This is consumer-protection guidance, not investment advice.
The moment the panic starts
You open your crypto wallet and the password won't work. Or you got a new phone and realize you never backed up your seed phrase — the 12- or 24-word recovery code that is the master key to your funds. The coins still sit on the blockchain, technically yours, but unreachable.
That dread is exactly what fraudsters wait for. Search "recover crypto wallet" and you'll find a wall of websites, YouTube channels and social-media accounts advertising "professional crypto recovery services." Many are scams — and their aim isn't to get your money back, but to take whatever you have left.
How the scam works
A quick vocabulary. A self-custody wallet lets you hold crypto directly, with no bank or exchange in between. Two things control it: the private key (a cryptographic code that authorizes spending) and the seed phrase (a human-readable version of that key, shown when you set the wallet up). Whoever holds the seed phrase controls the wallet — full stop. Legitimate wallet makers like Ledger, Trezor and MetaMask say plainly that they will never ask for it; there is no support backdoor that bypasses it. Lose the phrase, and the funds are usually gone for good.
Fraudsters exploit that. Through paid search ads, Telegram groups and fake "support" accounts, they promise to retrieve lost funds for an upfront fee. Once paid, they either vanish or escalate — asking for your seed phrase or private key to "run diagnostics," or for remote access to your device. The instant the phrase is handed over, they sweep the wallet. The fee is gone too.
The second hit: 'recovery rooms'
A nastier variant targets people who've already been scammed. Using lists of prior victims — sometimes traded between criminal groups — fraudsters pose as police, regulators or specialist firms that have "found" your stolen funds, and ask for a fee or your details to release them. The UK's Financial Conduct Authority has flagged this directly: in the first half of 2025 it logged 4,465 reports of fake-FCA scams, with 480 people losing money — nearly two-thirds of them aged 56 or older. The FCA's line is blunt: it will "never ask you to transfer money to us or for sensitive banking information."
The scale
The losses are enormous. The FBI's Internet Crime Complaint Center logged more than $11 billion in reported crypto-related losses in 2025, up 22% on the year, with crypto investment fraud alone at $7.2 billion. The Federal Trade Commission reported $12.5 billion in total fraud losses in 2024, with crypto and bank transfers accounting for more than all other payment methods combined; preliminary figures suggest 2025 ran higher still. Blockchain-analytics firm Chainalysis estimates roughly $17 billion lost to crypto scams in 2025, and flagged a sharp rise in impersonation scams — the category that includes fake recovery services.
The red flags
Treat any of these as a stop sign:
- Upfront fees to "recover" funds.
- Guarantees of recovery — no honest actor can promise to pull funds off a blockchain.
- Contact via social media or unsolicited ads.
- Any request for your seed phrase or private key. This is the clearest red flag there is.
- Remote-access requests — handing your screen to a stranger hands them your wallet.
What to actually do
If you still have access: write your seed phrase on paper (or a metal backup), store it offline somewhere secure, and never photograph it or type it into a website.
If you've lost access: genuine forensic firms exist, but verify them independently — never through a Google ad — and there are open-source password-recovery tools for specific wallet types that never ask for your seed phrase.
If you've been targeted: report it — to the FTC, the FBI's IC3, or the UK's Action Fraud. Reports help map the networks even when individual recovery is unlikely.
The principle never changes: a seed phrase is a bearer key. Whoever holds it owns the funds — and no wallet maker, exchange, regulator or police force will ever ask you for it.
