You just realized you've been scammed. Your stomach is on the floor. The clock you didn't know was running started the moment you discovered it — and a lot of what's possible in the next three days closes after that. This post walks through what to do in the order it has to happen, what not to do (which is sometimes the more important list), and the second-wave recovery scammers who will be in your inbox by tomorrow.
None of this is legal advice. None of it promises recovery of your funds — recovery of stolen cryptocurrency is uncommon, and any post or product that promises it is lying to you. What this post does is help you make the next 72 hours count for the things that actually matter: preserving the evidence, filing the right reports in the right order, and not falling for the second scam that's already on its way.
Why the first 72 hours matter
Several windows close fast after a crypto fraud. Each one limits what's possible later.
The exchange freeze window. If the funds you sent ultimately landed at a cryptocurrency exchange (Binance, Coinbase, Kraken, OKX, Crypto.com, Gemini, and others), the exchange may be able to freeze them — but only if it's contacted quickly, with structured documentation, and a federal complaint number in hand. Within 24 to 48 hours of the receiving deposit, freeze is possible. Within a week, freeze is still possible but increasingly unlikely. After two or three weeks, the funds are usually gone — moved through intermediate wallets or off-ramped to jurisdictions outside the exchange's reach. The window is measured in days, not months.
The wire recall window. If you funded the scam by sending a bank wire to the scammer (or to a crypto exchange that converted it), wires can sometimes be recalled within 24 to 48 hours of initiation. After 72 hours, recall is rarely successful, especially for international wires. This window is measured in hours.
The evidence preservation window. Scammers delete accounts when they sense the victim has caught on. Telegram usernames change. Dating-app profiles disappear. WhatsApp accounts go dark. The chat threads that prove the scam happened can be gone within hours of the victim's first defensive move. Once the evidence is gone, it's gone — and reconstructing the case from memory is exponentially weaker.
The you-can-still-think window. The cognitive impact of discovering a major scam is real and immediate. Shame, grief, and self-doubt impair decision-making, sometimes for weeks. The first 72 hours are when victims still have enough adrenaline to act. After that, the shame often calcifies into paralysis — reports don't get filed, banks don't get called, and the window for help closes not because the institutions stopped caring but because the victim stopped reaching out.
What most victims do wrong
Almost all of these mistakes come from a single instinct: do something visible to feel less helpless. That instinct is normal. It also tends to make the case worse.
1. Confronting the scammer
The temptation to message the scammer the moment you realize is enormous. Don't. They will block you and delete their accounts, and whatever evidence you haven't preserved yet goes with them. The first action goes to evidence preservation, not confrontation.
2. Moving remaining crypto
If you still have funds in any wallet involved in the scam, the instinct is to immediately move them somewhere "safe." Don't — not yet. Moving them creates additional on-chain noise that complicates the report, and may put you outside the timeframes that exchanges and federal investigators are looking at. Lock them down, document them, but don't transfer them in the first 24 hours unless you're certain the wallet's compromised.
3. Deleting accounts and messages
Embarrassment makes victims want to scrub the evidence of what happened. The dating app where the relationship started. The Telegram chat where the investment was discussed. The "investment platform" account. Federal investigators and exchanges need the original, not a sanitized version. Deleting accounts is destroying evidence, even when you're the victim.
4. Paying anyone who offers to recover the funds
This one deserves a section of its own. We'll get there.
5. Telling the scammer's "supervisor"
Within hours of realizing, victims often hear from someone claiming to be the scammer's "supervisor," "compliance officer," or "customer service team." They sound concerned. They promise to help recover the funds. They are the same scam operation, often the same person, escalating to the second round. Do not engage.
6. Posting publicly about it before reporting
Posting on Reddit, Twitter/X, Facebook, or a forum about being scammed feels cathartic. It also puts you on the recovery-scammers' radar. Detailed posts — transaction hashes, wallet addresses, amounts, the platform you were on — are read by the same people who scammed you, looking for second-round targets. File the reports first. Post about it later, if at all, and keep the public version high-level.
The right order, by time window
Federal authorities, exchanges, and banks all want roughly the same information. The most efficient path is to compile that information once and then file each report drawing from it. Here's the sequence.
