A hacked crypto wallet can create two separate problems: loss of access to the wallet and loss of cryptocurrency already transferred out. Recovering access may be possible when the account is held by a regulated exchange, but a self-custody wallet cannot simply be “reset” after its seed phrase or private key is stolen. Even so, fast action can protect remaining assets, preserve electronic evidence, identify the receiving wallet, and sometimes freeze stolen funds when they reach an exchange, e-wallet, bank, or other regulated service.
Can a Hacked Crypto Wallet Be Recovered?
The realistic chance of recovery depends on the type of wallet, how the attacker gained access, and where the stolen assets went.
| Situation | What may still be possible |
|---|---|
| A Philippine or foreign crypto exchange account was hacked | The exchange may restore account access, cancel a pending withdrawal, restrict the receiving account, preserve login records, and cooperate with investigators. |
| A self-custody wallet’s seed phrase or private key was stolen | The compromised wallet cannot be made secure again. Remaining assets should be moved to a newly created wallet using a clean device. Stolen assets may still be traced. |
| A malicious smart-contract approval drained tokens | Unused approvals may be revoked, remaining assets transferred, and the drainer’s transactions traced. |
| The victim was tricked into signing or authorizing a transfer | The blockchain transaction may be technically valid, but the deception can still amount to fraud, social engineering, identity theft, or another criminal offense. |
| The seed phrase was lost, but no hacking occurred | Law enforcement, exchanges, and wallet developers generally cannot recreate a missing private key or seed phrase. |
A completed blockchain transfer usually cannot be reversed in the way a credit-card charge can be reversed. The practical recovery strategy is therefore to follow the funds and reach a point where a person or institution controls them—for example, a centralized exchange that can freeze an account after receiving a credible fraud report or lawful order.
Philippine Laws That May Apply to a Hacked Crypto Wallet
Cybercrime Prevention Act
The primary criminal law is the Cybercrime Prevention Act of 2012, or Republic Act No. 10175.
Depending on how the wallet was compromised, possible offenses include:
- Illegal access, when a person enters a computer system or online account without authority.
- Computer-related fraud, when computer data or a system is manipulated to cause financial loss.
- Computer-related identity theft, when identifying information is obtained, possessed, altered, or used without authority.
- Traditional crimes committed through information and communications technology, such as estafa, when the legal elements are present.
The law also provides mechanisms for preserving, disclosing, searching, and examining computer data through law-enforcement requests and court-issued cybercrime warrants. Traffic data and subscriber information generally must be preserved by service providers for at least six months from the transaction, while content data may be preserved after a lawful preservation order. This makes early reporting important: login records, IP addresses, device identifiers, and account information may not remain available indefinitely. (Lawphil)
Estafa Under the Revised Penal Code
Article 315 of the Revised Penal Code may apply when the attacker used false pretenses, phishing, impersonation, or another form of deceit to cause the victim to transfer cryptocurrency or reveal credentials.
For example, estafa may be considered where a scammer:
- Pretended to be an exchange employee and asked for a one-time password.
- Sent a fake wallet or exchange login page.
- Offered a fraudulent investment and instructed the victim to transfer USDT.
- Impersonated a relative, employer, business partner, or government officer.
- Persuaded the victim to connect a wallet to a malicious website.
The penalties under Article 315 were updated by Republic Act No. 10951, with the applicable penalty depending largely on the amount involved and the circumstances of the offense. (Lawphil)
Anti-Financial Account Scamming Act
The Anti-Financial Account Scamming Act, or Republic Act No. 12010, addresses social engineering schemes, money-mule activities, and misuse of financial accounts.
The law broadly covers financial accounts maintained with institutions supervised or regulated by the Bangko Sentral ng Pilipinas. It expressly includes bank accounts and e-wallets, and may be relevant to accounts maintained with BSP-supervised virtual asset service providers, depending on the service and transaction involved.
Important remedies under the law include:
- Temporary holding of disputed funds for up to 30 calendar days during coordinated verification.
- Investigation and information-sharing among participating financial institutions.
- BSP authority to investigate covered financial accounts.
- Possible restitution where a covered institution failed to use adequate risk-management systems or the required degree of diligence.
