Crypto Fraud & Asset Recovery
How losses to digital asset fraud and theft are recovered through criminal forfeiture and restitution, civil litigation, and asset tracing, and why the public ledger makes recovery both more achievable and more difficult than it is in traditional fraud.
Overview
Crypto fraud is, in its essential mechanics, ordinary fraud. The schemes used to take digital assets from their owners, such as fake investments, romance manipulation, market manipulation, and outright theft, are the schemes that have always been used to take money from people. What is distinctive is the asset. A digital asset transfer is fast, often crosses borders in a single step, settles without an intermediary that can reverse it, and, on a public blockchain, is recorded permanently and visibly. Each of those features shapes how a loss happens and whether it can be undone.
Two questions run through this page: (1) how crypto fraud works and which agencies police it, and (2) the question this resource is weighted toward, how losses are recovered. The honest answer to the second is that most victims of crypto fraud recover little or nothing. Recovery depends on a short list of conditions: whether the assets can be located, whether they remain within reach of a court or a cooperating institution, and whether there is a solvent defendant or a pool of seized funds from which a victim can be paid. Where those conditions are absent, no amount of litigation will produce money.
The blockchain changes this picture in a specific and limited way: because public blockchains record every transaction, stolen assets can often be followed across the network in a way that cash cannot, though tracing an asset is not the same as recovering it. This page describes the recovery landscape as it stands in May 2026, the criminal route, the civil route, the tracing tools, and their practical limits, noting where the significant 2025 shift in federal enforcement posture bears on recovery. The four scam-specific Topic Resources linked below examine particular fraud types in greater depth.
The Anatomy of Crypto Fraud
Recovery analysis begins with classifying the fraud, because the type of scheme determines which agencies have jurisdiction, which legal claims are available, and where any remaining assets are likely to be. The principal typologies are outlined here; the Topic Resources treat several of them at length.
Investment and Ponzi schemes promise returns that do not exist, paying early investors with the deposits of later ones until new deposits slow and the structure collapses. Romance-investment fraud — widely known as “pig butchering” — combines a manufactured personal relationship with a fraudulent investment platform. Pump-and-dump schemes inflate a token’s price through coordinated buying or misleading promotion so the organizers can sell into the demand they created; oracle manipulation, a variant specific to decentralized finance, feeds false price data into automated protocols to drain them. Exit scams and “rug pulls” involve a project built to be abandoned, with the operators withdrawing investor funds and disappearing. Phishing and account-takeover attacks steal the credentials or private keys that control a victim’s assets directly, and fake exchanges present themselves as legitimate trading venues but exist only to capture deposits. These categories overlap in practice, and the recovery mechanisms described below apply across all of them.
The Enforcement Landscape
No single agency is responsible for crypto fraud. Criminal prosecution, civil regulatory enforcement, and consumer-protection enforcement are divided among several federal agencies, and the states enforce their own laws in parallel. For a victim, the practical significance is that different agencies offer different recovery mechanisms, operate on different timelines, and generally require the loss to be reported to each separately.
Department of Justice
The Department of Justice prosecutes crypto fraud as federal crime, typically charging it under statutes that predate digital assets, wire fraud (18 U.S.C. § 1343), securities and commodities fraud (18 U.S.C. § 1348), and money laundering (18 U.S.C. §§ 1956 and 1957) only now applied to schemes carried out with cryptocurrency. A dedicated National Cryptocurrency Enforcement Team coordinated these cases from 2022 until it was disbanded in 2025, when a Department policy memorandum also narrowed federal criminal enforcement to conduct that defrauds investors or facilitates serious crime, and away from regulatory-style prosecutions of exchanges for registration failures. Such cases are now handled by United States Attorneys’ Offices and the Criminal Division’s Fraud Section. The salient point for a victim is that the Department continues to prosecute investment fraud, theft, and the misappropriation of customer assets — and that the criminal forfeiture and restitution described below flow from those prosecutions.
The SEC and the CFTC
Where a fraudulent scheme involved a digital asset offered or sold as a security, the Securities and Exchange Commission may bring a civil enforcement action; where the asset was a commodity, the Commodity Futures Trading Commission may do so. Both hold anti-fraud authority that does not depend on the registration status of the asset or venue. The SEC has authority under provisions including Section 10(b) of the Securities Exchange Act of 1934 (15 U.S.C. § 78j(b)) and Rule 10b-5. The CFTC has authority under Section 6(c)(1) of the Commodity Exchange Act and Rule 180.1, which reach fraud and manipulation in the spot market for digital asset commodities. In a successful action each can obtain injunctions, civil penalties, and the return of a wrongdoer’s gains.
