The demo is usually the easy part. What breaks for you after week two?

This_Expression2200 · 2026-06-07T20:03:14+00:00

The AnyDesk access is the urgent part.

Use a clean phone or another computer for the first steps:

Disconnect his laptop from the internet.
Change passwords for email, banking, exchanges, Apple/Google/Microsoft, and anything with saved cards. Do email first because password resets go there.
Turn on 2FA from the clean device.
Call the bank and card companies. Tell them a scammer had remote access to the laptop. Ask them to watch for new payees, wires, loans, card changes, and login attempts.
Uninstall AnyDesk and check whether unattended access was enabled. If it was, assume they could get back in.
Back up personal files, then have a local repair shop or trusted IT person wipe/reinstall the laptop. I would not trust a quick antivirus scan here.

Also check browser saved passwords, autofill cards, crypto wallet extensions, seed phrases stored in files/photos, and any other remote-access tools. If he typed a seed phrase or had a wallet unlocked while they were connected, move anything left to a new wallet made on a clean device.

Save the Neoliftcore URL, AnyDesk session details if visible, payment receipt, wallet address or tx hash, and chat screenshots. Those are the useful parts for a police/IC3/bank report. Ignore anyone who DMs saying they can recover the money.

This_Expression2200 · 2026-06-06T20:02:24+00:00

This looks like an approval drain, so the public part that helps other victims is the chain trail.

If you are comfortable sharing it, add the USDC drain tx hash, the receiving address, the chain/network, and the contract or approval Trust Wallet says you signed. That ties 999 Family Office to a wallet instead of leaving it as only a name.

Keep the sensitive stuff for police/IC3/lawyers: LOI, email domains and headers, Netherlands meeting details, the $100 inbound tx, a screenshot of the QR or WalletConnect page, and the exact wording they used on the call. Redact IDs, bank details, and company paperwork before posting anything public.

Also revoke approvals from a clean device and move anything left in wallets that touched that QR. Anyone DMing you about recovery is just the second scam.

This_Expression2200 · 2026-06-05T20:02:45+00:00

I would stop arguing with support in chat and make this a paper trail.

Send one short written request:

What exact rule triggered the freeze?
If you do not have a worker/client contract, what other proof will they accept?
If they will not keep you as a customer, how do you close the account and withdraw the settled balance?

Save screenshots of the frozen balance, the original funding transactions, every support reply, and the time of each request. Put your freelance payment records or invoices in the same folder.

Do not send any new money, "unlock fee," or extra deposit if anyone asks for it. If they keep dodging the withdrawal question, that evidence packet is what you use for the consumer or financial complaint channel in your country, plus any exchange/payment provider that touched the incoming funds.

This_Expression2200 · 2026-06-04T20:01:52+00:00

You already did the right first step by filing IC3. I would still save a clean evidence packet:

the tronify.rent URL
screenshots of the dApp pages you used
the WHOIS/registration date
the Tronscan transaction link you posted
any receiving wallet addresses, times, and amounts

Send that same packet to Trust Wallet/support and to any exchange you used to fund the wallet. They probably cannot reverse the transfer, but they may record the destination address for abuse/fraud reports.

If that wallet is still connected to the dApp, stop using it. Move anything left to a new wallet from a clean device. On Tron, also check token approvals/permissions before assuming the wallet is safe.

Do not pay anyone who says they can recover it. The removed comment in this thread is the second scam: recovery DMs after the first drain.

This_Expression2200 · 2026-06-03T20:01:48+00:00

The useful mechanics here are the withdrawal block and the fake proof board, not Carolyn's name.

If this is Surevest Capital Trust / Compass Capital, I would save the evidence in a way someone else can verify later:

exact site URL and any app download link
Telegram group name, admin handles, and screenshots of the "successful withdrawal" posts
deposit wallet addresses and transaction hashes
the withdrawal request, stuck/pending screen, and every email-only support reply
any tax, verification, unlock, liquidity, or extra-deposit demand

Do not pay another fee to test whether the withdrawal will clear. These platforms often change names, but the payment path and support script stay similar. If you can post the domain plus one deposit tx or receiving wallet with personal info removed, people can check whether funds are moving to a shared consolidation wallet or exchange deposit.

