Incident Response & Investigation


Stolen Cryptocurrency Recovery


Do you need to recover cryptocurrency funds (Bitcoin, Ethereum, or other) lost due to theft, fraud or scam?

We have assisted in the recovery of millions of dollars’ worth of stolen cryptocurrencies. Our investigations can help to uncover who the perpetrators are, monitor crypto movements in real-time,and ultimately help with seizing and recovering stolen funds.

Due to overwhelming demand for our services, we work only on cases involving financial loss of $100,000 or more.

We require full cooperation from victims, as reckless action on their part (for example, tipping off the perpetrator directly or indirectly) can significantly hamper our work and threaten its success.

We have helped the influencer Ian Balina recover his funds from the widely medialized $2M hack that happened during his live stream.


Our services include investigation and blockchain forensics, writing of highly actionable police reports optimized for accelerated funds recovery, liaising with exchanges and law enforcement, expert witness testimony, and more… all the way to the end goal of the successful return of funds.

There are many different shapes a case can take. We have had criminal matters range from days to over a year, and some of those matters involved us as expert witnesses for asset recovery towards the end.

In a prominent example, we investigated and socially engineered criminals, revealed their identity and location, and provided crucial evidence that led to their arrest and prosecution. We were involved from the start of the incident all the way to sentencing and distribution of recovered assets to affected parties.

You prepared a comprehensive report of your findings and I’ve found this really useful.

I have served a UK request for a data on most of the service providers you have detailed in your report and I have been receiving responses. Binance and [REDACTED] were particularly helpful and responded quickly with some useful information.

– Police Cyber Crime Unit, Warks & West Mercia

In your own interest, do not take any action before consulting us, with the exception of collecting data that might otherwise be lost.

Taking matters into your own hands as a crime victim often means that you will unwittingly take counterproductive steps which delay a successful resolution and may even expose you to liability.

Our suite of capabilities and resources includes Chainalysis certification, an extensive network of law enforcement, legal and exchange contacts, and most importantly, deep experience with hundreds of cases.

All our services are available based on an hourly retainer model. When we onboard you as a new client, we charge an initial retainer, which is almost always sufficient for a successful resolution of the case.

In addition to a retainer, we charge a percentage contingency fee on funds recovered.


Investment Fraud


Investment frauds in the cryptocurrency space are rife and extremely widespread to put it mildly. There are no shortage of fraudulent investment platforms out there that will attempt to convince you that investing on such platforms is a highly profitable and safe investment. The truth, of course, is the exact opposite.

Fake cryptocurrency traders, impostors, fake investment managers, and [fake] ‘pro traders’ can often be characteristics of such investment frauds as well.

In some cases, investment frauds are run by a single individual, while in other cases, they are large, organized schemes with dozens of scammers involved.

CipherBlade has investigated hundreds of various types of investment schemes and frauds. Our investigation often helps to better uncover who the scammers are, and identify how and where proceeds of the fraud have been laundered.


Compromised / Hacked Wallet


CipherBlade has conducted hundreds of investigations into hacked cryptocurrency wallets, and funds stolen as a result of such hacks with the aim of providing critical intelligence, which has sometimes led to the recovery of stolen funds.

In the vast majority of cases involving hacked wallet(s), the theft comes about as a result of a seed phrase breach, although the way in which a seed phrase is breached can vary considerably. In our experience, many such breaches come about through phishing or malware, both of which we investigate as part of the scope of our investigations.

In such investigations, we are regularly able to identify the root cause of such breaches, as this can yield critical information. We furthermore track the stolen funds and provide applicable intelligence which can be used by law enforcement, while endeavoring to prevent as much funds from being laundered as possible.


Account Breaches & Data Breaches


If a cryptocurrency exchange account or multiple exchange accounts of yours have been hacked or breached, we can provide urgent assistance to help secure applicable accounts. A good portion of the time, other accounts of yours may have been breached in this process as well, including both email and/or cloud storage accounts.

CipherBlade has been engaged on a considerable number of exchange account hacks with the intent of investigating such incidents to better identify the perpetrator(s), striving to minimize the amount of stolen funds that are laundered, with an end goal of aiming to help the victim get at least a portion of the stolen funds back.




If you have been the victim of SIM-swapping, we provide urgent emergency assistance to help secure your assets, privacy, identity and any sensitive information.

Additionally, we provide, and assist you in implementing, proactive security measures and training that will prevent you and/or your company from being affected by SIM-swapping in the future.


Ransomware & Blackmail


If your organization has been victimized in a ransomware attack, or you represent a cyber insurance company that has insured an organization that has been attacked, and attackers are demanding a Bitcoin ransom, we can assist in dealing with the situation.

Before a decision is made regarding whether or not to pay the ransom, it’s critical to first discuss available options with us to minimize damages and costs to your organization.

