How to Report a Crypto Scam

Reporting a crypto scam is one of the most important steps a victim can take, and one of the most consistently skipped. Many people who are scammed feel shame, assume nothing will come of a report, or simply don’t know where to go. All three responses are understandable. None of them serve your interests or the interests of the next person who would have been targeted by the same operation.

Reporting matters for several concrete reasons. It creates an official record that contributes to enforcement investigations. It helps regulators identify active scam operations and issue public warnings. It is a necessary precondition for any official recovery action. And in some cases, particularly where funds have passed through a regulated exchange and the report is made quickly, it can directly contribute to freezing assets before they disappear.

This resource covers every reporting avenue available to Australian crypto scam victims, what information each requires, and how to approach the process systematically.

Before You Report: Gather Your Documentation

Every reporting channel will ask for details of the scam. Having this information assembled before you begin makes the process faster, more complete, and more useful to the agencies receiving your report.

As covered in our recovering from a crypto scam resource, the documentation you need includes: the date and time the scam occurred, every communication received from the scammer including messages, emails, and social media posts, every website URL involved in the scam, every wallet address that received your funds, every transaction ID (TXID) for funds sent, the approximate AUD value of assets lost at the time of the scam, and screenshots of everything available.

Blockchain transactions are permanently and publicly recorded, and the on-chain evidence, the wallet address that received your funds and the transaction history, is irrefutable. This evidence is the foundation of any useful report. Collect it first.

Reporting to the Australian Federal Police

The Australian Federal Police (AFP) is the primary law enforcement agency for serious cybercrime in Australia, including large-scale crypto fraud. For significant losses, a direct report to the AFP is appropriate in addition to the other reporting channels covered below.

Reports to the AFP are made through the ReportCyber portal, operated by the Australian Cyber Security Centre, at cyber.gov.au/report. ReportCyber receives reports of cybercrime including online fraud, phishing attacks, and investment scams with a crypto component.

When submitting your ReportCyber report, include as much detail as possible: the full timeline of events, all communications with the scammer, all wallet addresses and transaction IDs, the total AUD value of the loss, and any information you have about the identity or location of the scammer, however partial. More detail produces more actionable intelligence for investigators.

For very significant losses, follow up the online report with a direct call to the AFP or your state police financial crimes unit to confirm your report has been received and to request a reference number. This reference number is useful for following up on the status of your report and for providing to other agencies.

Reporting to ASIC

The Australian Securities and Investments Commission (ASIC) is Australia’s corporate, markets, and financial services regulator. ASIC has jurisdiction over investment fraud including crypto investment scams, fraudulent token offerings, and unlicensed financial services operations targeting Australians.

Report to ASIC through the online form at asic.gov.au/report-misconduct. ASIC uses reports from the public to identify emerging scam operations, investigate unlicensed activity, and issue public warnings through its MoneySmart platform and media releases.

ASIC maintains a public register of companies and websites it has taken action against or issued warnings about. Reporting a scam to ASIC contributes directly to this register, which protects future potential victims. If the scam operation is actively targeting Australians, an ASIC report increases the likelihood that a public warning will be issued.

Include in your ASIC report: the name of the scam entity, every website URL used, any company names or individual names involved, all communications received, and the full details of the financial loss. If the scam impersonated a legitimate financial services business or used an Australian Business Number, include those details.

Reporting to Scamwatch

Scamwatch is operated by the Australian Competition and Consumer Commission (ACCC) and is the national hub for scam reports from Australian consumers and businesses. It is available at scamwatch.gov.au.

Scamwatch collects data on scam types, distribution channels, and financial losses across Australia. This data is used to produce national scam intelligence, identify emerging scam trends, and issue public warnings. The ACCC publishes an annual Scamwatch report that tracks the scale and nature of scam losses nationally, and crypto investment scams have featured prominently in recent years.

