If you clicked into this with your hands shaking, stop for a second. You're not the first and you won't be the last, and being scammed doesn't mean you're stupid—professional fraudsters study, full-time, how to slip past careful people. The most useful thing right now isn't replaying "how did I let this happen." It's getting a handful of things right in the time you have left. This is a playbook in time order: steady yourself, stop the bleeding, save evidence and report it, and then an honest word about recovery and how not to get hit a second time.
- Faster is better. The first-hour moves—change passwords, kick out devices, revoke approvals, ask the platform to block the funds—do far more to save your money than chasing it later.
- Get your evidence organized along a timeline: chats, transfer records, on-chain transaction hashes, screenshots of the scammer's account. This is what police and platforms work from.
- Anyone who promises to "recover your money if you pay first" is running a second scam aimed at you. Pay them nothing.
Step 1: Steady yourself first
Here's something worth knowing: in the first few minutes after the truth lands, people tend toward two of the worst possible reactions. One is going blank—hands shaking so badly you can't tap the screen. The other is a wave of shame and anger that makes you delete the chat, close the transfer history, and try to pretend it never happened. Both cost you the window to stop the loss.
So do these three things first:
Give yourself 30 seconds before you touch anything
- Don't panic. Take a few breaths. In a panic you'll fat-finger a password or log out the wrong device. What you need is clear, not fast.
- Don't blame yourself. You were scammed because the other side does this for a living, not because you're foolish. Self-blame just makes you stall and stay quiet—and stalling is what actually lets the loss grow.
- Don't delete anything. The chats, the transfers, the scammer's account—as sickening as they are to look at, don't delete a single one. They're the entire basis for your evidence, your report, and any dispute later.
Once you're steady, move straight into the stop-the-loss steps below. Keep one principle front of mind: this hour, you're racing the scammer for time. Once they have your password or your coins, they usually move and withdraw within minutes. Every minute you save buys back a little more of what you can recover.
The first hour: your stop-the-loss checklist
Different kinds of scams call for different first moves. Figure out fast which one you're in, then act accordingly—plenty of people are caught by two at once, in which case do both.
Case A: your account, password, or codes may be compromised
For example, you entered your password and a verification code on a lookalike fake site, or you read a code out loud to "support." The scammer may already hold the keys to your account, so the job is to change every lock:
Change your password from the real platform
Use your own saved bookmark or type the official domain by hand, confirm the domain is correct, and get into the real account. Change your login password (and your funds/withdrawal password if the platform has one) immediately. Don't click anyone's link, or you may land on a fake site again.
Kick out every unknown device and session
In your account security settings, review logged-in devices and active sessions and end anything that isn't you. If there's a "log out of all devices" option, use it to wipe the slate in one move.
Delete suspicious API keys
A lot of account takeovers run through secretly created API keys that place trades or withdraw funds. Open the API management page and delete every key you don't recognize.
Check and lock down withdrawal settings
See whether an unfamiliar address was added to your withdrawal whitelist, or your two-factor (2FA) was re-bound—if so, revoke and reset it right away. If you can, temporarily enable or confirm a withdrawal time-lock to buy yourself a head start.
Contact official support to ask for a freeze
Through the platform's in-app official support (not the "support" that messaged you), report the account as compromised and ask whether they can place a risk hold on the account or on suspicious withdrawals. While the funds are still on the platform, this step is the most valuable thing you can do.
Case B: a wallet approval was signed, or your private key may be exposed
For example, you signed an approval to "claim an airdrop," or you typed your seed phrase or private key into some page. Your wallet is now wide open:
Move the remaining assets out first
If anything is left in the wallet, your first move is to send it to a brand-new, safe wallet address—one whose seed phrase has never been typed into any web page—before the scammer gets to it.
Revoke the suspicious contract approvals
Use a reputable approval-management tool to revoke the token approvals you granted to unknown contracts. Note: revoking also costs a little gas, and it can only stop what hasn't been swept yet.
If your key or seed phrase leaked, abandon the wallet
The moment a seed phrase or private key has ever been typed into a web page or shared with anyone, that wallet is permanently unsafe. Move out whatever you can, then retire it for good and switch to a new wallet with a new seed phrase going forward.
Case C: you were talked into sending money or topping up directly
For example, you transferred to a "mentor" or "support agent," or deposited into a fake platform. The money has already left your hands, so the focus shifts to blocking it and getting help fast:
Contact the receiving platform—and your bank—right away
If the funds went out through a centralized exchange or a payment rail, call that platform's support immediately, say you were scammed, give them the other party's address or account, and ask if they can freeze the account or block the funds. If a US bank, debit card, or wire was involved, call your bank or card issuer at once and ask about a recall, dispute, or chargeback. The earlier you call, the better the chance you beat the withdrawal.
