Las estafas de recuperación atacan de nuevo a las víctimas de fraude cripto,
cómo detectarlas, por qué CryptoLeek es diferente.
Las estafas de recuperación son la categoría más cínica de este ámbito. Los operadores apuntan específicamente a víctimas de fraudes previos con criptomonedas, sabiendo que esas víctimas están emocionalmente comprometidas con recuperar su pérdida original y, por lo tanto, son vulnerables a una segunda extracción. Los estafadores de recuperación recopilan datos de contacto de bases de datos públicas de denuncias de estafas, publicaciones en redes sociales y foros dedicados a la recuperación, y luego abordan a las víctimas sin que estas lo soliciten, en cuestión de días o semanas tras la pérdida original. El patrón es uniforme; el reconocimiento es sencillo una vez que se sabe qué buscar.
Contact arrives unsolicited shortly after you filed a scam report or posted publicly about your loss. The operator claims to be from a recovery firm, a regulator, a law-enforcement agency, or an exchange compliance team. They name-drop credentials: "FBI partner agency", "registered with the FCA", "Interpol cyber unit".
They tell you they've already started tracing your funds and have located them at an offshore exchange. To complete the recovery, they need an upfront retainer, court filing fees, or "asset-freeze deposit". The amount is calibrated to feel small relative to what they claim to have located — typically a few thousand dollars against a recovery promised in the high five or six figures.
Once the retainer is paid, communication degrades. Excuses about court delays, additional fees, regulatory hurdles. The operator continues to extract additional payments under various pretexts, until either you stop paying or you recognise the pattern. The "recovery" was never real; the contact was farming for a second extraction from the start.
Cualquier persona que haya presentado una denuncia pública de estafa o haya publicado sobre una pérdida cripto en redes sociales. Las listas de contactos circulan entre los operadores de estafas; una vez que has sido víctima una vez, te conviertes en un objetivo de alto valor para las ofertas de "recuperación". A menudo los operadores se coordinan: un operador ejecuta el fraude inicial y un operador distinto (a veces el mismo bajo otra identidad) ejecuta el seguimiento de la estafa de recuperación meses después.
Signals victims and bystanders should know.
- 01
Cold contact from a "recovery specialist" you didn't reach out to
Legitimate recovery firms don't cold-call. Regulators don't cold-call victims. Law enforcement don't cold-call to demand upfront fees. Any unsolicited contact offering recovery in exchange for upfront payment is the scam.
- 02
Name-drops major agencies without verifiable credentials
"FBI partnered", "Interpol crypto unit", "FCA-authorised recovery specialist" — search the agency's official register. Real firms appear there; recovery scammers don't.
- 03
Unsolicited contact + no written scope before payment
The defining marker is HOW the engagement is offered, not just whether payment is involved. Legitimate firms assess your case first, then issue a written scope of work with a fixed retainer you can review before paying anything. Scam operators cold-contact you, name-drop credentials they cannot substantiate, and demand "court filing fees" or "asset-freeze deposits" with no defined deliverables. If you cannot get a written, specific scope of work in advance, treat the offer as the extraction.
- 04
Asks for crypto payment specifically
Recovery scammers often request payment in crypto (or via gift cards / wire transfers to obscure addresses) precisely because those payments are harder to dispute later.
- 05
Pressure to act immediately
"The window is closing", "your funds will be moved tomorrow", "this opportunity expires". Manufactured urgency is engineered to prevent verification.
The first 24 hours matter most.
- 01
Refuse any unsolicited recovery offer without a written, specific scope
A real firm answers an inbound enquiry from you, assesses the case, then issues a written quote that lists exactly what the retainer buys (trace, evidence pack, exchange escalation, etc.). If you were cold-contacted and the offer skips that step, end the conversation regardless of how official the credentials sound.
- 02
Verify any firm against their official register
If they claim authorisation by FCA / SEC / ASIC / BaFin / MAS, search the regulator's public register for the firm name. Real firms appear; scammers don't. If they claim to be law enforcement, call the agency directly via a number from the agency's official website (not a number they provide).
- 03
Report the contact to your national fraud-reporting centre
IC3, Action Fraud, CAFC, ScamWatch, ASC. Recovery-scam reports are taken seriously because they target already-vulnerable victims; the FBI explicitly warns about this pattern.
- 04
Engage CryptoLeek's free 24-hour case review for honest framing
We operate on a no-upfront-fee, success-fee-only basis specifically because the legitimate model doesn't need upfront payments. The free review tells you honestly whether the original loss is recoverable, without asking for a cent.
Questions victims of this pattern ask us most.
How can I tell if a recovery firm is legitimate? +
Why is CryptoLeek different from a recovery scam? +
I already paid a recovery scammer. Can I recover that money? +
Lost crypto to this pattern?
We can help you recover it.
We trace the funds on-chain, identify the recovery choke points, and coordinate action with exchanges, payment processors, and counsel across 40+ jurisdictions. Free assessment within 24 hours, with an honest yes/no on whether the funds are realistically recoverable.
The vocabulary this pattern uses.
Definitions of the terms that come up across this guide. Each links to the full glossary.
Una estafa que apunta a víctimas previas de fraude con criptomonedas mediante contactos en frío con ofertas de "recuperación" no solicitadas, exigiendo un pago sin un alcance de trabajo por escrito, sin entregar nunca ninguna recuperación real y, con frecuencia, drenando dinero adicional a lo largo de varias etapas.
Una retención por cumplimiento genuina es un congelamiento de fondos en un exchange impulsado por el regulador durante una revisión AML/KYC, descontado del saldo existente y sin que el usuario deba realizar ningún pago; la extorsión por bloqueo de retiro es una retención falsa que exige al usuario pagar una tarifa adicional antes de cualquier liberación.
El patrón de extracción de segunda fase en el que una plataforma de trading fraudulenta se niega a liberar los fondos "ganados" de la víctima hasta que esta paga comisiones cada vez más altas: liberación fiscal, verificación AML, ascensos de nivel de cuenta, ninguna de las cuales libera nada.
El expediente estructurado que una firma de investigaciones reúne para un caso de recuperación: rastreo de hashes de transacciones, análisis de clústeres de wallets, atribución de contrapartes, capturas de pantalla y comunicaciones de respaldo, y una recomendación de ruta de recuperación, empaquetado conforme al estándar que un regulador o un tribunal aceptará.
Técnica forense on-chain que agrupa múltiples direcciones de criptomonedas en "clústeres" que se cree están controlados por un mismo operador, mediante heurísticas de entradas compartidas, patrones de gasto común y huellas de comportamiento.