How we checked this
We reviewed the linked sources and keep this page updated when the record changes. Use the source list below to verify the details.
How to Report a Crypto Scam and Preserve Evidence the Right Way
Source-tracked CryptoRescue article.
Preserve evidence before anything changes
If you think you have been caught in a crypto scam, the safest first move is to stop and preserve records before deleting messages, resetting devices, or continuing the conversation. Public cyber-safety authorities consistently frame incident handling around protecting evidence, documenting what happened, and using official reporting channels rather than improvising. That matters in crypto cases because digital traces can be scattered across wallets, exchanges, messaging apps, email accounts, and web pages.
A careful record helps you do three things: explain the event clearly, support any report you file, and reduce the risk of making the situation worse. Even when recovery is uncertain, preserving transaction details, communications, and account activity can still matter for platform review, cyber incident reporting, or later law-enforcement follow-up.
Evidence preservation checklist
Use this checklist before links expire, messages disappear, or scam sites change:
- Stop communicating with the suspected scammer.
- Save chat logs, emails, usernames, phone numbers, and profile links.
- Record wallet addresses, transaction hashes, dates, times, and amounts.
- Capture screenshots that show full URLs, account names, and transaction status where possible.
- Write a short timeline of what happened in order.
- Keep records of any website, app, or social media account involved.
- Note what personal data you shared, if any.
- Avoid deleting files, messages, or browser history until you have copied what you need.
- Secure affected accounts and devices after evidence is saved.
Explain the reporting sequence in plain language
In practice, reporting works best as a sequence, not a single form. First preserve evidence. Next, secure any remaining accounts or devices. Then report through the most relevant official or service channels available to you, such as a national cyber incident channel or the service provider involved. Government cyber-safety pages and national cyber institutions emphasize incident reporting, protective action, and using recognized reporting paths rather than relying on informal help from strangers online.
If an exchange, wallet app, email provider, bank, mobile carrier, or social platform was part of the event, report to that service as well. A platform may be able to review abuse on its own systems, but that is not the same as guaranteeing a refund or identifying the person behind a wallet address. Keep expectations realistic and focus on clean documentation.
For readers in different countries, the exact agency name will vary. The consistent principle supported by the official sources here is to use government cyber-security reporting resources and recognized public reporting channels, especially when the incident involves fraud, account compromise, malware, phishing, or data exposure. If there is immediate risk to your safety or a broader criminal matter, local law enforcement may also be relevant.
Table: evidence type and why it matters
| Evidence type | What to save | Why it matters | Likely destination |
|---|---|---|---|
| Transaction records | Wallet addresses, transaction hashes, amounts, timestamps | Helps identify the on-chain movement you are reporting | Exchange support, cyber incident report, law enforcement file |
| Communications | Emails, chats, call logs, usernames, profile links | Shows solicitation, pressure tactics, and promises made | Cyber report, police report, platform abuse report |
| Website or app evidence | URLs, screenshots, app names, download source | Helps document phishing, impersonation, or malware exposure | Cyber incident report, browser/platform report |
| Account activity | Login alerts, password reset emails, device notices | Supports account-takeover or compromise claims | Email provider, exchange, wallet provider, mobile carrier |
| Personal data shared | ID images sent, phone number, banking details, address | Helps assess identity or account misuse risk | Relevant platform, bank, law enforcement, identity-protection steps |
| Your own timeline | A dated summary of events in order | Makes reporting clearer and more consistent | Any official or platform report |
Use a table for evidence types and destinations
The exact documents requested will differ by case, but official cyber-safety guidance supports the same basic discipline: preserve the original records, document what happened, and report through recognized channels. A simple timeline plus copies of the underlying records usually makes your report more useful than a vague description written from memory later.
What not to do after the scam
After a suspected crypto scam, avoid steps that create fresh risk:
- Do not share private keys, seed phrases, or wallet credentials with anyone.
- Do not grant remote access to your phone or computer to a supposed helper.
- Do not send additional funds because someone claims it is needed to unlock, verify, trace, or release your assets.
- Do not delete messages or transaction details before saving them.
- Do not rely on unofficial intermediaries when a government or platform reporting route exists.
End with safe next steps and expectation-setting
A good report does not guarantee recovery, but it can preserve the facts before they are lost and route the incident into the right systems. That is the realistic goal: secure what you still control, document what happened, and submit consistent information through official channels. Treat anyone promising certain recovery, secret access, or fast results with extreme caution.
This article is for general information, not legal advice. If your case involves major losses, identity theft, device compromise, or cross-border fraud, consider getting advice from a qualified local professional after you have secured and preserved your records.
Sources
Update log
- 23 Jun 2026Published with source tracking and reader-safety context.
- CorrectionsIf a source changes or a claim needs clarification, this page can be updated from the editorial desk.