These remedies are especially relevant when cryptocurrency was purchased through a bank or e-wallet, transferred from a custodial account, or converted into pesos through an institution within the Philippine financial system. They do not automatically reverse a completed transfer from a self-custody wallet. (Lawphil)
BSP Rules for Virtual Asset Service Providers
Under BSP Circular No. 1108, covered virtual asset service providers are treated as money service businesses and are subject to BSP supervision. Covered activities include exchanging, transferring, safeguarding, or administering virtual assets.
Wallet-service providers covered by the circular must maintain cybersecurity controls and protect wallets and customer information against malware, cyberattacks, and other threats. A failure to follow applicable security and consumer-protection duties may become relevant when determining whether the provider bears any responsibility for the loss. (Bureau of Small and Medium Enterprises)
Because regulatory status can change, check the BSP’s current list of virtual asset service providers. The publicly available list was updated as of May 31, 2026. (Bureau of Small and Medium Enterprises)
Electronic Evidence
Wallet theft cases depend heavily on electronic records. The Electronic Commerce Act of 2000, or Republic Act No. 8792, recognizes electronic documents and electronic data messages as evidence, subject to proof of authenticity and reliability.
The Supreme Court’s Rules on Electronic Evidence govern how electronic documents, emails, text messages, system records, and similar evidence may be authenticated and presented in court. Preserving the original files and their context is therefore more useful than keeping only edited or cropped screenshots. (Lawphil)
Data Privacy Act
The Data Privacy Act of 2012, or Republic Act No. 10173, may apply when the incident resulted from a provider’s personal-data breach—for example, exposure of customer identification records, email addresses, telephone numbers, login information, or identity-verification documents.
A personal information controller must notify the National Privacy Commission and affected data subjects within 72 hours when a breach meets the legal conditions for mandatory notification. The duty belongs to the organization controlling the data, not to the victim. A person may nevertheless file a privacy complaint if a provider mishandled personal information or failed to respond properly to a breach. (National Privacy Commission)
Civil Liability and Recovery of Damages
Criminal prosecution is not the only possible remedy. Depending on the evidence, a victim may pursue civil liability under the Civil Code against:
- An identified hacker, scammer, or money mule.
- A person who received and retained assets without legal basis.
- A service provider whose proven negligence or contractual breach caused or increased the loss.
Articles 19, 20, and 21 of the Civil Code address abuse of rights and damage caused contrary to law or morals. Article 22 requires a person who acquires something at another’s expense without lawful ground to return it. Article 2176 governs damages caused by fault or negligence, commonly called a quasi-delict. Liability is not automatic; the victim must establish the defendant’s act or omission, the resulting damage, and the required legal connection between them. (Lawphil)
What to Do Immediately After Discovering the Hack
1. Secure Your Email, Mobile Number, and Devices
Use a device that you reasonably believe is clean.
Immediately:
- Change the password of the email connected to the wallet or exchange.
- Sign out all existing email and exchange sessions.
- Replace SMS-based authentication with an authenticator application or hardware security key where available.
- Revoke unknown API keys, connected applications, browser extensions, and authorized devices.
- Contact your telecommunications provider if you suspect a SIM swap.
- Scan the device for malware, remote-access software, and malicious browser extensions.
- Do not create a replacement wallet on the same device until it has been secured.
The attacker may still control the victim’s email or mobile number even after the exchange password has been changed.
2. Move Remaining Assets to a New Wallet
When a self-custody wallet’s seed phrase or private key has been exposed, assume that the entire wallet is permanently compromised.
Create a completely new wallet:
- On a clean device or properly initialized hardware wallet.
- With a new seed phrase generated by the wallet itself.
- Without importing the compromised seed phrase.
- With the new seed phrase stored offline.
Transfer remaining assets promptly. Consider network fees and whether transferring one asset could give an automated drainer time to take another.
For a malicious smart-contract approval, revoke unnecessary token approvals using the blockchain’s official explorer or a reputable approval-management tool. Revoking approvals alone does not make a wallet safe when the seed phrase or private key has been stolen.
3. Record the Evidence Before It Changes
Capture and preserve:
- The compromised wallet address.
- The receiving wallet addresses.
- Complete transaction hashes.
- Blockchain network used.
- Token name and amount.
- Date and time, preferably both Philippine time and UTC.
- Block-explorer links.
- Screenshots of the wallet and transaction history.
- Exchange withdrawal records.
- Login notifications and password-reset messages.
- Suspicious emails, text messages, websites, and social-media accounts.