Your Scamwatch report contributes to this intelligence picture even if it doesn’t directly result in your individual case being investigated. The aggregate data from Scamwatch reports shapes regulatory priorities and public awareness campaigns that protect future potential victims.

Scamwatch reports are straightforward to submit. Select the scam category that best matches your experience, provide all relevant details, and submit. You’ll receive a confirmation and a reference number.

Reporting to AUSTRAC

AUSTRAC is Australia’s financial intelligence agency and the regulator of digital currency exchange providers under the Anti-Money Laundering and Counter-Terrorism Financing Act. As covered in our AUSTRAC and your privacy resource, all legitimate Australian crypto exchanges are required to be registered with AUSTRAC.

If the scam involved a platform operating as an unlicensed crypto exchange or financial service, or if a registered exchange was used to facilitate the scam, reporting to AUSTRAC at austrac.gov.au is appropriate. AUSTRAC uses intelligence from public reports alongside its own surveillance to identify suspicious activity, investigate compliance breaches, and refer matters to law enforcement where warranted.

For scams where the perpetrator used a registered Australian exchange, an AUSTRAC report combined with a direct report to the exchange itself provides the strongest basis for any potential freezing of associated funds.

Reporting to the Relevant Exchange

If your funds passed through or are currently held at a centralised exchange on their way to the scammer, reporting directly to that exchange’s compliance or security team is one of the most time-sensitive steps you can take.

Regulated exchanges have compliance obligations that include responding to reports of fraud involving their platform. When a scam-related wallet address is reported, exchanges can flag that address in their systems, freeze associated funds before they are withdrawn, and in some cases provide transaction information to law enforcement under a court order or formal request.

The window for this to be effective is short. Experienced scammers move funds quickly through multiple wallets and exchanges to obscure the trail and convert assets to fiat or other cryptocurrencies before reports can be acted on. Reporting to the exchange within hours of the scam, rather than days, maximises the chance that any associated funds are still accessible.

Contact the exchange through its official security or compliance reporting channels, not through standard customer support. Most major exchanges including Binance, Coinbase, Kraken, CoinSpot, Swyftx, Independent Reserve, and BTC Markets have dedicated fraud and security reporting processes. Provide the full wallet address, all relevant transaction IDs, and the complete details of the scam.

Reporting to Your Bank

If any part of the scam involved a bank transfer, whether to a crypto exchange that was subsequently used in the scam, to a fraudulent investment platform, or directly to a scammer’s account, report it to your bank immediately through their fraud team.

Australian banks are required to have fraud response processes and in some cases can attempt to recall recent transfers before they are processed or withdrawn. The success rate of bank recalls decreases rapidly with time, making immediate reporting essential.

When contacting your bank, ask specifically to speak with their fraud team rather than standard customer service. Provide the date, amount, and destination of the transfer, and explain clearly that it was sent as a result of a scam. Request a fraud report reference number and ask what the bank’s process is for investigating and potentially recovering the funds.

If the bank transfer went to an account at a different Australian bank, your bank can contact that bank’s fraud team directly under the Australian Banking Association’s Scam-Safe Accord, which commits member banks to cooperate on scam-related fund recovery where possible.

Reporting the Scam Platform or Website

Reporting fake websites and scam platforms to the relevant hosting and domain providers removes them from the internet faster, preventing further victims.

Google Safe Browsing. Report fake websites at safebrowsing.google.com/safebrowsing/report_phish. Google uses these reports to flag phishing and malware sites in Chrome and other browsers.

Domain registrar. Most domain registrars have an abuse reporting mechanism. Look up the domain registration details at whois.domaintools.com or a similar WHOIS lookup service to identify the registrar, then find their abuse reporting contact. Many registrars will suspend domains used for fraud when provided with clear evidence.

Web hosting provider. If you can identify the hosting provider for the scam website, that provider’s abuse team can be contacted directly. Hosting providers routinely suspend accounts used for fraud and phishing.

