Frequently Asked Questions

Frequently asked questions for:

Incident Response cases where there’s a financial loss (e.g. hack, theft, fraud, or scam):

Can you help me with (scam or hack?)

Please email with a paragraph or two summarizing what happened, focusing on the facts (not theory, not your own investigation, etc.) and, most importantly, include the blockchain transactions. Make sure the transaction data is in a copy and pasteable format (ideally plaintext or otherwise a csv file) — we can’t copy and paste data from screenshots. — without the transaction(s), we can’t do a preliminary analysis, can’t advise if it’s a viable case for us to engage on, and can’t provide a retainer estimate.

What is the minimum case threshold?

Typically 100k USD. Valuation is done at time of loss — so if, for example, it’s a 25 ETH scam from 2019, odds are, it’s not going to be something we’ll take. There are certain types of cases we won’t take on unless the loss is higher (e.g. DeFi Rugpulls). It’s very rare for us to be willing to take on a case lower than 100k USD, but there are some situations where it could be viable for losses $50K+; contact us and we will let you know either way.

Can you recover my funds? What are the odds of recovering funds in my situation?

CipherBlade is an investigative agency, not a recovery agency. We investigate and produce intelligence. Typically, this information is then passed to law enforcement in your jurisdiction. This may or may not lead to recovery with the help of law enforcement (partial recovery is much more common than full recovery). Ultimately there are no guarantees. We assess each case that meets our criteria (including the minimum loss threshold) individually, and offer an (honest) opinion of whether or not it may be worth pursuing and/or engaging us. In some cases, we will still advise against pursuing or decline to engage even if the minimum loss threshold is met if we don’t feel it’s in the best interest of a prospective client to hire us.

Do you charge upfront, or will you work for [contingency percent offered] only?

We have more people willing to pay us upfront than we can service; it would not make business sense to take any case on a contingency-only basis. We already factor a modest contingency into our pricing. We will not work a case on contingency-only, even if offered 75% (and we’ve gotten such offers).

Can we “jump on a call” to discuss?

As a general policy, we avoid doing pre-engagement calls. They would simply result in us saying “please email us the txids” and be a waste of both side’s time, as such calls are generally not helpful. Additionally, we are a small team and get a lot of inquiries, and simply don’t have the resources to get on a call with everyone who requests one. We do offer paid consultations if a call is strongly desired; feel free to email us and request this.

A bunch of people I know got scammed as part of a large scam / rug pull / hack. Can you help?

We take clients on an individual or company basis — as in, we don’t do group or “pool” cases with a bunch of other purported victims you met on Telegram. If somebody -individually- lost $100K+, it may be a good mutual fit.

How do I set myself up to not need your investigation services?

Glad you asked, because most don’t. Here is how to make yourself nearly hack-proof in under half a day: — as for being fraud-proof, that’s on you, but the best advice we can give is don’t send crypto to people/services you haven’t met, and if something sounds too good to be true, it almost certainly is. There’s plenty of more useful information you’ll find on our blog .

You told me that my particular incident was too small for CipherBlade to take. Are there any other options?

Short answer: no. File a law enforcement report and chalk the loss to a lesson in fraud awareness/cybersecurity, and focus your energy/time there: not recovery. There are under one handful of firms that legitimately perform this work. None of them are cheap. If we told you the case is too small for us, it’s probably too small for them. If a company tells you otherwise, they’re probably not a company that can perform this work effectively — and are, in fact, very likely to be outright scammers. Despite providing this warning/free advice, people sometimes will not heed it and get scammed by fake “recovery” companies. Somebody asking you to send funds to a wallet to “unlock” your “recovered funds”, or that doesn’t have immense public-facing information (Google CipherBlade, Richard Sanders or Paul Sibenik — if you can’t find at least that much information on the “recovery company”, assume scam) is not a “recovery company”, and is almost certainly a “419 scammer.” We understand that losing funds can be a heartbreaking experience. But in many cases, the best way forward is to focus your efforts on security and fraud prevention going forward so as to avoid a repeat of this incident – we have resources on our blog that can help you with this. This might not be what you want to hear, but it is what you need to hear.

