. We will tell you honestly whether the chain holds a trail worth following.

Request a Forensic Review