- Customer-support ticket numbers.
- Bank or e-wallet funding records.
- The peso value of the assets at the approximate time of theft and the source used for the valuation.
Keep original emails, downloadable statements, exported account logs, and uncropped screenshots. Do not alter the only copy by highlighting, annotating, or renaming it repeatedly.
Never include a seed phrase, private key, complete password, PIN, or one-time password in a complaint attachment.
4. Contact the Sending and Receiving Platforms
Send an urgent report to:
- The platform from which the assets were withdrawn.
- Any exchange that appears to control the receiving address.
- Any later exchange or payment platform identified in the transaction trail.
Request that the platform:
- Restrict the suspected account.
- Preserve customer-identification and know-your-customer records.
- Preserve login IP addresses, device records, withdrawal records, and internal transfers.
- Flag the wallet addresses and transaction hashes.
- Confirm what law-enforcement process it requires before disclosing records or freezing assets.
- Provide a formal incident or ticket number.
Give exact transaction hashes and wallet addresses. A message stating only “my crypto was stolen” is often too vague for a compliance team to act on quickly.
5. Notify Any Linked Bank or E-Wallet
When the incident involved a bank transfer, debit card, e-wallet, or peso conversion, report it immediately to the institution’s fraud unit.
State that the transaction is disputed and ask whether the institution can initiate a temporary hold or coordinated verification under the Anti-Financial Account Scamming Act and its implementing rules. Speed matters because the funds may pass through several accounts within minutes.
How to File a Crypto Hacking Complaint in the Philippines
Step 1: Prepare an Incident Package
Prepare one organized folder containing:
- A chronological incident narrative.
- A copy of a valid government-issued ID or passport.
- Transaction hashes and wallet addresses.
- Screenshots and original electronic records.
- Exchange and wallet account details.
- Funding records from banks or e-wallets.
- Communications with the suspected scammer.
- Communications with the exchange or service provider.
- An estimate of the total loss in cryptocurrency and pesos.
- Names and contact information of any witnesses.
A simple timeline helps investigators understand the case:
| Time and date | Event | Supporting evidence |
|---|---|---|
| July 15, 2026, 9:10 p.m. | Victim received a supposed exchange-security email | Original email and full headers |
| July 15, 2026, 9:18 p.m. | Victim logged in through the link | Browser history and screenshot |
| July 15, 2026, 9:26 p.m. | Unauthorized withdrawal was initiated | Exchange withdrawal record |
| July 15, 2026, 9:31 p.m. | Assets reached the receiving wallet | Transaction hash and explorer record |
Step 2: File a Formal Complaint With the Platform
For a BSP-supervised institution, first use its own Financial Consumer Protection Assistance Mechanism, usually its customer-service or fraud-complaint channel.
Ask for a written final response or clear status update. Keep:
- The complaint number.
- Date and time filed.
- Copies of forms and attachments.
- Emails and chat transcripts.
- Names or identifiers of representatives.
- The institution’s findings and reason for denying or granting reimbursement.
Financial consumers generally must first raise the matter with the institution before elevating it to the BSP. (Bureau of Small and Medium Enterprises)
Step 3: Report the Incident to the NBI or PNP
A victim may report to the:
- NBI Cybercrime Division.
- NBI online complaint facility.
- Philippine National Police Anti-Cybercrime Group or the nearest Regional Anti-Cybercrime Unit.
- Local police station, which may document the incident and coordinate with a cybercrime unit.
The NBI’s published process requires the complainant to accomplish and submit a complaint form, after which the matter may be evaluated for investigation. (National Bureau of Investigation)
The complaint should identify the suspected offenses but does not need to contain perfect legal terminology. The most useful information is factual: what happened, how access was obtained, where the assets went, and what electronic evidence exists.
Step 4: Request Immediate Data Preservation
Tell the investigator when the exchange, email provider, mobile carrier, or website may possess important records.
Investigators can consider preservation requests and, when legally required, apply for the appropriate cybercrime warrant under the Supreme Court’s Rule on Cybercrime Warrants. Depending on the evidence sought, a court may authorize disclosure, interception, search, seizure, or examination of computer data.
A victim cannot personally compel an exchange to disclose another customer’s identity. Customer information is normally released through the platform’s lawful process, such as a law-enforcement request, subpoena, court order, or applicable foreign procedure.