Stop every further payment
Scammers love "just send one more and you can withdraw / unfreeze / receive it" to pull you in deeper. From this moment, no matter what they say, do not send another cent.
Write down every address and hash
Record the transaction hashes you sent, the recipient addresses, and any platform order numbers. These are the keys to your report and to on-chain tracing later.
An easy-to-miss knock-on risk
If you used the same password across multiple sites during the scam, your other accounts are at risk too. Once you've handled the scammed account, change the passwords on your other important accounts as well—especially your email. A compromised inbox is the master key to everything else, because almost every "reset password" link lands there.
Save your evidence, systematically
Once the stop-the-loss moves are done and you can breathe, gather your evidence thoroughly while it's still fresh. Wait a few days and the details blur—and some chats and pages may be deleted by the other side.
- Screenshot the scammer's account and profile: avatar, display name, username/ID, bio, group nickname, and how the two of you first connected.
- Save the full chat history: start to finish, not just the key lines. If you can, export the original record, not only screenshots.
- Keep every transfer record: amount, time, the other party's address or account, platform order numbers, and confirmation screenshots for each.
- Note the on-chain transaction hashes: every crypto transfer has a transaction hash—its unique ID on the chain. Reports and tracing both run on it.
- Capture site and app clues: the fake site's full domain, the app's download source and package name, and the channel the link arrived through (text, DM, ad).
- Build a timeline: in a paragraph or a small table, lay the whole thing out in order—when, who, did what, sent how much. This timeline saves you the most effort when you report.
A small tip on gathering evidence
Capture time and context with your screenshots—a lone "go ahead and pay" line is useless; the shot needs to show who said it and in which conversation. For an on-chain hash, also screenshot the block explorer page so you have the hash, the amount, and the addresses together at a glance.
Reporting in the US: where and what to file
A lot of people figure "reporting a crypto scam is pointless," so they never try. That's a mistake: reporting has at least two real benefits—if the funds are still parked on some platform, law enforcement involvement improves the odds of pushing a freeze; and your report goes on record, where multiple victims' cases are sometimes combined into one investigation. Whether you get the money back is a separate question, but the report that should be filed, should be filed.
Organize your materials
Bundle the evidence from the section above: account screenshots, full chats, transfer records, on-chain hashes, site/app clues, plus that timeline. The more complete, the smoother the intake.
File with the FBI's IC3
Report online at the FBI Internet Crime Complaint Center, ic3.gov—the federal clearinghouse for internet and crypto crime. Include your wallet addresses, transaction hashes, and the timeline. IC3 complaints can feed into combined investigations across many victims.
File with the FTC and your state AG
Report to the Federal Trade Commission at reportfraud.ftc.gov, and consider filing with your state attorney general's office. If a payment app or money-transfer service was involved, the CFPB (consumerfinance.gov) takes complaints about financial products. These build the record even when no money comes back.
Tell your local police and the platforms
File a report with your local police department for the case number—useful for bank disputes and insurance. Also report the exchange, wallet service, and social accounts the scammer used, asking each to act under its anti-fraud and risk process.
We don't decide your case for you
Whether a case is opened, what procedure it follows, and how it ends depend on the law where you live and on the investigation itself—none of which we can promise on your behalf. We also urge you to be wary of anyone who "guarantees a case will be opened" or "guarantees recovery." ScamLens does scam-awareness education only; we are not a law firm or law enforcement.
About "recovery": an honest answer
This part may be hard to hear, but you need the truth, not the fantasy of "it can definitely be recovered" that someone keeps feeding you—because that fantasy is exactly the doorway to a second scam.
The blockchain is public; anyone can see on a block explorer which address a sum went to and where it moved next. So you'll often hear "crypto is traceable." That's true as far as it goes, but traceable and recoverable are two different things. Seeing it isn't the same as getting it back.
Here's roughly the reality. If your funds are still parked in an account on a reputable centralized exchange and haven't been withdrawn, then a report plus the platform's risk team gives you a real chance at a freeze and, eventually, a return. But once the money is moved out, swapped on a decentralized exchange, bridged across chains, or pushed through a mixing service, the trail gets badly muddied—and with many scammers operating overseas, recovery means cross-border cooperation, so the odds of actually getting it back are usually low.
None of this is meant to make you despair. It's meant to put your energy in the right place: fast stop-the-loss plus reporting through legitimate channels is the highest-value move you can make. Pinning your hopes on some "well-connected fixer who can recover it for a small fee" almost guarantees a second loss.