The SEC’s authority to obtain disgorgement was confirmed, and limited, by the Supreme Court in Liu v. SEC, 591 U.S. 71 (2020), which held that a disgorgement award is permissible equitable relief where it does not exceed the wrongdoer’s net profits and is awarded for victims; Congress then expressly codified that authority in the National Defense Authorization Act for Fiscal Year 2021. Disgorged funds and penalties can be routed to harmed investors through the SEC’s “Fair Fund” mechanism, and the CFTC can likewise obtain restitution. Both agencies reduced their crypto enforcement activity over 2025 as their broader posture shifted, but their underlying anti-fraud authority was not changed by that shift.
The Federal Trade Commission
The Federal Trade Commission enforces the prohibition on unfair and deceptive acts and practices in Section 5 of the FTC Act, which reaches consumer-facing crypto deception not otherwise charged as securities or commodities fraud. Its remedial powers were significantly narrowed by the Supreme Court in AMG Capital Management, LLC v. FTC, 593 U.S. 67 (2021), which held that Section 13(b) of the FTC Act does not authorize a court to award equitable monetary relief such as restitution or disgorgement. To obtain monetary recovery for consumers, the FTC must now proceed through the administrative process in Sections 5 and 19 of the Act.
The FBI and IC3
The Internet Crime Complaint Center (IC3), operated by the FBI, is the federal intake point for internet-enabled fraud. A victim reports a loss by filing a complaint at ic3.gov; the complaint feeds investigations and triggers the FBI’s rapid-response recovery tools. The Bureau’s Recovery Asset Team works with financial institutions to freeze fraudulent transfers through the Financial Fraud Kill Chain, and its Operation Level Up initiative identifies and notifies people who are still being defrauded. These tools depend on speed: a transfer reported within hours can sometimes be frozen, while one discovered weeks later usually cannot. The scale is substantial. In its 2025 annual report the IC3 recorded cryptocurrency-related complaints totaling more than $11 billion in reported losses, the highest of any transaction category it tracks, and reported figures are understood to understate the true total.
State Authorities
State attorneys general and state securities regulators enforce state “blue sky” securities laws and consumer-protection statutes against crypto fraud committed in or directed at their states. State enforcement runs in parallel with federal enforcement and is sometimes faster and more directly focused on returning money to in-state victims. In Illinois, the relevant authorities are the Illinois Securities Department, within the Office of the Secretary of State, and the Office of the Illinois Attorney General.
Criminal Forfeiture and Restitution
Criminal prosecution is one of the two principal routes to recovery, and it works through two mechanisms that are often confused. Forfeiture is the government’s power to take property connected to a crime. Restitution is a court order directing a convicted offender to compensate the victim for the loss. A single case can involve both.
Forfeiture takes two forms. Criminal forfeiture is imposed on a convicted defendant as part of the sentence under statutes including 18 U.S.C. § 982, and carried out under the procedures incorporated from 21 U.S.C. § 853. It reaches property traceable to the offense. Civil forfeiture, under 18 U.S.C. § 981, proceeds in rem, against the property itself, and requires no criminal conviction; it is the mechanism used when the wrongdoer is unknown, deceased, or beyond the reach of prosecution. Digital assets are property subject to both. In practice the government takes control of forfeited cryptocurrency by seizing the private keys that control a wallet or by serving legal process on an exchange holding the assets in custody.
Restitution is governed chiefly by the Mandatory Victims Restitution Act, 18 U.S.C. § 3663A, which makes restitution mandatory upon conviction for a broad set of offenses, including offenses against property committed by fraud or deceit; the older provision at 18 U.S.C. § 3663 covers discretionary restitution. A restitution order is a money judgment in the victim’s favor, but it is only as collectable as the defendant’s assets. Forfeiture and restitution connect at the point of payment, and that connection is how most victims of a prosecuted fraud actually receive money: forfeited assets belong to the United States, and victims recover them through two Department of Justice processes under the regulations at 28 C.F.R. Part 9, (1) remission, which returns forfeited property to the victims of the offense, and (2) restoration, which transfers forfeited funds to satisfy an outstanding restitution order. Two realities temper this route. It is slow. The path from report to investigation, conviction, forfeiture, and distribution commonly takes years, and it recovers only what is found and seized, often a fraction of the total stolen. It asks nothing of the victim except a prompt and complete report, which makes it the default path for smaller losses, but it offers a partial and delayed recovery at best.
Civil Litigation and Recovery
The second principal route is a civil lawsuit brought by the victim. Unlike the criminal route, it is controlled by the victim rather than the government, and it can be pursued whether or not a prosecution is brought. Its central limitation is equally fundamental: a lawsuit produces a judgment, and a judgment is worth only what can be collected against it.
