Everything you need to know about our capabilities, process, and legal structure.
What is the process from start to finish?
Engagement runs in four stages: (1) intake and scoping — we understand the incident, the assets involved, and the timeline; (2) forensic investigation — on-chain tracing, wallet clustering, OSINT on infrastructure and actors, attribution work; (3) reporting — a written forensic report with findings and recommended next steps; (4) downstream action — coordination with law enforcement and legal counsel (ours or the client's) to pursue freezing, disclosure, and recovery. For collective cases, we treat the group as a single client: one intake, one consolidated investigation, one report, with claims organized so counsel can act on behalf of all affected parties.
How do you access data and trace funds?
We use industry-standard blockchain analytics and proprietary tooling for tracing, clustering, and attribution. Linking wallets to real-world identities is possible when funds touch KYC'd infrastructure (exchanges, OTC desks, on/off-ramps) — in those cases, identity data is obtained through law enforcement or legal process, never directly by us. Where funds stay in self-custody or pass through mixers and privacy chains, attribution relies on OSINT and behavioral analysis rather than KYC. We work with law enforcement and regulated exchanges where legally permissible.
How do you identify the fraudsters?
Attribution combines on-chain analysis with OSINT across infrastructure (domains, servers, email and messaging artifacts), open records, dark web sources, and behavioral patterns. Realistically, we can surface: exchange accounts funds passed through, jurisdictions of operation, operational patterns, linked aliases and infrastructure, and in many cases individual actors. Whether every actor behind a scam can be identified depends on their operational security — some cases resolve to named individuals, others to the infrastructure and services they rely on, which is often enough for legal action.
What is your track record?
We have worked in over 20 cases to date, primarily involving private investment round fraud (small recoveries). Perpetrators were identified in the majority of them. Funds were recovered in roughly 80% of the cases; in the remaining cases, too much time had passed between the fraud and engagement for recovery to be viable — timing is the single biggest factor.
How high is the success rate and what are the risks?
Across our cases, recovery has been achieved in approximately 80%. We define success as funds actually returned to the client, not merely traced or identified. No recovery rate is ever a 100% guarantee — the honest reality is that most victims wait too long before seeking help, and every day that passes makes recovery harder as funds move, get laundered, or exit through non-cooperating jurisdictions. The factors that most influence outcome are speed of engagement, whether funds have passed through KYC'd infrastructure, the jurisdictions involved, and the willingness of law enforcement and exchanges to act.
What legal proceedings are involved?
Recovery typically involves forensic affidavits, disclosure applications against exchanges, freezing orders, law enforcement reports, and civil claims. We have an in-house legal team that can handle this directly, or we work alongside the client's own counsel if they prefer.
Why do you charge an upfront fee?
We work with a dedicated cyber threat intelligence team, not a law firm — and pure contingency doesn't fit this kind of work. Forensic investigation, tracing, and attribution take many real hours and specialized tooling whether or not recovery ultimately succeeds. You wouldn't ask a jet mechanic to tear down and diagnose an engine for free on the chance he might find something worth fixing — the work itself is the product, and the expertise behind it isn't cheap to deploy. Our model is a fixed fee for the investigation and report, plus a share of any funds actually recovered. Clients pay for the work that gets done, and we share in the upside when the outcome is a win.
Can I remain anonymous during the investigation?
On our side, we do not require KYC from clients to begin an investigation — we can work with anonymous or pseudonymous clients through the forensic stage. Clients should understand, however, that once law enforcement or legal proceedings enter the picture, some degree of identity disclosure to those parties is usually unavoidable, because courts and agencies require a named claimant to act on.
How do you communicate with clients?
Clients receive regular updates throughout the engagement, with a named point of contact and scheduled checkpoints. For collective cases like this we communicate everything officially through the platform. Clients see the investigation's progress, findings as they develop, and the final report in full.
Under which financial authority are you regulated and can you send me the license number + official register link?
We are a registered Swiss technology company. Since we are not a traditional financial institution, we are not subject to a specific financial supervisory authority, but act as an IT and forensics service provider. Our company is duly registered in the Swiss Commercial Register (Zefix). You can find our official public register extract at the following link: https://www.zefix.ch/de/search/entity/list/firm/1472607
Which specific authorities do you work with for freezes? Please provide a contact person or official procedure.
We are currently in the phase of securing evidence and pooling the affected parties, which is why no investigative proceedings have been opened yet in this specific collective action. As soon as we have gathered sufficient forensic evidence, we will primarily cooperate with the competent investigative authorities (e.g., in Germany). Depending on which country the identified perpetrators are based in and how clear the evidence is, our lawyers will also internationally file criminal complaints in the respective jurisdictions. For ongoing tactical investigation and data protection reasons, we understandably cannot publicly name specific officials or contacts in advance.