Step 5: Escalate a Complaint to the BSP
When the issue involves a BSP-supervised bank, e-wallet, payment provider, or virtual asset service provider, an unresolved complaint may be elevated through the BSP’s Consumer Assistance Mechanism.
The BSP complaint guide instructs consumers to first complain to the financial institution. The consumer may then use the BSP Online Buddy chatbot or submit the prescribed Consumer Assistance Mechanism form with proof of the first-level complaint. (Bureau of Small and Medium Enterprises)
BSP escalation can address the institution’s handling of the complaint, regulatory duties, consumer-protection obligations, and disputed transactions. It does not give the BSP the technical ability to undo a self-custody blockchain transfer.
Step 6: Consider a National Privacy Commission Complaint
A complaint to the National Privacy Commission may be appropriate when:
- A provider disclosed or exposed personal information.
- Account takeover followed a known data breach.
- The provider failed to secure identification or authentication data.
- The provider did not properly notify affected users of a qualifying breach.
- The provider mishandled the victim’s request to access or correct personal data.
Use the NPC’s official personal data breach and complaint resources and attach evidence showing how the privacy issue contributed to the loss.
Step 7: Proceed Through the Prosecutor and Courts
After investigation, the complaint and supporting evidence may be referred to a prosecutor for preliminary investigation. The prosecutor determines whether probable cause exists to file a criminal case in court.
Republic Act No. 10175 generally gives Regional Trial Courts jurisdiction over cybercrime cases. Republic Act No. 12010 likewise places offenses under the Anti-Financial Account Scamming Act within the jurisdiction of Regional Trial Courts, including certain cases where damage occurred in the Philippines or the affected account was maintained with an institution operating in the country. (Lawphil)
Formal freezing or seizure of assets may require judicial action. In suspected money-laundering cases, the Anti-Money Laundering Council may pursue an ex parte freeze order from the Court of Appeals when the statutory requirements are met. A private complainant cannot personally command the AMLC to freeze a wallet; the complainant supplies evidence to law enforcement and the institutions handling the suspicious funds. (Lawphil)
Documents Commonly Required
| Document or evidence | Why it matters |
|---|---|
| Government-issued ID or passport | Verifies the complainant’s identity |
| Complaint affidavit | Provides a sworn, chronological account |
| Wallet addresses and transaction hashes | Allows investigators and exchanges to trace the movement of assets |
| Blockchain-explorer records | Shows transaction time, amount, network, and destination |
| Exchange account and KYC details | Connects the victim to the affected account |
| Login alerts and security emails | May reveal IP addresses, devices, or account changes |
| Full email headers and original messages | Help trace phishing or impersonation |
| Bank and e-wallet receipts | Establish the source and peso value of funds |
| Customer-support records | Shows timely reporting and the provider’s response |
| Device or SIM-swap evidence | Supports the method of unauthorized access |
| Witness affidavits | Corroborate communications or events |
| Special power of attorney, when applicable | Authorizes a representative to act for an overseas complainant |
A complaint affidavit is commonly notarized. Investigators may ask for additional affidavits, certified records, or access to the affected device after the initial assessment.
Where to Report and What Each Office Can Do
| Office or institution | Appropriate role |
|---|---|
| Sending exchange or wallet provider | Secure the account, cancel pending activity, preserve records, and investigate internal transactions |
| Receiving exchange | Restrict the suspected recipient, preserve KYC information, and respond to lawful requests |
| Linked bank or e-wallet | Dispute related transactions and initiate available holding or verification procedures |
| NBI Cybercrime Division | Investigate cybercrime, obtain evidence, coordinate with providers, and refer cases for prosecution |
| PNP Anti-Cybercrime Group | Receive cybercrime complaints, investigate suspects, and coordinate regional or international inquiries |
| Bangko Sentral ng Pilipinas | Handle escalated complaints involving BSP-supervised institutions and enforce applicable financial regulations |
| National Privacy Commission | Investigate personal-data breaches and violations of data-subject rights |
| Securities and Exchange Commission | Address fraudulent investment solicitations or securities-related offerings |
| Prosecutor’s office | Conduct preliminary investigation and determine whether criminal charges should be filed |
| Courts | Issue warrants and orders, try criminal and civil cases, and order appropriate restitution, forfeiture, or damages |
Do You Need to Go Through the Barangay?
