Who we are & how we help
Refunds Direct is a multidisciplinary team focused on one thing: turning chaos into a clear plan after a scam. We combine legal strategy, cyber investigation, and case operations to help you document what happened, report it effectively, and pursue refunds where possible—without hype or false promises.
Our mission
Equip victims with rigorous evidence and clear routes to accountability. We believe strong documentation and timely reporting lead to better outcomes with banks, platforms, and investigators.
What we do
- Crypto tracing & OSINT: map wallet flows, services touched, and key counterparties.
- Dispute support: assemble evidence packs and draft notes for banks/platforms.
- Takedown help: policy‑based requests to registrars/hosts for impersonation & phishing.
- Due diligence: “is it legit?” checks before funds move.
What we don’t do
- No unauthorized access. Our ethical hackers don’t “hack back”.
- No guarantees. Outcomes depend on platforms and authorities.
How we work
Intake
We collect key facts: platforms, addresses, amounts, dates, and communications.
Investigation
We map wallet flows, cross‑reference open sources, and extract useful signals.
Synthesis
We turn raw data into a clear timeline, exhibits, and a concise case brief.
Action plan
We prepare dispute notes, reporting routes, and follow‑up cadence tailored to your case.
Investigation methods
- Blockchain analytics: follow funds across chains and service clusters.
- OSINT: domains, hosting patterns, reused identities, and infrastructure clues.
- Forensic capture: screenshots with URLs/timestamps; logs and headers when available.
Documentation & evidence
- Case timeline: one‑to‑two pages with exhibit references.
- Exhibits: statements, tx IDs, chat logs, and platform screenshots.
- Briefs: tailored summaries for banks, platforms, and takedown desks.
Legal & compliance
- Partner attorneys: referrals where licensed for jurisdiction‑specific advice.
- Policy alignment: submissions framed to the recipient’s rules and terms.
- Privacy & safety: redaction guidance and secure artifact handling.
What our ethical hackers do (and don’t do)
They do
- Open‑source intelligence (OSINT) to enrich leads.
- Blockchain tracing to map flows and service touchpoints.
- Forensic collection of public artifacts to support reports and disputes.
They don’t
- Break into systems or accounts (“hack back”).
- Purchase or trade stolen data.
- Make promises about recovery outcomes.
Anonymous case snapshots
Wallet flow to exchange
We mapped transfers from a victim wallet into a service cluster and prepared an evidence pack that supported account review and additional platform actions.
Blocked withdrawals
Our team documented withdrawal attempts, “unlock fee” demands, and misrepresentations—material used in the bank dispute review.
Impersonation takedown
We captured evidence and submitted policy‑based requests to the registrar/host, resulting in removal of a clone site.
Leadership & practice leads
OSINT & blockchain analytics lead; former incident response analyst.
Focus on dispute framing and policy alignment; coordinates with partner attorneys.
Evidence packs, timelines, and submission tracking across platforms.
Ethical hacking, DFIR‑style capture, and threat assessments.
Intake triage and communication cadence throughout the case.
Automation and internal tools that speed up tracing and reporting.
Frequently asked questions
Do you guarantee recovery?
No. We provide investigation, documentation, and guidance. Even though decisions are made by banks, platforms, and authorities, our team has a 96% success rate because of the due deligence we do with every case.
Are you a law firm?
No. We are not a law firm. Legal services, if needed, are delivered by independent partner attorneys where licensed.
How fast do you reply?
We aim to acknowledge free case reviews within 48 hours and will let you know if more time is required.
Will you ever ask for crypto?
Never. We do not request cryptocurrency payments.
Talk to our team
Tell us what happened—we’ll help you take the next right step.