In today’s age, cryptocurrencies have become so well-known that even the general public has at least heard of them either as a payment method or an investment option, and Bitcoin as the most popular and valuable one, is at the forefront. Digital gold, as it’s sometimes called, Bitcoin’s value skyrocketed over dozens of years, compared to when it was launched 16 years ago. It’s popular, it’s valuable, and unfortunately, it’s also a prime option for scammers and all kinds of cybercriminals. As its prevalence and price grow, so does the number of scams, especially considering Bitcoin has a reputation as an untraceable digital asset. There are numerous ways one could pull off a hoax, from fake exchanges and wallets to malware that accesses Bitcoin wallets and even sham blackmail schemes.
So this begs the question, can you recover Bitcoin from scam websites? No, Bitcoin transactions are irreversible and can't be canceled once sent. However, since Bitcoin operates on a public blockchain, you can track your Bitcoin, and if you find that your Bitcoin was sent to a centralized exchange, you can report it to the exchange which may freeze the scammer's account. If the scammer hasn’t yet withdrawn the funds, there’s a chance you could recover your Bitcoin, especially if authorities investigate the case and order a refund. Still, skilled scammers often use mixers and other privacy tools to obscure the transaction trail, making it impossible to trace the Bitcoin. That’s basically the gist of it, but there’s much more to it than what we said above. The good news is that the PlasBit team is eager to explore and definitely help you avoid such scenarios, which is what we’ll be dealing with in the next 10 or so minutes. At a minimum, we hope you find this article educational and come away with a practical insight or two.
Scam websites
Due to its decentralized nature, irreversible transactions, and anonymous trading, the crypto industry is a prime target for cybercriminals. When it comes to scam websites, it usually goes like this: they pretend to be a legitimate exchange, wallet, investment platform, mining site, or other. As you might have guessed, instead of providing the mentioned services, the website steals money, private keys, confidential user information such as a credit card number, and anything else that has some worth. To make matters worse, these websites come in a variety of forms, and fraudsters use all kinds of tricks to fool people. For instance, fake versions of legitimate trading platforms or exchanges are often made to look professionally designed using copied branding. If you decide to trade and deposit your crypto, it might already be too late to do anything, because when a user tries to withdraw, the site will either block withdrawals or demand additional fees. Another prominent scam option is via counterfeit crypto wallets. Similar to the exchange example, fake wallet applications or websites are made to look like the real deal, copying popular apps like MetaMask or Trust Wallet. All you need to do is download the forged wallet app or enter your private key via a website, and you’re pretty much conned, as the funds are then quickly drained (which also answers can you recover Bitcoin from scam websites or not).
Image credit: (X)
While not theoretically a website, phishing is one of the major issues in cybercrime, not just crypto. As such, it presents a serious problem for crypto users too. Basically, scammers send emails or messages pretending to be from established websites or exchanges like Binance, Coinbase, Kraken, and other high-profile names. The content of those messages typically involves something about the user's account, like a mention of an urgent security issue. This is followed by a fake login link, replicating the looks of a genuine website, and if a user enters their credentials, they can say goodbye to their crypto since the cybercriminals would have gained access to their account. We could go on and on, as there are several other alternatives on how scammers steal crypto - but for now, we’ll focus more on how to spot fraud from a mile away.
Spotting scam websites
First things first, never go in blindly trusting anything and anyone, and always make sure you double-check the source. Now that we’ve got that out of the way, there are several ways to spot a scam. We’ll begin with the looks. While they often try to replicate the well-known sites, fake versions tend to have certain tells. Check the domain names for any intentional misspellings (like binence.com or similar to look like the real thing), extra characters added to the name, and suspicious and unusual extensions (stuff like .aaa). Also, pay attention to grammar and spelling mistakes as these are a dead giveaway of a fake website. Outdated and poor-looking website design, combined with missing or phony contact details, is another tell.
Pressure tactics
Then, take a look at the broader context of the message. Pressure tactics and big promises are a staple of fraudsters. If you encounter a website saying it’s guaranteeing returns and profit, it’s more than likely a scam. There isn’t an investment in the world, crypto or otherwise, that is a 100% guarantee. Authentic websites will often mention potential risks and rewards, so if you see stuff like “Limited deal!” or “Get one BTC for $1” and other similar BS, stay away. As a rule of thumb, whenever a site or a person rushes you or you feel persuaded to do something crypto-related, it’s almost always a scam.
HTTPS encryption
Another way to figure out if a website is out to get you is to check if the site is encrypted or if it starts with https://. In case it doesn’t, that means it’s unsafe, but even if it isn’t a scam, non-security-conscious sites like that are a prime target for hackers to steal sensitive data. In other words, they are a danger nonetheless. Moreover, fraudulent websites frequently leave fake reviews, or none at all. What’s more, you’ll see statements that they only accept crypto, wire transfers, or gift cards, which means they’re trying to fool you. If you’re ever unsure about a website, Google is your friend. Do a quick search of the site in question and check if there are any reports, news, or social media posts mentioning it favorably or unfavorably.
