$5 Million Recovered in Collaboration with the U.S. Department of the Treasury
A High-Stakes Recovery Operation
We received a confidential tip through our internal communication channels about a potential theft involving millions in crypto assets. According to preliminary information, the funds had been stolen in a targeted attack, although the exact method used by the attackers remains undisclosed.
Immediately, our AML team adjusted real-time monitoring parameters, tightening detection rules to flag any suspicious movements tied to the stolen assets. Not long after, multiple exchange attempts were made by the perpetrators using ChangeNOW’s services.
With the help of our automated anti-money laundering system, the transactions were promptly flagged and paused for manual review.
Confirmed Suspicion, Coordinated Action
After a thorough internal investigation, our security team confirmed that this was not a false positive. The funds were indeed connected to a fraud case.
We promptly escalated the case to the relevant U.S. authorities, in particular the Department of the Treasury, which was already handling an active investigation related to the incident.
Their response was swift: they confirmed the link between the frozen assets and their ongoing case, and formally requested that the funds be seized and returned to the victim.
Following all necessary legal and compliance procedures, the funds – nearly $5 million – were successfully redirected back to their rightful owner.
What could have been a total loss was turned into a recovery success story through rapid detection, close cooperation, and a shared commitment to doing what’s right.
Why Fast Detection Still Makes All the Difference
Crypto moves fast — so do scammers. In many cases, stolen assets are laundered within hours across multiple wallets, mixers, and privacy chains. That’s why timing is everything.
In this case, ChangeNOW’s proactive detection tools and tight coordination with U.S. authorities made recovery possible. Without that rapid response, the trail could’ve gone cold in minutes.
Staying Safe in a World of Targeted Attacks
Targeted attacks in the crypto space often rely on social engineering rather than technical exploits. In most cases, scammers use well-known and highly effective tactics such as:
- Phishing emails disguised as official requests
- Fake investment offers or giveaways
- Compromised apps or browser extensions
- Social engineering via impersonated support agents
- Private key extraction through manipulated transactions
Here’s how you can protect yourself:
- Never share your seed phrase or private keys
- Double-check URLs before entering wallet credentials
- Use hardware wallets for storing large sums
- Verify support contacts through official sites
- Be skeptical of urgent messages pushing you to act fast
Our Pledge to the Community
This case is another reminder of how responsible crypto platforms can and should act as a first line of defense. At ChangeNOW:
- We do not profit from frozen or recovered funds.
- We act fast when legitimate threats emerge.
- We work closely with law enforcement to help return stolen assets.
- We invest constantly in better tooling and team training to spot evolving threats.
Final Thoughts
The decentralized nature of crypto gives us freedom — but also makes us targets. As long as scammers try to exploit trust, we’ll continue building the systems, partnerships, and protocols needed to defend it.
If you’ve been affected by a crypto scam, don’t stay silent. Contact us directly at compliance@changenow.io. We’re here to help.