A hacked-wallet complaint generally should not be delayed by barangay conciliation.
Under the Katarungang Pambarangay rules, offenses carrying penalties beyond the statutory barangay threshold and cases requiring urgent legal action are excluded from mandatory barangay settlement. Cybercrime cases also require specialized investigation, electronic evidence preservation, and possible coordination with exchanges outside the barangay. (Lawphil)
A barangay blotter may document that the victim reported an incident, especially when the suspect is known locally. It is not a substitute for filing a formal cybercrime complaint with the NBI, PNP, or prosecutor.
Typical Timelines and Costs
| Stage | Practical timeframe |
|---|---|
| Securing accounts and moving remaining assets | Immediately |
| Emergency report to an exchange or bank | Within minutes or hours |
| Initial provider response | Hours to several business days |
| AFASA temporary holding period, when applicable | Up to 30 calendar days |
| Preparation and filing of a cybercrime complaint | Often possible within one day when records are complete |
| Initial investigation and provider requests | Several weeks or longer |
| Cross-border identification or evidence gathering | Several months or longer |
| Preliminary investigation before a prosecutor | Commonly several months, depending on submissions and postponements |
| Court proceedings | Potentially years in contested cases |
Filing a basic complaint with the NBI, PNP, BSP, or NPC generally does not require a government complaint-filing fee. Possible expenses include:
- Notarization.
- Printing and certified copies.
- Courier or authentication costs.
- Certified translations.
- Independent blockchain analysis.
- Lawyer’s fees.
- Court filing fees for a separate civil action.
The most common bottlenecks are incomplete transaction information, slow responses from foreign exchanges, use of false identities, transfers across several blockchains, and delays in obtaining court-authorized records.
Common Mistakes That Reduce the Chance of Recovery
Waiting Too Long
Stolen assets can be divided among many wallets, exchanged for privacy-oriented assets, bridged to another blockchain, or withdrawn through an offshore platform. Report the incident while the funds are still visible and potentially reachable.
Sharing the Seed Phrase With a “Recovery Expert”
No legitimate investigator, exchange, BSP officer, NBI agent, or wallet-support employee needs the victim’s seed phrase or private key.
A person asking for it is likely attempting a second theft.
Paying Someone to “Hack Back”
Services promising to penetrate the thief’s wallet, retrieve private keys, or guarantee recovery are commonly fraudulent. Unauthorized access to another computer system may itself violate Republic Act No. 10175, even when the person claims to be recovering stolen property.
Reusing the Compromised Wallet
Changing an application password does not fix a leaked seed phrase. Any wallet restored from the compromised phrase remains under the attacker’s control.
Deleting or Editing Evidence
Do not delete suspicious messages, reinstall the device immediately, or keep only cropped screenshots. Preserve originals before cleaning the device.
Tipping Off an Identified Suspect
Publicly accusing the suspected hacker or messaging the receiving wallet’s owner may cause the funds to move. Give identifying information privately to investigators and the relevant compliance teams.
Assuming Every Loss Is a Hack
A decline in token value, failed investment, inaccessible decentralized-finance protocol, or project collapse is not automatically hacking. The correct remedy depends on whether there was unauthorized access, deception, breach of contract, securities fraud, or merely market loss.
Filipinos Abroad and Foreign Victims
Philippine remedies are not limited to Filipino citizens. A foreigner or overseas Filipino may report when there is a sufficient Philippine connection, such as:
- The victim was in the Philippines when the offense occurred.
- The damage was suffered in the Philippines.
- The affected account was maintained by an institution operating in the Philippines.
- The suspect or money mule is in the Philippines.
- A Philippine bank, e-wallet, or virtual asset service provider handled the funds.
A person abroad can begin by filing an online report and contacting the relevant provider. Investigators may later require a sworn complaint affidavit, identity verification, original records, or personal participation.
When a Philippine representative must submit documents or appear on the victim’s behalf, a special power of attorney may be required. A document executed abroad may generally be notarized before a Philippine embassy or consulate or apostilled by the competent authority of a country that is party to the Apostille Convention. Requirements should be confirmed with the receiving agency because some investigative acts still require the complainant’s personal verification. The Department of Foreign Affairs provides official Apostille guidance. (Apostille Philippines)
Documents in another language may also need an English or Filipino translation. Cross-border cases usually take longer because Philippine investigators may need voluntary cooperation, foreign law-enforcement assistance, or formal international evidence requests.
