// Forensic blockchain intelligence · est. 2019

Stolen crypto. Hunted. Recovered.

CHAINRECOVER is a private intelligence firm built to do one thing: get your money back. Working across 14 chains and 47 jurisdictions. Quietly and surgically.

Open a case file How it works
Free intake call Encrypted intake Signed NDA 24h response PGP available
$0M
Recovered for clients
Since 2019 · net of fees
0
Closed case files
Fully remitted · NDA protected
0%
Recovery rate*
*on accepted cases only
0
Jurisdictions
Counsel on retainer · 24/7 ops
// 01 · SERVICES
What we recover

If they took it on-chain, we can find it.

SVC.01

Hacked wallet & exchange recovery

Self-custody drained. Seed phrase compromised. Account takeover at a CEX. We trace from the breach point to the final resting wallet, and pursue the freeze.

  • MetaMask / Phantom / Trust drainers
  • Address-poisoning & clipboard hijacks
  • SIM-swap & 2FA bypass cases
  • Custodial account compromise
SVC.02

Pig-butchering & investment fraud

Long-con romance scams, fake brokerage platforms, "AI trading" schemes, Telegram-group rug pulls. Most victims wait too long. We move in the first 72 hours.

  • Sha Zhu Pan / CryptoRom networks
  • Fake "investment platform" withdrawal scams
  • Pig-butchering syndicate disruption
  • Victim coalition class actions
SVC.03

DeFi exploits & smart-contract drains

Flash-loan attacks, reentrancy bugs, oracle manipulation, governance takeovers. We coordinate with protocols, white-hat negotiators, and CEXes to claw back drained TVL.

  • Bridge & AMM exploit recovery
  • White-hat bounty negotiation
  • Validator / multisig collusion
  • MEV-extraction reversal
SVC.04

Ransomware & extortion settlement

Confidential, OFAC-compliant negotiation and post-payment tracing. If a ransom is paid, we follow it, and many of our highest-value recoveries start here.

  • Threat actor identification & sanction screening
  • Negotiation, key brokerage, decryption testing
  • Post-payment tracing & clawback
  • Insurance & FBI/IC3 liaison
// 02 · PROCESS
From breach to bank account

Four phases. Zero theatrics.

STEP 01

Intake & triage

Encrypted intake, signed NDA, evidence preservation. A free initial call to scope the case and tell you whether a forensic report is worth commissioning.

T+0 · 24h SLA
STEP 02

Forensic trace

Cluster attribution, hop analysis, mixer peeling. We map the full flow of funds and identify the off-ramp, usually a CEX, OTC desk, or fiat gateway.

T+1d → T+7d
STEP 03

Pursue & freeze

Direct lines to exchange fraud teams and outside counsel. Subpoenas, court orders, civil seizure motions. We move the legal stack while the trail is hot.

T+7d → T+45d
STEP 04

Recover & remit

Recovered assets remitted on your terms: converted and wired, or returned to a wallet you control. Our contingency fee is drawn from the recovery itself.

T+30d → T+180d
// 03 · COVERAGE
Chains under active surveillance

Bitcoin to Base. Full-spectrum.

BTCBitcoin
ETHEthereum
USDTTron / Eth
SOLSolana
BNBBNB chain
TRXTron
XRPRipple
BASECoinbase L2
ARBArbitrum
OPOptimism
MATICPolygon
AVAXAvalanche
DOTPolkadot
ADACardano
LTCLitecoin
+ 24more
// 04 · THE TOLL
Why this firm exists

They didn't just take your money. They took everything it meant.

Retirement accounts drained in ninety seconds. Down payments stolen from people who saved a decade to make them. Inheritances vanished before probate cleared. Marriages ending over losses the victim can't bring themselves to say out loud. This is not a headline problem. It is a household problem, and right now it is the fastest-growing financial crime on earth.