Preserve everything
Before you do anything else — before you tell anyone, before you contact your bank, before you respond to any message — lock down the evidence.
- Screenshot every chat on every platform the scammer used (Telegram, WhatsApp, Signal, Discord, dating apps, SMS, iMessage).
- Export full chat histories where the platform allows it. Telegram, WhatsApp, and Signal all support exports.
- Save every transaction hash from your wallet, your exchange's transaction history, and any "investment platform" the scammer pointed you to.
- Photograph your screens with a second device. Some scammer interfaces (fake investment dashboards in particular) disappear quickly once they detect the victim is suspicious.
- Write down what you remember. Names, dates, phone numbers, things they said. Memory degrades fast in crisis.
Put it all in one folder. Call it crypto-incident-[date]. Everything that follows depends on this folder existing.
Build the foundational documents
You need three documents that every downstream report will draw from:
- The incident timeline. First contact through the moment of realization, chronologically, with sources cited for every event.
- The wallet and transaction log. Every wallet, every exchange account, every on-chain transaction with hashes and USD values.
- The scammer profile packet. Every identity, contact detail, platform, and digital trace.
Building these three documents in the first 24 hours is what separates the IC3 reports that get acted on from the ones that get filed. Federal investigators can do enormous work with well-organized documentation. They can do almost nothing with a panicked "I got scammed by someone on Telegram" message.
File the FBI IC3 report
The FBI Internet Crime Complaint Center at ic3.gov is the federal aggregator for online crime complaints. Filing IC3 generates a complaint reference number that every downstream institution — your exchange, your bank, your state Attorney General, your local FBI field office — will ask for. File IC3 before anything else.
After IC3:
- FTC at reportfraud.ftc.gov — a separate database from IC3, worth filing in parallel.
- Your state Attorney General's consumer fraud complaint form — some state AGs pursue cases federal authorities deprioritize.
- Local police report — walk into your local department's records division and file an official report. Most local police can't investigate international crypto fraud, but the police report is required documentation for some insurance and tax claims.
Notify the exchange and your bank
With your IC3 complaint number in hand, contact:
- The receiving cryptocurrency exchange. Through their fraud-report or compliance flow, not customer support. Provide the structured incident report with transaction hashes, dates, and your IC3 number. If the funds are still on the exchange and you contact them quickly with proper documentation, freeze is possible.
- Your bank or card issuer. If you funded the scam by wire, ACH, debit, or credit card, your bank needs written notice. Wire recall windows are hours; chargeback windows for credit cards are 60 to 120 days. File the notice now regardless.
Both communications should reference your IC3 case number. Structured incident reports get acted on; unstructured "please help" emails get filed under "victim correspondence" and rarely move.
The recovery scam: read this before you do anything else
Within hours of being scammed, you will be contacted by people offering to recover your money. They find you. They monitor public posts about crypto fraud. They scrape victim forums. Some of them are running second-round scams using the same data the original scammers had on you.
The framing to hold: if the offer is unsolicited, the answer is no. Legitimate professionals in this space do not cold-contact victims. They do not message you on Telegram. They do not promise specific recovery percentages. They do not demand upfront fees.
Red flags that mean it's a second scam
If any of these apply, walk away. If three or more apply, you are being targeted by a follow-on operation:
1. They contacted you, not the other way around.
2. They mention details about your specific case that you didn't share with them.
3. They promise specific recovery percentages ("70 to 90% recoverable").
4. They demand any upfront fee — "retainer," "good faith deposit," "tax to release the funds," "gas fee," "compliance fee."
5. They ask for additional crypto to "unlock" your funds.
6. They claim "insider connections" at exchanges, banks, or law enforcement.
7. They manufacture urgency ("24-hour window," "the exchange is closing the account on Friday").
8. They operate only on Telegram, WhatsApp, or Signal — no website, no registered business, no verifiable identity.
9. Their photos fail reverse image search.
10. They reach you on the same platform the original scam happened on.
Real recovery, when it happens, comes from law-enforcement seizure (often years after the scam, as part of a broader case) or from narrow-window exchange freezes (which you are already attempting). It does not come from a service that contacts you unsolicited demanding upfront payment. Anyone who tells you otherwise is the second scam.