Modern browsers such as Chrome, Firefox, and the rest will warn you that the site is not using https
Typosquatting
Scammers use an alternative URL-related tactic called typosquatting, which is also known as URL hijacking. The name refers to common typing errors people make (it happens to all of us), but this kind of mistake can be much more malicious. Essentially, this social engineering attack targets users who don’t pay much attention to what they type and who often mistype URLs in their web browsers. If that happens, users will be redirected to fake websites that have names and looks similar to legitimate sites (bnance.com instead of binance.com), where they may unknowingly enter their personal and sensitive data.
Transparency
A more tricky way to identify an illicit website is the lack of transparency. Genuine crypto projects always provide details related to their website and team. You’ll see mentions of the technology they use, what their goals are, and the people behind all of it. You won’t find that on scam websites, since they always leave unclear information or omit important info in the first place. In the event you encounter something similar, be very careful as chances are, it’s more often someone trying to dupe you than not. Be aware of all the above and you won’t need to worry whether can you recover Bitcoin from scam websites.
Big crypto heist
Sadly, there is no shortage of cases of people being scammed out of their crypto, losing quite a fortune in the process. One of those happened last year in August when Malone Lam from Singapore was arrested and charged with conspiracy to steal and launder over a whopping $230 million in cryptocurrency. The victim of said crime was reported to be from Washington, DC. Lam, a 20-year-old, wasn’t working alone and had help from 21-year-old Jeandiel Serrano, an American-born citizen. They both were arrested in September 2024, and the case is still ongoing, with one of the court hearings taking place just two weeks ago. It was reported that Lam was spending money left and right, up to half a million dollars a night at clubs, which is what we at PlasBit call plain crazy.
There’s loads of more information on their extravagance (which we’ll get to in a few minutes), but it’s more interesting to note how they pulled off the heist. Pay attention to what has happened so you don’t repeat the same mistakes and be left speculating can you recover Bitcoin from scam websites. It was said that on August 18, the perpetrators contacted the victim in Washington, and while communicating, managed to scam the target for more than 4100 Bitcoins. To put that in a little bit of perspective, that would be worth over $450 million today. It was discovered that they managed to hide their identities by using and transferring funds through a variety of mixers and exchanges. They also employed peel chains, intermediary wallets, and VPNs. That said, the actual details are a lot more elaborate. It all started when the criminals called the victim, pretending to be Google support via a spoofed number to compromise the target’s email and Google account. The duo managed to convince the afflicted that their account was hacked and that they needed to reset the password. Naturally, the damaged party did so by using the fake Google email the fraudsters sent, and in return, they got the real password and access to the victim's Google account. From there on, it was a simple matter for the scammers to go through the emails and figure out which crypto exchanges and wallets were connected to the email.
Afterward, having found out what they’ve been looking for, the cybercriminals posed as Gemini (the crypto exchange, not Google’s AI model) support, with yet another claim that the account had been hacked. We guess they went with the old saying “If it ain’t broke, don’t fix it.” The afflicted then was coerced to reset his 2FA (two-factor authentication) and send the Gemini funds to a compromised wallet. It didn’t stop there, as they managed to get the victim to use AnyDesk to share screen, which was all they needed to get a look at the private keys from Bitcoin core. To be more specific, the cyber thieves found a folder with all the private keys of crypto wallets. Having all they needed, they spared no time to steal millions of dollars worth of cryptocurrency. While they successfully completed the scam, they failed on other fronts, mainly the laundering of all that money. The scammers used multiple exchanges and cryptocurrencies to spread out the money.
But, their splurging made them an easy target for the authorities, and they were arrested the next month. Lam bought over 30 luxury cars (of course he did), including a Pagani Huayra, a few Ferraris, Porches, and some customized Lamborghinis. The lavish lifestyle didn’t stop there, as the management in Los Angeles nightclubs told the US investigators that the Singaporean had sizable expenses at their establishments. One receipt showed that Lam spent $569,528 in one night by ordering a huge number of Grey Goose vodka bottles, Ace of Spade Brut champagne, and many more. Apart from the mentioned luxury cars and other high-end vehicles, the duo also spent their ill-gained money on expensive watches. At the time of his arrest, Jeandiel Serrano had a watch worth half a million dollars, which must have come in handy because he could tell the exact time he was arrested.
Image credit: (Social media)
The government officials managed to recover around $70 million from all those exchanges, but over $100 million is still unaccounted for. They also found approximately $20 million on Serrano’s phone, which he agreed to transfer back to the FBI. The good news is that some of the money has been returned to the scammed party, and the process continues. At the moment, the criminals are looking at up to 20 years in prison and a fine of $250,000, or twice the amount they stole, which would be roughly $460 million. Yeah, good luck with that.
Can you recover Bitcoin from a scammer?
