TLDR: if someone contacts you out of the blue offering to recover crypto you lost to an earlier scam, and asks for any upfront payment or your bank details, it is almost certainly a scam. This is the recovery scam, also called the second-hit or reload scam. Don’t be fooled and proceed with extreme caution.
Background on this Issue
Over the past few weeks our office has received several enquiries from members of the public who were approached by people claiming to be DeFi solicitors or DeFi recovery agents, offering to get back money lost to an earlier crypto scam. Based on what we have seen, this is a recovery scam, and we want to put a clear warning out, because it is not just an Australian problem. The same playbook is operating globally.
What the recovery scam actually is
The people being targeted have one thing in common: they already lost money to an earlier crypto scam. Fraudsters trade and recycle lists of past victims, then come back for a second bite, this time posing as a law firm or recovery agent who claim they can get your money back.
The authorities are aware. In August 2025 the FBI's Internet Crime Complaint Center issued a public service announcement on exactly this: fictitious law firms targeting cryptocurrency scam victims while offering to recover funds.
The approach usually looks like this:
- Unsolicited contact saying your lost funds have been "traced", "located on-chain in your name", or "recovered after the perpetrators were arrested".
- An offer to release the funds, conditional on an upfront payment: a "deposit", "whitelisting fee", "release fee", "tax" or "retainer".
- Sometimes a request to register at an official looking "bank" or "exchange" platform (it is fake), to hand over login details, or to install software during a video call (it is malware that drains wallets).
- Claims of affiliation with regulators, courts or police, sometimes real bodies, sometimes invented ones that do not exist.
Red flags to watch for:
- You were contacted out of the blue about money you lost.
- Any upfront fee to "release", "unlock" or "recover" your funds.
- A guarantee that your money will be recovered.
- Pressure to act quickly.
- Requests for your bank or card details or details about your crypto wallet seed phrase, passwords, remote access to your device, or a "verification deposit".
- A firm you cannot independently find on an official regulator's register.
How a genuine law firm actually works
A real firm is listed on the official legal regulator for its jurisdiction. It gives you a written engagement, places pre-paid amounts into a regulated trust or client account (not crypto sent to a random wallet), it never guarantees recovery, and would never ask for your seed phrase or your passwords.
How to verify a firm, and where to report
Check the firm against the official register for the country it claims to operate in, and contact it using details you find yourself, not the ones in the message. Then report the approach to your national fraud body.
- Australia: check a solicitor on the Law Society of NSW Register of Solicitors (or your own state's society). Report to Scamwatch, ReportCyber, and ASIC.
- England and Wales: check a solicitor's record on the SRA, and check the FCA Warning List of unauthorised firms.
- United States: check the relevant state or local bar through the ABA bar directory, and report to the FBI's IC3 and the FTC. Singapore: check the Law Society of Singapore and the MAS Investor Alert List. Report via ScamShield.
- Anywhere else: find your national legal regulator and your national anti-fraud or cybercrime reporting body, and use those.
If you are not sure, ask first. If you have been approached by anyone like this, you are welcome to contact us before you pay anything or hand over any detail. A short conversation now is a lot cheaper than a second loss.