ChainGuard 'Forensics' Scam: How Recovery Services Steal Twice

The "blockchain forensics firm" that doubled the loss

March 2025. A holder in Brooklyn lost $84,000 to a phishing site three weeks earlier. He searches "crypto recovery service" on Google and contacts a firm called "ChainGuard Forensics" — polished website, claims partnerships with the FBI, lists $300M in "recovered funds" on its landing page. The firm asks for a $2,400 "case-opening fee" plus 15% of recovered funds. He pays. Two weeks later, they ask for an additional $4,500 for "international cooperation fees." He pays again. Then they go dark.

The structure of secondary scams

Victims of crypto fraud are a target list. Their loss histories are public — they posted to Reddit, filed IC3 reports that get scraped, joined recovery support groups that have been infiltrated. The secondary scammer offers exactly what the victim wants to hear: an authority figure who can reverse the loss. The fees are calibrated to be "worth it" given the original loss but small enough to pay without scrutiny.

The hard truth about crypto recovery

Truly recoverable cases are rare. Recovery happens when: (1) the funds were routed through a US-licensed exchange that froze them on suspicion of fraud, (2) law enforcement (FBI, IRS-CI) has built a case against the operator and obtained a seizure warrant, or (3) the operator made a mistake — KYC'd at an exchange, reused an address linked to their identity, or held funds long enough for legal process to catch up.

None of these scenarios involve a private "recovery service" charging fees upfront. Real forensic firms (TRM Labs, Chainalysis, Elliptic) work with law enforcement and large institutions, not retail victims. They do not advertise on Google to individuals.

The four signs of a fake recovery service

• Charges upfront fees. Real recovery, when it happens at all, is contingent on recovered funds. Anyone asking for fees before any recovery is the secondary scam.
• Claims "FBI partnerships" or "blockchain forensics certifications." The FBI does not partner with retail-facing recovery firms. There is no industry "blockchain forensics certification" with regulatory weight.
• Found via Google Ads or Reddit DMs. Real services do not need to advertise to grieving victims.
• Promises specific recovery amounts or timelines. Real cases take months to years, with no certainty of outcome.

What to actually do after a loss

File IC3 (ic3.gov). File with your state attorney general's consumer protection office. Contact the exchange the funds were last seen on — if it is US-licensed, they may freeze. Then accept the loss and rebuild defensively, not chase a recovery that almost certainly is not coming.