The available claims depend on the scheme. A defrauded victim can typically assert common-law claims in state court, including fraud, conversion, breach of contract, and unjust enrichment. Where the asset was sold as a security, the federal securities laws supply a private right of action for fraud under Section 10(b) of the Securities Exchange Act and Rule 10b-5; where the asset was a commodity and the conduct involved fraud or manipulation, the Commodity Exchange Act provides one at 7 U.S.C. § 25. Where the fraud was carried out through a pattern of racketeering activity by an enterprise, the civil provision of the Racketeer Influenced and Corrupt Organizations Act, 18 U.S.C. § 1964(c), allows a private plaintiff to recover treble damages and attorney’s fees, a powerful remedy, but one with demanding pleading and proof requirements. Where many victims were harmed by one scheme, these claims can often be brought as a class action.
The recurring obstacle in civil recovery is the solvency and reachability of the defendant. Many crypto fraud operators are effectively judgment-proof. They are often anonymous, offshore, and hold nothing collectable by the time a judgment issues. Civil litigation is most productive where the defendant is both identifiable and solvent: a fraudulent enterprise that still holds assets, an exchange or other intermediary alleged to have failed a legal duty, or a professional who enabled the scheme. Because digital assets can be moved quickly, the pre-judgment remedies a court can grant (such as a temporary restraining order, an asset freeze, prejudgment attachment) are frequently more important than the final judgment. Securing assets before they are cashed out or moved beyond a court’s reach is often the difference between a collectable judgment and a worthless one.
Tracing Digital Assets
The recovery routes above all depend on a prior step: locating the stolen assets. Here the technology that makes crypto fraud fast also makes it, to a degree, traceable. Every transaction on a public blockchain is recorded permanently and visibly. Blockchain analytics methods can follow assets from the address that received them through subsequent transfers, attribute clusters of addresses to particular services, and identify the points at which value enters or leaves the regulated financial system. This is a genuine investigative advantage over cash, which leaves no comparable trail.
That advantage is real but bounded. Tracing establishes where stolen value has gone; it does not, by itself, bring the value back. Recovery still requires that the assets reach a point where a court or a cooperating institution can act on them, and the most important such point is a regulated exchange. When stolen assets are moved to an exchange to be cashed out, they pass through an identifiable, regulated business that collects customer-identification information and can be served with legal process. An exchange is therefore where assets can realistically be frozen, where the receiving account holder can be identified, and where a court order can be enforced. Assets that stay in self-hosted wallets, or move only through unregulated or offshore venues, are far harder to reach even when traced.
When stolen funds are mixed with other money the law supplies equitable doctrines for following value through the commingled mass. A constructive trust treats a wrongdoer holding identifiable property derived from fraud as holding it for the victim’s benefit, giving the victim a claim superior to a general creditor’s; the lowest intermediate balance rule limits tracing into a commingled account, so that a victim’s traceable claim cannot exceed the lowest balance the account fell to after the victim’s money was deposited. These doctrines have limits. When funds are hopelessly commingled and the wrongdoer is insolvent, tracing breaks down, and courts turn instead to pro rata distribution among the victims. This is the principle stated by the Supreme Court a century ago in Cunningham v. Brown, 265 U.S. 1 (1924), which arose from the collapse of Charles Ponzi’s original scheme: investors who could not identify their own money in the commingled fund stood as general creditors, entitled to share equally rather than to trace to specific dollars. Tracing is also adversarial. Fraud operators use mixing services, “chain-hopping” across blockchains, and other obfuscation to break the trail, and although analytics have advanced in response, obfuscation raises the cost and difficulty of tracing and can defeat it entirely.
Practical Realities of Recovery
Several practical factors, more than any single doctrine, determine whether a crypto fraud loss is recovered. The first is speed. The interval between discovering a fraud and acting on it is the single most important variable in the outcome. Assets reported within hours can sometimes be frozen at an exchange or intercepted before they are cashed out; the same assets discovered weeks later have usually been moved, converted, and dispersed beyond practical reach. Reporting to IC3 and notifying any exchange involved should happen immediately.
The second factor is legal deadlines. Civil claims are subject to statutes of limitations, and the applicable period varies by the type of claim and the jurisdiction. Fraud, securities, commodities, and racketeering claims each carry their own rules, and several begin to run when the fraud was, or reasonably should have been, discovered. Because these periods can be shorter than victims expect, the limitations question should be assessed early rather than assumed away.
The third factor is jurisdiction. A large share of crypto fraud is conducted from outside the United States, placing both the wrongdoers and the assets beyond the direct authority of U.S. courts. A U.S. judgment is difficult and slow to enforce abroad, and cross-border evidence-gathering depends on mutual legal assistance treaties and law enforcement cooperation, neither of which is quick. Cross-border recovery is not impossible. It is most feasible where assets pass through an exchange subject to U.S. or allied jurisdiction, but it is materially harder than recovery within a single country.