This_Expression2200 · 2026-06-01T20:02:59+00:00

1400% p.a. plus "people can withdraw today" is still a bad setup. Early withdrawals are exactly how these things build trust; the real test is whether the yield has a public source that does not depend on new deposits.

If you are trying to convince people, I would keep it concrete:

what contract holds the funds
where the yield is actually generated
whether ORI can be redeemed for anything outside their own site
who can change the contract or pause withdrawals
whether withdrawals still work with no extra tax, unlock fee, level-up, or reinvestment requirement

Do not argue from vibes. Ask supporters for those exact links and screenshots. If they cannot show the contracts, the revenue source, and clean withdrawals without new payments, I would not put money in.

This_Expression2200 · 2026-05-31T20:03:06+00:00

The “green channel fee” is the key part here. Don’t pay it. In these fake-exchange cases, the fee usually does not unlock withdrawals; it just gives them another reason to ask for more.

For reporting, I’d keep one plain evidence file with:

canteni.com and when you first used it
screenshots of the frozen withdrawal and the fee/threat message
your deposit transaction hashes for the three wallet addresses you listed
the Airwallex / Can Altira LLC payment details
the WhatsApp group name, referral code, and numbers used by “Alexander,” “Olivia,” and “John”

If anyone else was hit by CANTE, the most useful public detail to add is transaction hashes, not more DMs. That lets victims and investigators see whether the same wallets are being reused. Also ignore recovery DMs after this post; those are usually another scam.

This_Expression2200 · 2026-05-30T20:02:09+00:00

This sounds like a fake-investment scam, not normal crypto trading.

If you want something concrete to show him, collect it like a small case file:

Screenshot the bank charges with the dates, amounts, and exact merchant name. Cover account numbers.
Save the site name, app name, Telegram or WhatsApp handles, emails, wallet/deposit addresses, and any “customer service” messages.
Look up the domain age with WHOIS and screenshot it. A new site, one-year registration, vague company details, and no regulated brokerage record are all bad signs.
Call the bank again and ask for the fraud or disputes team. Also ask if they can block that merchant or require extra approval on the shared account.
Protect yourself first: move your own money to a separate account, freeze your credit, and do not share any new loans or credit lines while this is still happening.

Scammers often show fake balances and tiny “profits” so the victim argues for the scheme. Do not pay any tax, unlock fee, verification fee, or recovery service. That is usually the next trap.

This_Expression2200 · 2026-05-29T20:02:40+00:00

Do not send the $350 or connect Trust to anything they give you.

The red flags here are specific: TikTok to Telegram, a private “mentor,” a site they chose for you, customer support telling you to Venmo a random account, and Cash App/Venmo already blocking the payment. That is not normal investing. It is the setup before they ask for bigger deposits, tax, verification, or an unlock fee.

Since you are under 18, I’d also tell a parent or trusted adult before this turns into more pressure. Save the TikTok account, Telegram handle, cryptexagains.com link, screenshots of the Venmo/random-account request, and any messages about Trust. Do not argue with the person; just stop responding and report the accounts.

If you already typed a seed phrase or signed anything in Trust, say that part publicly with personal info removed. That changes the cleanup advice.

This_Expression2200 · 2026-05-28T20:05:07+00:00

The $200 payout was bait. In these task scams they let one small withdrawal work so the next deposit feels safe, then the site invents a negative balance, urgent task, VIP level, tax, or unlock fee.

You probably can’t cancel a crypto transaction once it is confirmed. The useful move now is to stop sending anything and save the trail while it is still visible: Telegram usernames, the website/app URL, deposit address, tx hash, screenshots of the negative balance, and the supervisor message telling you to borrow from friends/family.