Why do you demand an upfront fee if you allegedly only get paid upon success?
We have never communicated that we work exclusively on a contingency basis. Professional blockchain forensics, legal processing, and administrative effort require significant time, specialized software, and expertise, which must be funded regardless of the later outcome of a procedure. In the market, lawyers and forensic service providers generally always work for a fee.
To keep the costs for the individual as low as possible, we pool the affected parties. We consider the nominal fee of 49.99 Euros to be absolutely fair and transparent given the high complexity and the often five- to six-figure loss sums of those affected. Important: To cover the costs, at least 1,000 affected persons must participate. If this goal is not achieved, the forensic work in this project will not be started and, without exception, every participant will receive their upfront fee back in full.
Can you show me a concrete transaction that you successfully recovered (with TxID on the blockchain)?
Due to client confidentiality and data protection laws, we do not publish specific transaction IDs of solved cases. In addition, the mere mention of a TxID would not be meaningful, since it cannot be verified on the blockchain without the official legal context anyway who initiated the recovery.
For the legal part of the enforcement, we closely work with an international law firm specializing in such cases from Portugal. Alternatively, we offer you full flexibility: You can provide us with the contact details of a lawyer of your choice, and we will provide them with our fully elaborated forensic analysis so that your lawyer can pursue the case for you.
Can I find your company in the commercial register? Please send me the direct official register extract.
Yes, of course. As mentioned in the answer to the first question, you can find our official entry in the Swiss Central Business Name Index (Zefix), publicly accessible at the following link: https://www.zefix.ch/de/search/entity/list/firm/1472607
How exactly can you technically freeze wallets if you are not an exchange or an authority?
As a private technology company, we cannot arbitrarily freeze wallets on the blockchain. Account blocks or the freezing of crypto assets legally function exclusively via judicial or regulatory orders.
However, the hurdle for such orders is high: Law enforcement authorities require seamless, professional crypto foreclosure and clear chains of evidence to even take action. This is exactly where our service comes in. We handle the tracing of the funds and prepare the data flows so that legal steps can be initiated. As soon as an official order is obtained by the lawyers, it can be submitted to the responsible crypto exchanges or directly to stablecoin issuers (such as Tether) to legally and finally freeze the wallet.
Scammers often cash out within a few days. Why do you wait for 1,000 to 2,000 participants instead of acting immediately on the day of the fraud?
In an organized scam of this massive, almost industrial scale, the strategic and legal situation is somewhat different. We want to transparently explain why our current approach offers the highest chance of actual asset recovery:
1. The blockchain forgets nothing (Immutability): It is true that scammers often move funds quickly through various wallets or mixers. However, this does not change the fact that the blockchain is permanent and unchangeable. Even if funds are sent and split extremely often, the trail remains intact and can be unravelled by professional forensics – regardless of whether this happens on day 1, day 30, or day 100.
2. Exchanges and authorities are the real bottleneck: Even the fastest tracking is useless if the next and most important step is blocked. The actual bottlenecks are international crypto exchanges (like Binance), stablecoin issuers (like Tether), and the competent law enforcement authorities. Today, they often reject individual requests – even for six-figure sums – simply because they lack the resources for isolated cases or the legal threshold is not met.
3. Mass creates irreversible legal pressure: This is exactly where our strategy comes in. Instead of submitting an individual case with a damage of perhaps €100,000 to the authorities, which can easily get lost in the filing cabinet, we act as a unified entity. If we pool 1,000 to 2,000 people and double-digit million sums, we are legally talking about a large-scale structural crime. With this enormous accumulated volume of data and damages, our partner lawyers have completely different leverage. With such mass and professional preparation, neither law enforcement agencies nor stablecoin issuers can avoid enforcing immediate 'freeze actions'.
4. Cashing out such massive sums takes time: The perpetrators must convert double-digit million amounts into state money (fiat). Due to globally increasingly strict anti-money laundering regulations (KYC/AML), this – even via straw men and OTC desks – is not a process that can be fully completed in a few days. And as long as funds remain on the blockchain in the form of stablecoins (USDT/USDC), issuers can freeze them at the push of a button with a strong official order.
Conclusion: Speed is excellent for tracing. But collective legal clout is the only way to convert tracing into a real block. We deliberately pool this mass because, in our experience, it is the only way to force authorities and exchanges into unavoidable action.