Part 1 — Spotting fakes
Cryptography prevents you forging real coins, but you can still be tricked with imposters.
Fake BTC
- Pattern A: a clone token with BTC's name and a different contract address; your wallet shows it but no exchange will accept it.
- Pattern B: USDD, old USTC, etc. sent in disguise.
- Verify: check the token's contract address matches the official one.
Fake BTC
- Pattern: send a dust amount (0.0001 BTC) plus a high-res "receipt" screenshot.
- Verify: only your wallet's confirmed amount counts.
Fake bank transfer / receipt
- PS'd screenshots, mocked banking pages, spoofed SMS.
- Verify: refresh your own banking app and confirm the balance change.
Part 2 — First 24 hours after a theft
Priority: stop the bleeding → preserve evidence → notify.
- Move remaining assets to a brand-new wallet (preferably cold).
- If approval-based, run revoke.cash and revoke everything.
- Capture evidence:
- All hacker / scammer addresses.
- TXIDs.
- Chat logs, phishing URLs, screenshots.
- Notify exchanges to freeze — file requests with TXIDs attached.
- File a police report: visit a station or use E-Crime Reporting. For large amounts, copy the JFIU.
Part 3 — Day 3 to Day 7
- Engage Chainalysis / SlowMist for forensic tracing; they can broadcast KYT alerts to major exchanges.
- For losses > HK$1M, retain counsel and prepare a Mutual Legal Assistance request to freeze withdrawals at the destination exchange.
- Build a full timeline + fund-flow diagram for police and lawyers.
Part 4 — Aftermath
- Small thefts are rarely recovered, but reporting builds the police database.
- Don't get scammed twice — "guaranteed recovery for upfront fees" is itself a scam.
- Write up a post-mortem and harden your security SOP.
Do not trust DMs offering "asset recovery". Victims being defrauded a second time is extremely common.