Social media platforms. If the scam was conducted through or promoted by accounts on social media platforms, report those accounts directly through the platform’s reporting tools. Twitter, Instagram, Facebook, TikTok, and YouTube all have reporting mechanisms for fraud and impersonation. Multiple reports from different users typically accelerates the review and removal process.

Reporting Fake Apps and Extensions

If the scam involved a fake wallet app or browser extension, reporting it to the relevant app store or extension marketplace is important for protecting future users.

Report fake apps on Google Play through the “Flag as inappropriate” option on the app’s listing, selecting “Fraud” as the reason. On the Apple App Store, use the “Report a Problem” option. Include the name of the legitimate app being impersonated and a clear explanation of why the listed app is fraudulent.

Report fake browser extensions on the Chrome Web Store through the “Report abuse” option on the extension’s listing. On Firefox Add-ons, use the “Report this add-on for abuse” option.

Include as much specific detail as possible in these reports: the exact name of the fake app or extension, the legitimate app it impersonates, and a clear description of the fraudulent activity. App store teams process higher volumes of reports more quickly when the reports are specific and well-documented.

What Happens After You Report

Understanding what to realistically expect after reporting helps manage expectations and informs how you engage with the process.

Most individual scam reports do not result in direct fund recovery for the reporting victim. The investigative and enforcement process, when it proceeds, typically operates at a scale that targets large scam operations rather than individual incidents. However, individual reports aggregate into intelligence that drives that enforcement action, and a scam operation that generates hundreds of consistent reports is significantly more likely to attract law enforcement attention than one that generates none.

In some cases, particularly where significant funds have passed through a regulated Australian exchange and the report is made quickly, partial fund recovery through exchange freezing is possible. This is not guaranteed and becomes less likely with each hour that passes after the scam.

For significant losses where a scammer is identifiable, consulting a solicitor about civil recovery options is worth doing. Some Australian law firms specialise in financial fraud recovery and operate on a no-win no-fee basis for cases with sufficient evidence and recoverable assets.

Stay alert to follow-up contact from anyone claiming to be a law enforcement officer, investigator, or recovery specialist who has seen your report and can help recover your funds for a fee. This is a secondary scam targeting reporting victims specifically. As covered in our recovering from a crypto scam resource, no legitimate recovery service contacts victims unsolicited and requests upfront payment.

Keeping Records of Your Reports

Keep a complete record of every report you submit: the agency or platform, the date submitted, the reference number provided, and any responses received. This record is useful for following up on reports, for providing consistent information across multiple agencies, and for your tax accountant, as documented scam losses have specific capital gains tax treatment under Australian law.

As covered in our how to report crypto losses for tax purposes in Australia and cryptocurrency tax Australia resources, a scam loss that is properly documented and reported is treated differently by the ATO than an undocumented loss. Report reference numbers from ASIC, Scamwatch, and the AFP support the documentation of the loss event for tax purposes.

Key Takeaways

Reporting a crypto scam in Australia involves multiple channels: the AFP via ReportCyber, ASIC, Scamwatch, AUSTRAC, the relevant exchange, your bank, fake website hosts and domain registrars, and app stores or extension marketplaces where applicable. Each serves a different purpose and contributes to a different aspect of the response. Gather your documentation first, move quickly on exchange and bank reports where fund recovery may still be possible, and keep complete records of every report submitted.

Reporting a scam does not guarantee recovery. It does guarantee that your experience contributes to the intelligence that protects the next potential victim, supports enforcement action against active operations, and creates the documentation necessary for both tax treatment and any future legal action.

If you’ve been affected by a crypto scam and want support building a security framework that protects against future incidents, our Runite Tier Membership provides the education and community to rebuild with confidence. For investors who want personalised guidance and direct specialist access across all dimensions of secure crypto participation, our Black Emerald and Obsidian Tier Members receive exactly that. Find out more at shepleycapital.com/membership.