The fourth factor is cost. Civil litigation, and the blockchain-forensics work that often supports it, are expensive, and the honest question is whether the amount realistically recoverable justifies the cost of pursuing it. For many smaller losses, the proportionate path is to report thoroughly to law enforcement and regulators and seek inclusion in any eventual forfeiture distribution. For larger losses, particularly where tracing identifies recoverable assets or a solvent, reachable defendant, a civil action or a coordinated civil-and-criminal strategy may justify the investment. That assessment is best made early, with advice, while assets may still be within reach.
One further reality deserves a specific warning. Victims of crypto fraud are frequently targeted a second time by “recovery” services that promise, for an up-front fee, to retrieve lost assets. A legitimate recovery effort, whether by counsel, a forensic firm, or law enforcement, does not begin with a guarantee of success or a demand for payment sent to a personal cryptocurrency wallet. Advance-fee recovery offers, particularly unsolicited ones that arrive after a loss, are themselves a common form of fraud.
Frequently Asked Questions
Can I realistically recover money lost to crypto fraud?
Sometimes, partially, and rarely in full. Recovery depends on whether the assets can be located, whether they remain somewhere a court or cooperating institution can reach them, and whether there is a solvent defendant or a pool of seized funds available for distribution. The strongest cases are reported quickly, involve stolen assets traced to a regulated exchange, or feature an identifiable, solvent defendant who can be sued. Many victims, particularly of offshore schemes, recover little or nothing. An early, candid assessment of these factors is more useful than either false optimism or premature resignation.
What is the difference between forfeiture and restitution?
Forfeiture is the government’s power to take property connected to a crime; it can be criminal — imposed on a convicted defendant as part of the sentence — or civil, brought against the property itself without a conviction. Restitution is a court order requiring a convicted offender to compensate the victim. The two connect at the point of payment: forfeited assets belong to the United States, and victims receive them through Department of Justice processes called remission and restoration, which return forfeited property to victims or apply it toward a restitution order.
Does the public blockchain mean stolen crypto can always be traced and recovered?
It often means stolen assets can be traced — public blockchains record every transaction permanently — but tracing is not recovery. Locating stolen value identifies a target; getting it back still requires that the assets reach a custodian that will freeze them or a person a court can compel. Mixing services, transfers across blockchains, and movement through unregulated offshore venues can frustrate tracing, and assets held in self-hosted wallets are difficult to reach even when their location is known.
Should I file a civil lawsuit or rely on a criminal prosecution?
They are different routes with different trade-offs, and they are not mutually exclusive. A criminal prosecution costs the victim nothing and can produce forfeiture and restitution, but it is controlled by the government, is slow, and may never be brought. A civil lawsuit is controlled by the victim and can be pursued independently, but it costs money and produces only a judgment, often worth pursuing only if the defendant is identifiable and solvent. The practical answer is often to report to law enforcement promptly and, in parallel, assess whether a civil claim against a reachable defendant is worthwhile.
How quickly do I need to act after discovering crypto fraud?
Immediately. Speed is the single factor most strongly associated with recovery. Assets reported within hours can sometimes be frozen before they are cashed out; the same assets discovered weeks later usually cannot. Report the loss to the FBI’s Internet Crime Complaint Center at ic3.gov as soon as it is discovered, notify any exchange involved at once, and preserve all records of the transactions and communications. Legal deadlines for civil claims also begin to run early, a further reason not to wait.
Are “crypto recovery services” that promise to get my money back legitimate?
Treat unsolicited offers of this kind with great caution. Victims of crypto fraud are routinely targeted a second time by services that promise, for an advance fee, to recover lost assets, an offer that is itself frequently a scam. Legitimate recovery work, whether by an attorney, a forensic firm, or law enforcement, does not begin with a guarantee of results or a demand that payment be sent to a personal cryptocurrency wallet. Anyone considering paying for recovery assistance should verify the provider independently before sending money or sharing account access.
Related Resources
- Digital Asset Regulation — the regulatory architecture that determines which agency has authority over a given digital asset, and the securities-versus-commodity classification that shapes which fraud claims apply.
- Pig Butchering — the romance-investment fraud that combines a manufactured personal relationship with a fraudulent trading platform.
- Crypto Pump-and-Dump Schemes — coordinated price manipulation in digital asset markets and the law that applies to it.
- Oracle Manipulation — the manipulation of price-feed data used to drain decentralized finance protocols.
- Crypto Exit Scams — projects built to be abandoned, in which the operators withdraw investor funds and disappear.