Public resources only
The only places to send your information are public, verifiable, and free. Federal and state agencies that you can find through their official .gov websites. Your own bank's fraud department. The exchange's published fraud-report channel. Nothing else.
- FBI Internet Crime Complaint Center: ic3.gov
- Federal Trade Commission: reportfraud.ftc.gov
- FinCEN: fincen.gov (banks file SARs on your behalf; you don't file directly)
- Your state Attorney General — search "[state] attorney general consumer fraud complaint"
- Your local FBI field office: fbi.gov/contact-us/field-offices
- Chainabuse (community scam-wallet database): chainabuse.com — check whether the scammer's wallet has been reported before
Do not engage any private "investigator," "recovery firm," or "asset tracing service" that contacts you unsolicited. Federal investigators are who actually have the authority to subpoena exchanges, seize assets, and prosecute. Everything you need them to do is initiated through the public reporting channels above.
What realistic outcomes look like
You deserve to know what's actually possible:
- Funds recovery from crypto fraud is uncommon. When it happens, it's usually from an exchange freeze in the narrow window or from law-enforcement asset seizure months or years later in a larger case.
- Most IC3 reports are not individually investigated. They feed an aggregate dataset that drives prosecutions of larger scam groups. Your report contributes even when nothing comes back to you.
- Your tax position may change. A documented scam loss may qualify as a casualty loss on your federal taxes depending on the type of fraud and the year. Talk to a CPA. Your IC3 report and your timeline are what the CPA will need.
- The emotional impact is real. Crypto fraud — especially the romance-and-investment variety that is the most common pattern — is designed to feel personal. Many victims experience trauma comparable to other major life violations. The shame is the worst part for most people, and it often delays the reporting that could actually have helped. If you're sitting with the shame instead of doing the steps, find someone to talk to. The shame helps no one. The reports might.
The 30-second AI version
The ParClark First 72 Hours: Crypto Fraud Toolkit bundle includes the nine Markdown skills that walk through each step in this post operationally — first-72-hours (the panic-window checklist), incident-timeline, wallet-and-transaction-log, scammer-profile-packet, ic3-report-draft (drafts the IC3 narrative from your inputs), exchange-freeze-request, bank-and-card-fraud-notice, recovery-scam-redflag-scan, and family-and-advisor-brief. You paste them into Claude, ChatGPT, or Cursor, the AI walks you through each step asking for what you have, and the drafts come out the other end.
The bundle does not promise recovery. It is the operational structure for doing this once, well, when you can't think clearly enough to invent it yourself.
If you're past the 72-hour window
Most of this still applies. Evidence preservation, IC3 filing, the scammer-profile packet, the recovery-scam scan, the family-and-advisor brief — all of it works past the 72-hour window. The pieces with hard time limits are the exchange freeze and the wire recall. Everything else is timeless documentation. If you discovered the scam a week ago or six months ago, start now. Late is better than not.
For the family member, attorney, or advisor helping a victim
If you're reading this for someone else, the most important thing you can do is not add to the shame. Avoid "how did you not see the signs," "I would never have done that," and "this is obvious in hindsight." Crypto scams are designed by behavioral teams to work on intelligent people. Many victims are doctors, attorneys, professors, and former finance professionals. Your role is to assist, not to grade.
The practical steps are the same as above. The emotional steps are: slow them down on responding to recovery scammers, validate that this happens to smart people, suggest professional support if the impact is severe (crypto-scam trauma is real and often warrants therapy), and respect the victim's autonomy on every decision that's theirs to make.
You don't have to figure this out alone.
The First 72 Hours: Crypto Fraud Toolkit is a $39-suggested, pay-what-you-can bundle of nine Markdown skills that walk you through each of the steps in this post operationally — evidence preservation, FBI IC3 drafting, exchange freeze requests, bank fraud notices, the recovery-scam scan, and the brief for the person helping you. Built for victims and the people supporting them. Routes only to public resources. Does not promise recovery.