Losing access to your wallet makes you a target twice: once for the loss itself, and again for the swarm of fake "recovery experts" who prey on people searching for help. Recovery scams are a common follow-on fraud in crypto — the FBI recorded 10,516 related complaints in 2025. See our source-backed 2025 crypto scam report and five common Bitcoin scams.
Here is the checklist we'd give a family member. Apply it to every recovery service you're considering — including us.
Instant disqualifiers
Locked out of a wallet like this one?
We repair hardware wallets, crack forgotten passwords, and rebuild broken seed phrases — on our own bench in Denver.
If any one of these is true, walk away. No exceptions.
- They contacted you first. Legitimate recovery services do not DM strangers on Twitter/X, Telegram, Instagram, or in the comments under your post about losing coins. Anyone who reaches out to you unsolicited is an impersonator or a scammer. (This is why we state plainly: we never contact you first.)
- They demand payment up front. Every legitimate service in this industry works on a no-recovery-no-fee basis. "Processing fees," "software fees," "gas fees to release your funds" — all scams. The moment money is requested before results, you're done.
- They guarantee success. Real recovery is probabilistic. A password may never crack; a wiped drive may hold nothing. Honest services quote odds and take cases they might lose. A "100% success rate" is a claim only someone with no real caseload can make.
- They claim they can recover coins sent to a scammer. Once crypto is transferred to an address someone else controls, no third party can pull it back — not without the thief's keys or law enforcement seizing them. We wrote an entire guide on this: Help! My Bitcoin was stolen — can you help? Anyone who sells "stolen fund recovery" as a service is running the second act of the scam that took your money the first time.
- They ask for your seed phrase or remaining funds "for verification." Never.
Positive signals — what legitimacy looks like
No single item proves a service is safe, but legitimate operations can pass most of these tests, and scammers can pass almost none:
- A named, verifiable human. Not a brand and a contact form — a real name you can search, with a history (talks, interviews, press, professional profiles) that predates your problem.
- A legal entity you can look up. An LLC or corporation, registered in a jurisdiction with a public registry, with a physical address. If something went wrong, could you serve them papers? Could your lawyer?
- Published pricing. A percentage stated on the site, before you ask. Vague "contact us for pricing" isn't disqualifying, but stated pricing shows they don't size the fee to the victim.
- A written contract offered before any money or material changes hands.
- Verifiable communication channels: a published PGP key, a consistent official email address, and an explicit warning about impersonators.
- Reviews on platforms they don't control — Trustpilot, press coverage from real outlets, podcast appearances — not just quotes on their own site.
- Honesty about limits. The site should tell you what they can't do. A service that never says "no" is a service that takes money for impossible jobs.
- Non-custodial process. Your recovered coins should go to an address you control, and the service should be able to explain trustless options where they exist (for some wallet formats, password cracking can be done from a hash without the full wallet).
Questions that expose a fake
Ask these in your first email and watch what happens:
- "What's your legal entity name and where is it registered?" — should get a specific, checkable answer.
- "What are the odds for my specific case, and what would make it unrecoverable?" — an honest service gives you a real range and failure modes; a scam gives you confidence.
- "Can I verify who I'm dealing with before sending wallet material?" — a real service should have a named operator, consistent public identity, and a way to verify official communications.
- "Can you sign your reply with your published PGP key?" — trivial for a legitimate service that publishes one; impossible for someone impersonating them.
- "What happens to my data after the job?" — there should already be a written answer in their terms.
The uncomfortable summary
The recovery industry has a structural problem: the people who need it are stressed, embarrassed, and in a hurry — exactly the state scammers select for. Slow down. Any service worth using will still be there tomorrow, will put its identity and terms in writing, and will charge you nothing until your crypto is back in your hands.
If you want to apply this checklist to us, start here: who we are, what we charge, our contract, our PGP key, and what our customers say. Then tell us what happened — the evaluation is free either way.
