How to spot a crypto recovery scam

Why this space attracts so many scammers

People who have lost access to a cryptocurrency wallet, or had funds stolen, are in exactly the emotional state that makes them vulnerable: distressed, financially motivated, and searching urgently for help. There is no widely known legitimate industry they can turn to, so the information environment is dominated by whoever works hardest to appear at the top of search results and social media feeds. That tends to be scammers.

Recovery scams are consistently among the most reported forms of cryptocurrency fraud. They succeed not because victims are naive but because the scammers are skilled and the victim's situation is genuinely desperate. The goal of this guide is to give you the specific signals that distinguish a legitimate specialist from a fraudster before you pay anything.

Red flag 1: They require payment before doing anything

The most consistent signature of a recovery scam is an upfront fee with no specific deliverable attached to it. You pay before any work begins, and what you receive in return is a vague promise of effort rather than a concrete output.

Legitimate recovery firms charge an assessment fee that buys a specific output: a technical examination of your wallet, a written probability estimate, and a formal recommendation. You know exactly what you are paying for before you pay. If a firm cannot tell you precisely what the fee covers and what you will receive, do not pay it.

The upfront fee in a scam is the primary extraction. Everything that follows is aimed at either getting more money or manufacturing an excuse to disappear.

Red flag 2: They ask for a "release fee," "gas fee," or "tax payment" after the initial fee

This escalating fee pattern is the signature mark of a specific and very common fraud. After collecting the initial payment, the scammer returns with a new requirement: a gas fee to execute the recovery transaction, a tax payment to release the funds, an insurance bond, a legal filing charge, or a network fee to "complete" the process. This new fee is typically framed as minor and temporary: pay it and your recovery is complete.

After that fee is paid, a new one appears. Each payment makes the next easier to justify psychologically: you have already invested this much, one more payment will finally unlock everything. There is no upper limit. Some victims have paid dozens of rounds of escalating fees over months before accepting the loss.

A legitimate recovery firm charges exactly two fees: an assessment fee and a success fee on recovery. There is no "release fee." There is no "gas fee." There is no mechanism by which paying additional money to the recovery firm causes your wallet to unlock. If someone asks for a third payment of any kind, stop all contact.

Red flag 3: They guarantee recovery before knowing anything about your case

A realistic recovery probability depends on specific technical factors: what wallet software was used, how the password was constructed, how much of the seed phrase is intact, and many other details. No professional can know whether your case is recoverable until they examine the relevant material.

A firm that guarantees recovery before asking any technical questions is not in the business of recovery. They are in the business of collecting fees. Legitimate specialists give you a probability estimate after assessment, not a blanket guarantee before you have even described your situation.

Be equally cautious of suspiciously high success rates cited without any supporting detail. "98% success rate" with no explanation of how cases are classified, what counts as success, or how the rate was calculated is not a statistic; it is a marketing claim designed to lower your defences.

Red flag 4: The operator has no verifiable identity

Legitimate service businesses have a verifiable identity: a registered company name, a business address, a contact email on a registered domain, and some publicly checkable presence. Scammers have none of this because any permanent, traceable identity creates legal exposure.

Check the domain registration date of any website you are considering. A domain registered two weeks ago is a strong indicator of a scam operation. Look for a physical address: not a PO box or a virtual office listing, but a real address that corresponds to a real business. Search the company name against business registration records in the claimed jurisdiction. If you cannot verify any of this, treat the firm as fraudulent until proven otherwise.

Red flag 5: They communicate exclusively via Telegram, WhatsApp, or Discord

Scammers prefer messaging apps for a simple reason: they provide no permanent, verifiable record attached to a real identity or institution. A Telegram account can be created in minutes and abandoned just as quickly. An email address on a registered domain is harder to discard without consequence and more easily traceable.

Any firm that insists on conducting all communication through informal messaging apps and refuses to provide a verifiable email address is signalling that it has no legitimate business presence it is willing to be held accountable to. The communication channel itself is a red flag independent of what is said through it.

This applies equally to firms that make first contact through social media direct messages, comment sections, or unsolicited replies to posts about your situation. No legitimate recovery specialist cold-contacts theft or lockout victims through Instagram, Twitter, or Reddit.

Red flag 6: They ask for your complete seed phrase or private key

Your seed phrase or private key is the master credential for your wallet. Anyone who possesses it has complete, irrevocable control of every fund associated with it. There is no recovery technique that requires you to share a complete, working seed phrase. Legitimate specialists work with partial information, damaged files, and encrypted wallet data: they do not need a working key to do their job.

If anyone asks for your complete seed phrase, whether framed as "verification," "identity confirmation," "test access," or any other justification, stop all contact immediately. The request is an attempt to steal your funds. A firm that makes this request is not a recovery specialist; it is a thief.

This applies regardless of how much trust the relationship has built up to that point, and regardless of how convincing the explanation sounds.

Red flag 7: They found you first

Legitimate recovery firms do not proactively contact people who have described losses on social media, forums, or complaint websites. They wait for clients to find them. Scammers do the opposite: they monitor these platforms systematically and reach out to anyone who describes having lost funds or access, positioning themselves as a helpful specialist who happens to have just seen the post.

If a "recovery specialist" contacts you unsolicited after you posted about your situation somewhere, assume it is a scam. The probability of it being a legitimate contact approaches zero. Block and report the account.

Red flag 8: They create urgency

Pressure to act quickly, claims that the window to recover funds is closing, warnings that the blockchain trail will "go cold," or deadlines that require payment today are manipulation techniques. They are designed to prevent you from taking the time to research, think clearly, or ask someone else's opinion.

Recovery work that is technically possible today will be technically possible in a week. Wallet files do not expire. Blockchain records do not disappear. Any urgency a recovery firm creates is manufactured.

How to verify a legitimate firm

Before engaging any recovery service, apply this checklist:

• Can you find a registered company name and verify it against business registration records?
• Is there a verifiable email address on a properly registered domain, not a Gmail or messaging app account?
• Can you find any third-party mentions of the firm that predate your need for recovery services?
• Does the firm explain exactly what the assessment fee buys, in writing, before you pay?
• Does the firm clearly state that the success fee is charged only on recovery?
• Does the firm explicitly state that no other fees will ever be requested?
• Does the firm refuse to ask for your complete seed phrase or private key at any stage?

A firm that passes all seven tests is not necessarily legitimate, but a firm that fails any one of them should be disqualified immediately.

How KeyHaven operates, for comparison

We publish our fee structure explicitly: a flat assessment fee by case tier, and a success fee charged only on recovery, with the assessment fee credited against the success fee if we succeed. We never charge a third fee of any kind. We communicate by verified email, not messaging apps. We do not ask for complete seed phrases. We give honest probability estimates rather than guarantees, and we will tell you clearly if we believe a case is not recoverable rather than take your money for a hopeless engagement.

We mention this not to promote ourselves but to give you a concrete baseline of what legitimate operation looks like. Any firm that falls short of this standard in any of these areas deserves serious scrutiny.

People who accidentally sent cryptocurrency to the wrong address face the same fraudulent operators targeting them. A separate guide covers what is genuinely possible in those situations and what is not: When crypto goes to the wrong address.