Case Studies Details

Romance Scam – Cryptocurrency Fraud Investigation

In 2025, our team was engaged by a private client who had been defrauded of approximately $100,000 USD in a sophisticated romance-investment scam.
The fraud originated from a relationship developed online with an individual posing as a professional woman. Over time, the victim was persuaded to invest through a fraudulent cryptocurrency platform (ESGLE.COM).

The fraud escalated when the fake platform displayed fictitious profits totalling $675,000 and demanded an additional $81,000 “tax” payment for release of funds.

Complexity of the Case

The matter was complex due to:

• Multi-platform deception: The fraudster used WhatsApp, Telegram, and live video calls to build credibility.
• False identities: Multiple aliases (“Camille Covey” and “Maria Key”) and claims of employment in Belfast, London, and Dubai.
• International dimensions: Involvement of domain registrars and hosting in multiple jurisdictions.
• Cryptocurrency laundering: Large volumes of funds moved through Ethereum and Tron wallets, with interaction with major exchange hot wallets (Coinbase, Bybit, Binance).
• Layered infrastructure: Use of Cloudflare, resellers and sub-registrars to obscure domain ownership.

Approach

The investigation proceeded in stages:

1. Digital Communication Analysis
   • Review of WhatsApp and Telegram communications, including phone numbers, aliases, and call metadata.
2. Domain Intelligence
   • Identification of the ESGLE.COM domain registration, DNS configuration, and registrar/reseller chain.
3. Crypto Wallet Forensics
   • Blockchain analysis of Ethereum and Tron wallets, reconstructing all transactions and linking to exchange hot wallets.
4. Actionable Recommendations
   • Creation of a comprehensive evidence package for legal use, including a roadmap for police reporting, registrar disclosure requests, and exchange notifications.

Key Findings

• ESGLE.COM was a short-lived fraudulent platform, registered in December 2024 with domain masking through Cloudflare and resellers.
• Crypto wallets linked to the scam show significant activity:
  • Ethereum wallet: over $149,000 in inflows, interacting with Coinbase and Bybit.
  • Tron wallet: transactions with Binance hot wallets and fund consolidation into a holding wallet containing over $69,000.
• The fraudster’s contact number and handles were traced, but identity attribution is complicated by false information and international hosting.

Outcomes

The investigation provided:

• Evidence package including wallet histories, domain registration details, and communication logs suitable for law enforcement and legal recovery action.
• Action plan outlining:
  • Reporting to Action Fraud (UK) with supporting documentation.
  • Requests to domain registrars and resellers for registrant disclosure.
  • Submissions to exchanges (Coinbase, Bybit, Binance) to freeze wallets.
  • Recommendations for specialist blockchain forensic services and potential civil recovery through freezing orders or Norwich Pharmacal applications.

The findings enabled the client’s legal counsel to take targeted steps towards restitution and to support wider reporting to prevent further victims.

Key Learning

This case demonstrates how romance frauds now intersect with cross-border crypto laundering, requiring a multi-disciplinary approach combining:

• Digital intelligence
• Blockchain forensic analysis
• Legal processes for information disclosure

Early forensic investigation provided a structured basis for legal action and future asset recovery.