Skip to main content

This site is for educational purposes only. Nothing here constitutes financial advice.

Intermediate
~180 min total8 lessons

Scam Defense & Recovery Evidence Course

Eight operational lessons on recognising, surviving, and reporting crypto scams — including evidence preservation in the first 24 hours and the recovery-scam wave that follows.

Intermediate
Evergreen
180 min readUpdated 2026-05-17Block Clarity Hub Editorial Team

About this course

Most courses about scams teach you what each pattern looks like. This one teaches you what to do at every point in the timeline: before contact (recognition), at the moment of contact (refusal), after a loss has happened (the irreversible first 24 hours), during reporting (which agencies actually do something), and during the recovery-scam wave that arrives within hours of any compromise becoming public. Eight lessons of about 22 minutes each, drawing on the FBI IC3 case data, Chainalysis crime reports, and post-mortems of real scam operations. No financial-recovery promises, no affiliate links, and one strict rule: if anyone offers to recover your funds for an upfront fee, that offer itself is the second scam.

What you'll be able to do

  • Map the 35 documented scam patterns to five operational adversary categories so you can predict what comes next.
  • Recognise pig-butchering's six-stage script early enough to disengage before financial exposure.
  • Understand drainer attacks from the victim's perspective: what the signature you almost approved actually does.
  • Triage the first 24 hours after a compromise — the irreversible window where most recoverable value is won or lost.
  • Preserve forensic evidence (tx hashes, screenshots, message logs) before the platforms involved silently destroy it.
  • File reports with FBI IC3, Action Fraud UK, EU agencies, and exchange compliance teams in a form that actually triggers action.
  • Recognise the recovery-scam ecosystem on first contact and refuse it before paying the second tax.

Who this is for

  • Anyone who has been targeted, contacted, or compromised by a crypto scam and wants a structured path forward.
  • Family members supporting someone who has been pig-butchered, sim-swapped, or drained — including how to talk to them about it.
  • Crypto holders who want to take their scam literacy from 'I'd recognise the obvious ones' to 'I'd refuse the subtle ones.'
  • Builders, community managers, and exchange staff who handle scam reports professionally.

Who this is NOT for

  • Anyone hoping to find a recovery service in this course — there isn't one, because legitimate recovery services don't operate by upfront payment.
  • People with zero crypto experience — start with the Beginner 7-Day course, especially Day 4.
  • Anyone who wants reassurance that scams 'only happen to other people' — that belief is the most common precondition for becoming a victim.

Lessons

  1. 1

    Lesson 1 — The 35 scam patterns mapped to five macro-families

    ~20 min

    Memorising 35 individual scam names is useless under pressure. Today: collapse them into five operational families so you can predict what comes next from the first contact.

  2. 2

    Lesson 2 — Pig-butchering in depth: the six-stage operational script

    ~22 min

    Pig-butchering is the single largest source of US crypto-fraud losses per FBI IC3. Today: the documented six-stage script, how to recognise stage 3 before stage 6, and how to talk to a victim.

  3. 3

    Lesson 3 — Drainer attacks from a victim's view: what the signature you almost approved actually does

    ~22 min

    Wallet drainers don't break cryptography — they get you to sign something that authorises a transfer. Today: the mechanics, the signature types, and the moment to refuse.

  4. 4

    Lesson 4 — Impersonation, fake support, and social engineering at scale

    ~22 min

    Most large losses don't come from clever technical attacks — they come from someone convincing the victim to do the technical part themselves. Today: how impersonation scales.

  5. 5

    Lesson 5 — The first 24 hours: the irreversible window

    ~22 min

    After a compromise, most recoverable value is won or lost in the first day. Today: the triage order, what to stop, what to preserve, what to delay.

  6. 6

    Lesson 6 — Evidence preservation: what to capture before it decays

    ~22 min

    Phishing sites get taken down. Discord conversations get deleted. Mixers obscure attacker wallets. The first day is when evidence is recoverable; the second day is when most of it isn't.

  7. 7

    Lesson 7 — Reporting that goes somewhere: IC3, Action Fraud, EU agencies, and exchange compliance

    ~22 min

    Most reports are filed badly and ignored. Today: how to file the report that actually triggers compliance freezes, joins pattern databases, and supports later prosecutions.

  8. 8

    Lesson 8 — The recovery-scam wave: the second tax

    ~22 min

    Within hours of any compromise, victims are contacted by 'recovery specialists' offering to retrieve funds for upfront fees. None of these are real. Today: the script, the variants, the absolute rule.

Final quiz

When you've worked through every lesson, pass the final quiz to mark the course complete. You can retry any number of times.

Loading final quiz…

Educational only.

Nothing in this course constitutes financial, investment, tax, or legal advice. Cryptocurrency carries significant risk, including total loss. Always consult qualified professionals for advice specific to your situation. We earn nothing from any project, exchange, or tool mentioned anywhere on this site.