After reading the above, we’re sure you’re wondering can you recover Bitcoin from a scammer? No, since Bitcoin transactions are final, and any Bitcoin sent to a scammer can’t be reversed or recovered unless the scammer returns it. However, if you trace your Bitcoin on the blockchain and find that it has been deposited into a centralized exchange, and the scammer hasn’t withdrawn the funds yet, you can report it to the exchange. If they freeze the account and authorities get involved, there’s a chance you may be able to recover your Bitcoin. We know that’s not the answer anyone wants to hear, but it’s the truth due to the nature of cryptocurrencies. It’s also primarily the reason why it's so enticing for cybercriminals to target this industry. While you can’t do much if you get robbed of your crypto, you can make sure that doesn’t happen from the outset. Be fully aware of who you’re doing business with, familiarize yourself with security and authentication practices, implement them, and spread your crypto across multiple platforms. Don’t ever allow yourself to be in a situation where you have to hope your Bitcoin or any other cryptocurrency will be returned to you.
Can a crypto scammer be traced?
One of the more notable things regarding regular money (besides that it buys you stuff) is that it’s traceable. Each banknote has a unique serial number, so following their path, authorities can track a certain currency. This begs the question: can a crypto scammer be traced? No, because scammers can use mixers and other privacy tools to obscure the crypto transaction history, making it difficult to trace. Nonetheless, since blockchain data is public, you can track your crypto up to a certain point. If it ends up in a centralized exchange wallet, you can contact the exchange to freeze the scammer's account, and with the help of authorities, you may be able to recover your crypto. Similar to the story above, there is always a chance you could get your funds back, or at the very least a part of it, but it’s better to be prepared and educated so that doesn’t occur to begin with.
Bitcoin scammer list
Last year’s big scam is far from the only one. There were many (too many) crypto scammers out there, and it’s not likely that the situation will change anytime soon. Many of these criminals have found their way on the Bitcoin scammer list, and this is a list of some fake exchange websites that are known to be scams, updated to 2025 - Wealth BAX Finance - wealthbax.com, Tpkcoin - web.directcurrent.top, SILD group crypto - sildgroup.co / sild.us, Bitmex impersonators - btm-vip.com, bitaeqcke.net, Elon Musk and Tesla impersonators - webelon.org, Capiturly.io, YFI App - yfiapp.com. It’s important to remember these as being informed is the number one defense against every type of cybercriminal, crypto very much included. It saddens us to say but you’d be surprised how many scams could have been prevented by simple matters. Basic awareness of all kinds of social engineering, or even common sense goes a long way. For example, if you managed to snag a good amount of crypto (or any amount, for that matter), don’t go blurting that out on social media and the internet. By doing so, you’ll just become a target for hackers, scammers, and all kinds of shady people. Best keep it to yourself. Also, learn from those who have been scammed, and do the opposite of what they’ve done. There are countless stories in the crypto community and forums about crypto heists, new and old. This again falls in the category of being observant and informed. Stay away from any suspicious links from untrusted sources, or even trusted sources if you suspect something to be off. As a wise PlasBit writer once said - better to be wrong about a trusted website, than to believe an untrusted one.
Always be on the lookout
The harsh reality of crypto scams is that they could have been prevented. Victims usually fall for simple trickery or they just aren’t educated enough on the general scam practices. Crypto frauds are prevalent everywhere, even on dating sites or apps. If you connect with someone and they start giving you crypto advice or how to invest in it, do know that’s a scam you’re being pulled into. If you ever come across a fraudulent attempt or suspect you’ve been scammed, remember not to panic or make rash decisions. Seek support, be it your friends, family, or crypto community. Document everything, as the more you have, the better the chances you have of recovering what’s stolen. This includes taking screenshots of everything and anything relevant, including transactions, communication, and whatever else you can think of. Put aside any digital traces you can find, such as URLs, emails, and similar. Naturally, report the incident to law enforcement and share with them the evidence you have.
A far better thing to do is to try to stop the scam from ever happening. For starters, make sure the platform you use is safe. Check the reviews, the transparency, the URL, encryption, and everything else we discussed in this article. Watch out for any shady offers and deals. If it’s too good to be true, it’s probably a scam. More to the point - and the PlasBit team can’t stress this enough - keep your private keys as secure as possible. Last year’s big August scam would never have panned out if the victim kept their private keys in a safe place instead of on their computer. Go old school and write it down on a piece of paper or store it offline only. You can also use a non-custodial wallet because this type allows you alone to control the private keys without relying on the wallet provider, which in the end gives you more security. And while we’re on the subject of security, start thinking of using similar tools if you haven’t already. Use a cold wallet (also known as cold storage) since they’re not connected to the internet, hence they offer maximum security. All things considered, instead of asking can you recover Bitcoin from scam websites, start asking how you can prevent a scam, what you can do, what tools to use, and the like. Remember - it’s better to prevent being on the short end of the stick than to deal with the consequences.
