INVESTIGATIONS
The case file is the deliverable.
Cointiverse runs forensic investigations in service of recovery. The work is not journalism, it is not consulting, and it is not abstract. Every investigation produces a single, concrete deliverable: a chain-cartography map that compliance officers, regulators, and civil counsel can act on. The case files below are anonymized examples of what the work has produced.
We publish nothing without a recovery purpose. Where a victim has not consented to publication, the case stays in the internal forensic library — a privately-held resource that quietly informs every subsequent engagement.
Anonymized case files
Four case studies from the cartographer’s desk. Names, dates, and platform identifiers withheld; everything else is real.
The 11-day map that broke the broker network
Victim arrived on day 47 of total radio silence from the platform that had taken her retirement deposit. Three previous “recovery” firms had consumed consultation fees and disappeared. Cointiverse cartography opened on day 48: clustering revealed the broker entity was operating six receiving identities across two chains, all consolidating into a single bridge contract before exiting through a regulated exchange in a compliance-cooperative jurisdiction. Map delivered day 11. Freeze request filed day 13. Compliance hold confirmed day 22. Recovery negotiation closed day 41 of engagement. Net return: ~64% of original loss.
“What I valued was the honesty. They told me upfront only part was likely recoverable — and that’s exactly what happened.”
When the “recovery service” became the second crime scene
Victim had already been scammed once by a fake brokerage. While searching for help, she paid $28,000 in upfront fees to a “recovery service” that promised to retrieve her original loss. The recovery service was the second scam — and the wallet they used to receive fees turned out to be a verified deposit address at a tier-1 exchange. Cointiverse mapped the address in under three days, the freeze request was filed under expedited consumer-protection procedures, and the full $28,000 in fees was returned to her bank account within 19 days. The original loss remained unrecoverable, but at least the second one didn’t compound.
A drainer signature plotted across four chains
Family office contacted Cointiverse after standard incident response had yielded nothing. The signature analysis revealed the drainer in question was a known-cluster operator the cartographer had charted in three earlier case files. Cross-referencing against the case file index produced an immediate hit: the exit cluster terminated at two specific bridge contracts whose downstream exchange-deposits had been frozen in a previous engagement. Coordinated civil claim was filed in the EU, the US, and the UK simultaneously. Eight months of negotiation produced 41% of the original ETH value back to the family office. The remaining drainer signature is now part of the index, used in subsequent cases.
When the trail goes cold — and we say so
Loss event five years old. The cartographer charted the trail through three mixer hops and a now-defunct decentralized exchange. The exit cluster terminated in addresses that have been dormant for 38 months. No regulated handle, no active counterparty, no current jurisdiction with leverage. We delivered the map (which has tax-loss documentation value), refunded the engagement fee, and recommended pursuing the loss through the IRS theft-loss procedure with the case file as supporting evidence. This is what “exhausted” looks like in our triage. We tell you in week one, not week thirty.
PATTERN LIBRARY
Six patterns the desk has charted enough times to teach.
A pattern is not a single case. It is the geometry that recurs across many cases — the operational shape that, once charted, applies to the next victim who walks in with the same loss type. The library below summarizes the six patterns the cartographer’s desk currently teaches new analysts.
The pig-butchering pipeline
Long-cultivation romance or “trading mentor” approach, fake brokerage frontend with manufactured profit displays, escalating deposit pressure once initial trust is established. Almost always involves a USDT-on-Tron deposit corridor with consolidation toward a single off-ramp identity.
Recovery posture: partially recoverableRecovery-scam recursion
Victim of original fraud is then targeted by a fake “recovery service” found via search-engine ads or social-media direct messages. The recovery scam takes upfront fees, sometimes asks for additional documentation, then disappears. Cointiverse charts these aggressively because the fee-collection wallets are usually less laundered than the original.
Recovery posture: often fully recoverableFake-DeFi yield exit
Yield-farming or staking platform that operates legitimately for weeks or months to build deposits, then executes a planned exit. On-chain pattern is distinctive: smart contract source code is non-verified or borrowed, admin controls are concentrated, withdrawal pause precedes the exit by 24-72 hours.
Recovery posture: partial via custodian-side analysisWallet-drainer signature trails
Malicious approval signed via phishing or fake airdrop, drains assets to a clustered set of wallets operated by a known drainer-as-a-service operator. Signatures repeat across many victims; one identification benefits subsequent cases.