$2.7B+
stolen from crypto protocols and exchanges in 2025 alone. The worst year on record.
Chainalysis · TRM Labs
$10B / year
lost by Americans to Southeast Asian pig-butchering syndicates run out of trafficked labor compounds.
U.S. Treasury, 2026
$606M
drained from DeFi in a single 18-day stretch this April. Twelve separate exploits.
CryptoTimes · Apr 2026

It almost never looks like a crime while it is happening. It starts with a LinkedIn message from a well-dressed stranger. A "tech-support" call about your wallet. A trading platform where your numbers go up for weeks. A phishing email that looks exactly like MetaMask. A browser extension you installed years ago that just got updated. A friend's compromised Telegram, sending a "new opportunity."

By the time you notice, the money is seven wallets away.

The people running these operations are not lone hackers. They are industrialized. Thousand-person trafficked compounds in Sihanoukville and Myawaddy, running the social side. State-sponsored units in Pyongyang laundering eight-figure hauls through mixers. DeFi attackers running six-month social-engineering cycles against protocol engineers. Rug-pull outfits with forged audits and paid influencers standing by. You did not lose to a stranger. You lost to an industry.

And what they took wasn't just the balance. It was the retirement you'd already started imagining. The wedding fund. The down payment on a house your kids would grow up in. The small cushion that let you breathe. Some of our clients haven't told their spouses yet. Some haven't slept through a night since. We've taken calls from widows, small-business owners, nurses, engineers, parents of autistic kids. This does not happen to stupid people. It happens to trusting ones.

You are not the first. You are not stupid. And you do not have to do this alone.

// 04.1 · OPEN A CASE

Confidential intake. Takes four minutes.

Encrypted form. Signed NDA before any details are shared. A senior investigator responds within 24 hours. The initial intake call costs you nothing.

// 06 · FAQ
The questions clients ask first

Real answers. No legalese.

Q.01Do I have to pay anything up front?+
Yes. We charge for a forensic report up front. Our investigators analyze the breach, trace the funds on-chain, identify the attack vector, and deliver a written assessment of whether recovery is viable and what the path forward looks like. The report is priced case-by-case and scoped on the intake call. If the report supports pursuing recovery, we engage on a retainer plus a contingency fee of 10-30% on assets actually returned to you, scaled to case complexity. If the report concludes the trail isn't workable, we tell you that directly.
Q.02My funds went through Tornado Cash or a mixer. Is it over?+
Not necessarily. Mixers introduce friction but most leave statistical signatures we can de-anonymize, especially when combined with peel-chain analysis and timing correlation against off-ramps. Lazarus-style mixing is the hardest, but even there we have ongoing recoveries. We'll tell you straight on the intake call whether the trail is workable.
Q.03How fast do I need to act?+
The first 72 hours are the most valuable window: funds are still in transit and exchanges are most willing to freeze on probable cause. We've recovered cases that are years old, but every hour funds sit at a CEX is an hour they can be withdrawn. Open the intake. Don't wait.
Q.04Will you help me if I bought a meme coin and it rugged?+
Not usually, no. A rugged meme coin is a contract-level exit: anonymous devs, liquidity pulled from a DEX, funds dispersed through other DEXes within minutes. There's no central party to petition and no jurisdictional hook, because nothing was ever registered anywhere. Unless there's a significant off-chain footprint (named founders, fiat on-ramps that can be subpoenaed), the recovery path is rarely economic. Fake ICOs are different: a registered entity somewhere, named (or stolen-identity) founders, off-chain marketing, fiat wire rails, and CEX deposits at some stage. That creates evidence, jurisdiction, and chokepoints. If you've lost money to a fake ICO or a pre-launch token sale, open the intake.
Q.05What's the smallest case you'll take?+
No hard minimum. It's case-dependent, we'll check on the intake call.
// 07 · START A CASE

You didn't lose it.
It's somewhere.

Encrypted intake. Signed NDA before any details are shared. A response from a senior investigator within 24 hours.

SECURE · PGP available · Free intake call