Watch for the second scam aimed at you
After a scam, you enter the most dangerous phase of all: desperate to recover, emotionally raw, willing to try anything. Scammers know this better than anyone—which is why the "scams that target the scammed" come knocking fast.
These "we'll recover it for you" offers are almost always a second cut
- "Recovery agents," "crypto-tracing hackers," or "asset-unfreeze specialists" who DM you out of the blue, claiming they can get your money back.
- They want a "fee / deposit / activation charge / unlock fee" upfront, promising to return it once they recover the funds—and they vanish the moment you pay.
- They can recite the details of how you were scammed (victim lists are bought and sold), and use that to win your trust.
- They show "successful recovery" screenshots, chats, and thank-you notes as case studies—all fabricated.
Burn in one iron rule: any recovery promise that requires you to pay first is a scam. Legitimate help means law enforcement—the FBI's IC3, the FTC, your local police—and the platform's official support, none of which make you pay before they'll help. We wrote up the full playbook for this in USDT "recovery / unfreeze" second scams; after being scammed, read it first so you don't get a second cut on top of the wound.
Afterward: looking after yourself
Once the money side is handled, the human side still needs attention. The shame, self-blame, anger, and sleeplessness that come with being scammed are real and completely normal. Don't carry it alone:
- Tell someone you trust. Saying it out loud sheds part of the weight by itself, and the other person can help you think clearly and go file the report with you. Being scammed isn't a stain you need to hide.
- Beware of emotion-driven follow-up decisions. The more desperate you are to "win it back," the easier the next scam finds you. Give yourself a buffer; don't charge back into the market on a revenge impulse.
- Get professional help if you need it. If you're hit with ongoing anxiety, depression, or insomnia that affects daily life, reaching out for mental-health support matters just as much as handling the money.
- Turn this into a defense. Once you've recovered, look back at how you were drawn in step by step—many victims, on reflection, find the playbook was there to spot. Pig butchering and "signal mentors" and cloned phishing sites and fake exchanges can help you see exactly which trap you fell into.
Common questions
I just found out I was scammed—what's the very first thing to do?
Take a few seconds to steady yourself, then move fast to stop the loss. If your account may be compromised, go to the real platform from your own bookmark, change your password, kick out unknown devices, delete suspicious API keys, and revoke any wallet approvals. If you were tricked into sending money, contact the platform's official support immediately to ask about freezing or blocking it. This hour is a race against the scammer—speed decides how much you can save—so act on the loss first and save the "how did I fall for this" for later.
Can I get my money back?
Honestly, it's hard. If the funds are still sitting in an account on a reputable centralized exchange and haven't been withdrawn, a police report plus the platform's risk team gives you a real shot at a freeze and return. But once crypto is moved out, swapped on a decentralized exchange, bridged across chains, or run through a mixer, it's traceable on-chain yet very rarely recoverable in practice. Don't let "blockchain is traceable" mislead you into "it can definitely be recovered"—and never trust anyone who says they can get it back if you pay them first.
What do I need to file a report, and where do I file in the US?
Gather your evidence first: screenshots of the other party's account, the full chat history, transfer records and receipts, the wallet addresses and on-chain transaction hashes involved, the domains and sources of any sites or apps, plus a timeline written in order. In the US, report to the FBI's Internet Crime Complaint Center at ic3.gov, file with the FTC at reportfraud.ftc.gov, and contact your bank or card issuer if traditional payment rails were used. The more complete your materials, the smoother it goes—but whether a case is opened and how it proceeds is up to law enforcement, and we promise no outcome.
Someone says they can recover my losses—should I try it?
No. The "recovery agents," "asset-unfreeze specialists," and "crypto-tracing hackers" who reach out after you've been scammed are almost all running a second scam aimed squarely at victims. The script is the same: collect an upfront "fee, deposit, or unlock charge," then vanish or hit you again. Legitimate help means law enforcement (IC3, your local police) and the platform's official support—none of which require you to pay first. See our breakdown of USDT recovery and unfreeze scams.
Once you've recovered, rethink how you walk into an exchange
A lot of scams start at the very first step—walking in through a stranger's link or a search ad and landing at a fake door. When you've handled the immediate crisis, it's worth ten minutes to lock down your entry point: use only reputable major exchanges, sign up through the official channel, and bookmark the official domain. OKX is one of the mainstream exchanges, and you can sign up through the official channel below—its official domain is okx.com.
Read these next
- USDT "recovery / unfreeze" second scams—the very next trap to guard against after a scam; "we'll get it back for you" is almost always this.
- Pig butchering and "signal mentors"—a lot of large losses start with this slow-grooming, slowly-tightening setup.
- Cloned phishing sites and fake exchanges—the most common entry point for account takeovers; see exactly how it works.