Recovery posture: variable; clustered investigations strongestExchange-insolvency reconstruction
Not all losses are crimes — some are insolvencies. The cartographer reconstructs the on-chain history of platform deposits to substantiate consumer-protection claims under EU/UK/US bankruptcy and regulatory-restitution procedures.
Recovery posture: tracked through formal insolvencyRomance-crypto convergence
Distinct from pure pig-butchering: a relationship-based scam where the perpetrator establishes emotional connection over months before introducing crypto. Cartography focuses on the convergence point where emotional manipulation meets the actual fund-flow architecture.
Recovery posture: partially recoverable, depends on platformAn investigation is not a story. It is a map you can hand a compliance officer on Tuesday morning and have them act on by Thursday.
— from the Cointiverse cartographer’s manual
The forensic stack
What sits behind the map is a stack of data sources, attribution systems, and procedural channels. The stack matters because the speed of recovery depends almost entirely on how fast a forensic team can move from “we see the trail” to “the right party has the evidence.”
Full-node access
Direct chain-level access for Bitcoin, Ethereum, Tron, BSC, Polygon, Solana, Arbitrum, and major Layer-2s. We read the chain ourselves rather than rely exclusively on third-party indexers.
Cluster classification
Multi-source attribution data fused into a single classification matrix — exchange clusters, mixer outputs, sanctioned addresses, and entity-of-interest groupings.
Mixer + bridge detection
Pattern recognition for mixer-output addresses and cross-chain bridge transfers, including timing analysis on coinjoin participations and bridge-contract-to-deposit-address chains.
KYC unmasking channels
Compliant subpoena and court-order pathways to unmask exchange-deposit identities. We do not crack KYC; we work the established legal procedures fast and well.
Internal case-file index
Every closed case enters our anonymized forensic library. Pattern recognition across cases is where individual victim recoveries become collective-recovery infrastructure.
Cross-jurisdictional network
Working relationships with co-counsel and forensic-accounting partners in 14 jurisdictions. Recovery is rarely a single-jurisdiction action; the network turns multi-step actions into days, not months.
Where we can investigate
A jurisdiction is not a country — it is a regulatory and procedural environment. The same on-chain evidence has different outcomes in different jurisdictions. We tier our reach honestly so victims understand recovery posture before engagement.
United States · United Kingdom · European Union · Canada · Australia · Singapore
Compliance-cooperative jurisdictions where exchange freeze requests, regulator filings, and civil claims have established procedural pathways. Most successful recoveries originate here.
UAE · Hong Kong · Japan · Switzerland · Israel · Brazil · Mexico
Recovery is achievable through formal civil-procedure routes — longer timeline, often requires local co-counsel coordination, but on-chain evidence translates well into local procedural standards.
Off-shore opaque jurisdictions, sanctioned regions, jurisdictions without crypto regulatory framework
The trail can still be charted — the map has evidentiary and tax-loss value — but practical fund recovery is exhausted. We say so plainly in triage so victims do not pay engagement fees on cases without recovery posture.
What an investigation cannot do
Honest limitations are how a forensic firm earns trust. Below are four things Cointiverse will never claim to do, regardless of marketing pressure or victim hope.
We cannot break encryption
We do not recover lost seed phrases, brute-force private keys, or “decrypt” stolen funds. Anyone offering that is misrepresenting how cryptocurrency works.
We cannot force action by uncooperative jurisdictions
The map is produced regardless of jurisdiction. Recovery, however, depends on which jurisdictions the funds end up in. Some jurisdictions will not act, and we say so plainly.
We cannot guarantee outcomes
No firm can. Cryptocurrency recovery depends on factors outside any forensic firm’s control — exchanges, regulators, courts, adverse parties. Cointiverse commits to method, not outcome.
We cannot work without on-chain evidence
If you have no transaction hashes, no receiving addresses, no documented platform interaction — the chain has nothing to read. We need at least the basic forensic substrate to begin.
How an investigation begins
Every investigation begins with intake. Within 24 hours of submission, a senior cartographer reviews your case under NDA and triages it as chartable, partially chartable, or exhausted. There is no fee for the initial review. Engagement fees apply only when the trail produces actionable handles.
If you have evidence, we have a methodology. If you have a question, the consultation costs nothing. If you have a case ready to open, the form below routes directly to the cartographer queue.
START A CASE FILE