If cybercriminals are threatening you, your company or your loved ones with sensitive information or have compromised your security and are demanding payment, we’re professionally trained to resolve your situation.

Our past clients include COINOMI, targeted by an ex-customer on a vendetta campaign against the company.


Romance Scams


The strategies romance scammers employ and how such scams operate have changed over the years, suffice to say they are all confidence schemes, and the scammer almost always impersonating someone else while trying to get the victim to send money either for sudden ‘emergency’ expenses, or getting the person to invest in a fake or fraudulent investment scheme or fake exchange.

The victims of romance frauds are often less well-adept at cryptocurrency (and sometimes brand new to it) than most cryptocurrency users, and may have been induced into acquiring it by the fraudster. Victims are more often middle aged, elderly, or somewhere in between.

In the past few years, Sha Zhu Pan Scams, also known as Pig Butchering Scams, have become incredibly common and are now the predominant way in which victims lose funds in romance-related frauds.

Statistically, Romance-type frauds are one of the most common types of frauds involving cryptocurrency, and a category which ranks among the highest amount of cryptocurrency fraudulently obtained; in 2021, the FBI indicated $1 Billion USD in losses were reported by victims of Romance scams. In reality, we know the amount lost to such frauds is much higher, likely well north of $10 Billion USD once non-reported losses, mis-reported submissions, and losses in countries (other than the US) are factored in. Simply put, Romance fraud is a massive ‘industry’ that CipherBlade regularly tackles.


Exit Scams


Exit scams come in many different forms, including both what we refer to as ‘Hard’ Exit scams and ‘Soft’ Exits. Cryptocurrency projects that have solicited investor or customer funds are the ones most at risk so far as most cryptocurrency users should be concerned.

Sometimes, an individual involved in an exit scam abruptly steals or embezzles funds and runs, sometimes to the surprise of other team members. In other cases, the scam is more long and drawn out, with continually unfulfilled benchmarks and deadlines, a community that withers away, and all-too-often, misappropriation of funds in the process.

Exit scams can involve just about any project that has raised funding through a token offering, and such exit scams have been increasingly common among DeFi projects as of late.

A notable number of cryptocurrency exchanges have engaged in so-called ‘exit scams’. In some cases, such exchanges simply shut down their website, blogs, and social media accounts overnight and go dark, while in other cases exchanges will elect to claim they’ve been “hacked”, which isn’t always true.

CipherBlade has experience investigating such operations and helping law enforcement, lawyers and victims bring the perpetrators to justice which can lead to funds recovery.


Cryptocurrency Embezzlement


With many cryptocurrency startups that have that have financial holdings that are significantly (or sometimes entirely) composed of cryptocurrency assets rather than fiat currency held in bank accounts, companies understandably need to place some level of trust in its leadership team who have direct or indirect access to cryptocurrency holdings.

In some cases, it’s an executive ‘going rogue’ and stealing or accessing funds without consent or authorization from other people in the company. In other cases, executives purposely misappropriate funds, such as by using investor funds for speculative purposes.

We’ve seen this type of misappropriation of funds in multiple cases involving ICOs that raised millions of dollars of investor funds.

Embezzlement is all too common in the cryptocurrency space due to the lack of safeguards in place as well as the lack of regulation.

CipherBlade is available to help shed light when there’s good reason to believe that executives have embezzled company assets and ultimately works to ensure as many assets are recovered as possible.


Exchange Hacks


If your cryptocurrency exchange has been hacked, and customer funds have been lost as a result, we can assist. We can investigate the incident and track the cryptocurrency that was stolen by the hackers, and work with law enforcement so those funds can ultimately be recovered for your customers.

We can also assess your security protocols as well as cryptocurrency storage and management practices and can help to implement better security to prevent further breaches.


Investigations of ICOs, DeFi & NFT Projects


Blockchain startups hold a notorious reputation for an array of misconduct, including securities violations, mismanagement, misappropriation, or even embezzlement. If a project has raised millions of dollars yet has failed to deliver upon its promises, we’ll find out why – and explain this to legal decision makers. The ex-CEO of that ICO can’t hide his Lamborghini, purchased with your funds, from us.

CipherBlade has cased/is actively casing over a dozen ICOs, several of which have had regulatory action and legal action, including forced refunds, taken against them. We’ve established best practice, including red flags common in mismanaged projects, that is being referenced by law enforcement and regulators when looking into suspect blockchain projects. Our reports are known to be damning, and that shady ICO is hoping you don’t retain CipherBlade.

The combination of the following factors puts us in a unique position to assist you in cases of wire fraud, investment fraud or securities fraud:

Send Secure Message To Us

CipherBlade LLC
3300 Arctic Blvd
Suite 201 PMB 1082
Anchorage, AK 99503

CipherBlade APAC Pte. Ltd.
30 Cecil Street
#19-08 Prudential Tower
Singapore 049712

20 Wenlock Road, London, England, N1 7GU

Scroll to Top