A wallet of mine has been compromised and currently has funds that are 'locked' due to unstaking periods or vesting periods. I'm concerned the hacker may withdraw the funds from the wallet as soon as they become available to be transferred, and additionally may be concerned about the hacker using a 'flashbot' that would be able to access the funds faster than I could

Depending on the amounts staked/locked, this is something we may be able to help out. CipherBlade does sometimes employ automated solutions or ‘bots’ as well in some cases, which have historically been able to out-compete other bots.

I have an issue with [insert exchange here]. Can you help?

Unless the exchange misappropriated funds/is insolvent/something else we can verify as mismanagement or illicit activity, no. Exchanges are all extremely busy. Exchange support will take time to respond to you. We are not exchange support. While we do work closely with exchanges in the investigative process, we do not leverage those contacts to “fast forward” routine customer service inquiries.

Someone allegedly from CipherBlade has reached out to me saying they can help me or saying they've recovered or frozen some crypto for me. Is this legit?

No, it isn’t. We don’t do cold outreach. And we certainly don’t contact random people and tell them we’ve recovered crypto for them. You’re almost certainly speaking to an impersonation scammer. Unless you’ve placed an inquiry with us first to a email address (e.g. or the contact form on our real website, it’s not us. Additionally, CipherBlade only has one website, – if you received an email coming from a different website purporting to be CipherBlade, it’s fraudulent. Also, we do not use free/generic email addresses, so if you see an email address like ‘’ it’s another scammer. We don’t use Whatsapp for corresponding with prospective clients (impersonation scammers do however). While CipherBlade staff do use Telegram, you should excercise caution and independently confirm the legitimacy of any Telegram handle of CB personnel via an email from the domain. Again, we don’t do cold outreach on Telegram either, and there are no shortage of impersonation scammers on Telegram.

Frequently asked questions for:

All other matters (e.g. expert witness services or reports, security consulting, compliance consulting, source of funds analysis, audits, divorce, & bankruptcy cases):

I represent a law firm and we are looking for an expert to assist us with [matter pertaining to cryptocurrency here]. Is this something you can help with?

Very likely, yes. We’ve seen and experienced just about everything at this point. But please email us at with more details about the nature of the matter and we can go from there.

I'm looking for expert witness services in litigation or pending litigation that is being undertaken. Do you offer such services?

Yes. Please contact us with more details and will offer you some thoughts and we can proceed from there.

I'm looking for assistance either for my company, or for myself personally related to security, and in particular the storage and cryptocurrency management practices that I/we employ. Do you offer security audits or assessments that can help with this?

Yes. And it’s good you’re taking a proactive approach in this regard. Too many companies simply don’t care about security, or think they’re already very secure and believe they are already “employing the best security practices” when the reality couldn’t be farther from the truth.

I'm going through a divorce and have reason to believe my spouse is hiding or not properly disclosing cryptocurrency holdings. Can you help?

Possibly, yes. Please contact us and send us some more details about the situation.

I'm looking for a source of funds analysis for [insert reason here]. Can you help with this?

Yes. Please contact us for details about the nature of the matter and which such an analysis is being requested, and we’ll advise whether or not it’s something that would be advisable for us to assist with.

I represent a cryptocurrency business and am looking for an external opinion and/or assistance with developing or improving our compliance policies and procedures. Is this something you can assist with?

Yes, we regularly assist in such matters. Feel free to contact us with more details.

Can we have a call?

We generally avoid pre-engagement calls unless we believe the situation calls for it. Please provide some details about the nature of the situation so we have some context at least, and we can go from there.

Send Secure Message To Us

    Please review our Frequently Asked Questions prior to submission.

    Our typical response time is 24 hours or faster during working hours.

    We treat all provided information as strictly confidential.

    Verify that you are speaking to CipherBlade by checking to make sure emails are signed by which is the only legitimate CipherBlade website.


    CipherBlade LLC
    301 Grant Street, Suite 270
    Pittsburgh, PA 15219