Frequently Asked Questions
Can the NBI reverse a Bitcoin, Ethereum, or USDT transaction?
No government agency can technically reverse a completed decentralized blockchain transaction merely by editing the blockchain. The NBI may trace the transfer, identify services used by the attacker, request preservation of records, and obtain legal process. Recovery becomes more realistic if the assets enter a centralized exchange or another service that can control the account.
Can the NBI identify an anonymous crypto wallet?
A wallet address alone normally does not reveal a person’s legal name. Investigators may connect the address to a person through exchange KYC records, IP logs, device information, bank transfers, email accounts, telephone numbers, witness evidence, and transaction patterns.
Can an exchange freeze the hacker’s wallet?
An exchange cannot freeze an ordinary self-custody wallet on the blockchain. It may freeze an account under its control, restrict deposits or withdrawals, flag a wallet address, and preserve assets credited to a customer account. Some stablecoin issuers also have technical freezing functions, but their use depends on the issuer’s policies and applicable legal process.
What if I personally approved the fraudulent transfer?
Approval does not necessarily eliminate criminal liability. A transfer induced through phishing, impersonation, false promises, or social engineering may still constitute estafa, computer-related fraud, identity theft, or an offense under the Anti-Financial Account Scamming Act.
The approved transaction may be difficult to reverse technically, but the deception and the recipient’s identity remain legally relevant.
What should I do if my seed phrase was stolen but the funds are still there?
Create a new wallet on a clean device and move the assets immediately. Do not merely change the wallet application’s password. The seed phrase controls the blockchain assets, and anyone possessing it may continue to access the wallet.
Will the BSP reimburse stolen cryptocurrency?
The BSP does not operate a general compensation fund for hacked crypto wallets. It can receive escalated complaints, investigate BSP-supervised institutions, and enforce consumer-protection and financial regulations.
Restitution may be possible under Republic Act No. 12010 where a covered institution failed to use adequate controls or the required degree of diligence, but reimbursement depends on the facts and is not automatic. (Lawphil)
Should I report the incident to the barangay first?
Usually no. Report directly to the exchange, affected financial institutions, and a cybercrime unit. A barangay report may be supplementary when a local suspect is known, but it does not preserve exchange records, trace blockchain transactions, or replace a formal criminal complaint.
What happens when the exchange or hacker is abroad?
Philippine investigators may ask the foreign exchange to preserve records and may coordinate through international law-enforcement or judicial-assistance channels. Cooperation varies by jurisdiction and platform. Foreign exchanges commonly require a formal request, subpoena, court order, or equivalent process before releasing customer information.
Is it worth hiring a blockchain investigator?
It may help in a high-value or technically complex case, particularly when funds were split across wallets, bridges, decentralized exchanges, or several blockchains. The investigator should produce a clear, reproducible report based on public transaction data.
A private tracing report does not replace an NBI or PNP investigation, exchange records, or court-authorized evidence. Avoid anyone who guarantees recovery or asks for the seed phrase.
How long does crypto recovery usually take?
Emergency account restrictions may occur within hours when the correct exchange is identified and the assets are still there. Identifying a suspect, obtaining foreign records, conducting preliminary investigation, and pursuing a court case may take months or years. Some cases never result in financial recovery, especially when assets remain in unhosted wallets or are routed through uncooperative services.
Key Takeaways
- Treat an exposed seed phrase or private key as permanently compromised.
- Secure the connected email, mobile number, devices, and exchange accounts immediately.
- Move remaining assets to a newly generated wallet created on a clean device.
- Preserve transaction hashes, wallet addresses, original messages, login alerts, and platform records.
- Report simultaneously to the sending platform, receiving platform, linked bank or e-wallet, and a Philippine cybercrime unit.
- Ask providers to preserve KYC, IP, device, login, withdrawal, and internal-transfer records.
- Use the BSP complaint process when a BSP-supervised institution does not resolve the complaint properly.
- Consider the National Privacy Commission when a provider’s personal-data breach contributed to the account takeover.
- A blockchain transaction may be irreversible, but the stolen assets can sometimes be frozen when they reach a regulated intermediary.
- Never share a seed phrase or private key with a supposed investigator, exchange employee, lawyer, or recovery service.