lost my punks and a bunch of ETH

[crypto-recovery]

Scams in the crypto space are up -- way up -- this year.  Here's a recent graph from the US Federal Trade Commission:
https://www.ftc.gov/sites/default/files/u52513/cryptocurrency-may-2021.png

We've been researching best practices for people caught up in scams -- which boil down to:

• Don't make it worse
• Write down the details while it's fresh in your mind
• Report it to the relevant regulatory agencies

Does anyone have first-hand experience with the for-profit companies that claim to be able to help recover funds?

• One claims to attempt to track wallet (presumably at an exchange) then work with law enforcement to retrieve funds
• Another essentially says "ask the scammer to refund your money"

I'm very skeptical of these companies -- as I understand they all require payment up-front, and they all require law enforcement involvement to actually recover funds.  Which means that you could potentially have just as high a probability of recovering funds without the for-profit company in the middle.

Anyone have actual experience with them?

[Lucius]

Does anyone have first-hand experience with the for-profit companies that claim to be able to help recover funds?

I can’t say anything from personal experience because luckily I never needed such a service. What is a problem is the advance payment, and the uncertain outcome of their rescue attempt, and in my opinion it only makes sense if the amounts are really large and there is no other way.

Furthermore, such investigations can only be successful if the hacker did not use mixing coins and all other available methods to cover up his tracks - because then I don't see how anyone could find out where the stolen funds are. Anyone who is hacked has the ability to try to track transactions, and if they find that funds have ended up on some crypto exchange they can try to block those funds and initiate a return process.

[crypto-recovery]

>if they find that funds have ended up on some crypto exchange they can try to block those funds and initiate a return process.

I agree in theory -- although I think this is quite difficult in practice, for a couple of reasons:

• While it's easy to track Bitcoin from wallet to wallet (assuming the scammer isn't using mixers) it's hard to figure out which addresses are owned by an exchange. You'd need to work with a company like Chainalysis, and I don't have a sense of how expensive that is.
• The exchanges themselves get a lot of support requests, and it isn't clear to me that a civilian would get a timely and serious response if they reported that someone had stolen their funds and cashed them out an an exchange. In fact, I imagine that in most countries exchanges are forbidden from releasing identifiable information on a customer without law enforcement involvement.
• The (only?) way to track down the scammer is once they have moved funds out of an exchange.  That's literally the first time that you might be able to connect an address to an identity.  And, at that point the scammer has removed the funds.  To retrieve some portion of the funds at that point requires an arrest, a court finding, that there be funds left to distribute to victims, potentially a search for other victims -- it's a long-term process.

Am I thinking about this the wrong way?  Are there any exchanges that have gone on public record saying that they will initiate a return of funds without law enforcement involvement?

I wonder if there's an opportunity for a tool that lets people report a crime and pay a bounty for the conviction of the criminal.  The bounty might be broken down into several standardized steps:

• Verify the story of the person reporting the crime
• Report to law enforcement
• Notify other victims*
• Track the funds on the blockchain
• Figure out whether funds have reached an exchange / which exchange
• Distribute balance of bounty on arrest, conviction, etc

*There's a fascinating trick for this in this Youtube video about cracking brain wallets at the 8:34 mark: https://www.youtube.com/watch?v=foil0hzl4Pg&ab_channel=DEFCONConference

Essentially, you send a very small deposit to the public address from which the funds originated using a vanity address.  (For example, the vanity address could be: 1SCAM4SLRHtKNngkdXEeobR76b53LETtpyT). It's not a perfect solution -- although it might help in some cases.

[Macadonian]

Does anyone have first-hand experience with the for-profit companies that claim to be able to help recover funds?

• One claims to attempt to track wallet (presumably at an exchange) then work with law enforcement to retrieve funds
• Another essentially says "ask the scammer to refund your money"

I'm very skeptical of these companies -- as I understand they all require payment up-front, and they all require law enforcement involvement to actually recover funds.  Which means that you could potentially have just as high a probability of recovering funds without the for-profit company in the middle.

Anyone have actual experience with them?

I do not have any experience with companies promising this but there is no way they can offer a service and take money on it legitimately when there is no way they could get that money back. If you have been scammed I do not think a scammer will suddenly be willing to give you your money back just because a company representing you have asked for it back they would just ignore it. These companies are scammers too.

[crypto-recovery]

Thank you for the reply -- I'm not ready to say that they're scams, but I do think they're walking a very thin line. 

Still, I'm curious to hear from anyone that has worked with them directly.

[OgNasty]

I'm sorry for your loss.  One of the downsides of Metamask is that it makes it so easy for sites to interact with your wallet, that there is a security concern there if you aren't familiar with the way it works or failed to catch the warning signs.  With ease of use comes great responsibility.  Metamask seems ripe for phishing attempts by malicious characters/websites and with the NFT craze in full swing, you would be wise to take an overabundance of caution when interacting with it.

[sou-kou]

This is the story of a Cofounder of hellohedgie who lost over $ 1 million

https://twitter.com/stazie/status/1421479497493360645

...

This makes me think that laziness and relaxation in the crypto world can sometimes do us great harm.
I feel very sorry about this, this will be his hardest day.

[NotATether]

I read the full story earlier on and was surprise why a developer who knew about crypto since 2017 fell for such an old scam trick from a stranger from discord 

I used to get fake giveaway scams all the time in my Discord DMs until I nuked the link to discord from my website, so yeah. If scammers find you there then either your profile is public or you're in some large bitcoin server.

[nakamura12]

This makes me think that laziness and relaxation in the crypto world can sometimes do us great harm.
I feel very sorry about this, this will be his hardest day.

It's sometimes okay being lazy when you get tired but he should have checked tge site first rather than type out all the seed phrase when you read somewhere that the wallet is compromise when the truth is it didn't happen unless you did intentionally share the seed phrase then don't expect that your funds are still there.

[passwordnow]

@ 2 when I've read that there's a bot and link that has been sent and notified him, that's it. Whenever there are groups that you join and there are links that are being pushed for you to visit, don't be too hasty of clicking them. It asked for the seed phrase and that's how he lost it.
Well, he has lost it and as he said probably his mind was in panic on that time knowing that he got million in investment with that wallet so did he entered it. Well, he has a million but forgotten to be careful on that moment.