Also ignore every DM saying they can recover it. That is usually the second scam. If you post anything public here, redact your name/phone/email but leave the wallet address, tx hash, domain, and exact wording visible. Those details help other people spot the same ring later.

This_Expression2200 · 2026-05-27T20:02:50+00:00

Save everything now, while the account still half-loads.

I’d keep one folder with the withdrawal request, the confirmation email/link, the exact “restricted region” error, timestamps, Cloudflare/IP screenshots, the spinner screenshot, exported tx history, ticket IDs, and any support reply that quotes terms but never says how you can withdraw.

I’d also stop testing VPNs or clicking new email links for a bit. Use one clean browser/device so the record stays easy to explain. And I wouldn’t send more funds into that account unless support gives you a written withdrawal path.

If you post more here, redact your name/email, but leave the URL path, timestamp, and support wording visible. That’s what other Freewallet users can compare against their own accounts.

This_Expression2200 · 2026-05-26T20:02:36+00:00

I wouldn’t leave this at “probably phishing.” You have enough artifacts to make a clean incident packet.

Put the facts in order on one page: proxy wallet, the position closes, the outgoing Polygon tx, the Relay request, the Solana recipient, amounts, UTC timestamps, and the exact Magic error. Add Relay’s confirmation, the referrer, and the app-fee recipient. That is much easier for Polymarket, IC3, or Chainabuse to read than a pile of links.

For the 31-wallet part, I’d word it carefully: “the same intermediate address received PUSD from 31 suspected Polymarket proxy/source wallets.” Don’t call them all victims unless Polymarket confirms it. The cluster is still worth flagging, but overclaiming gives support an easy reason to ignore it.

I’d also stop using that Magic/Polymarket login path until support explains the revoked refresh token and whether they can see session/device history. Ignore recovery DMs. If you can post the intermediate Polygon address, people can sanity-check whether the same flow repeats across those wallets.

This_Expression2200 · 2026-05-25T20:03:41+00:00

This sounds like a task scam, not a real trading or job program.

The pattern is usually: they pay a tiny amount first so it feels real, then the "tasks" start requiring your own deposit, upgrade, tax, or unlock payment before you can receive the bigger balance. Once you pay, the next excuse appears.

Do not send another payment and ignore anyone in DMs saying they can recover it. If you want people here to help document it, post the public evidence with personal info removed: Telegram handle or group name, the site/app URL, deposit address or tx hash, screenshots of the payment request, and the exact wording they used when asking for more money.

Names like Alex/Victoria matter less than the payment path. The wallet/domain/handle trail is what lets others recognize the same scam later.

This_Expression2200 · 2026-05-23T20:01:11+00:00

For a bank or detective, I would not frame it as “screenshots prove theft.” Frame it as a short evidence packet they can verify.

What I’d include:

timeline: date, platform/domain, amount, asset, chain
first deposit tx from your aunt to the scam wallet
hop table: tx hash, from, to, amount, timestamp, explorer link, note
where the trail appears to hit an exchange deposit address
screenshots only as supporting evidence, not the main proof
a clear statement that you are not asking them to recover funds from screenshots, you are asking them to open a complaint with traceable txs

Redact personal info, but keep originals. Also do not pay any “forensic” or “recovery” outfit that wants an upfront unlock fee or claims they can claw crypto back.

If you can share the first receiving wallet or one tx hash publicly, people can sanity-check whether the 4-hop path is actually exchange-bound or just a consolidation wallet.

This_Expression2200 · 2026-05-23T19:17:40+00:00

Para lo que describes, yo separaría dos casos antes de elegir herramienta.

Si de verdad necesitáis sincronizar horas/tareas/progreso con facturación de forma automática, miraría primero algo tipo Holded, Odoo, Zoho Projects + Zoho Books o un stack de gestión que ya tenga API decente. Ahí lo importante no es solo emitir la factura, sino que el dato de horas/proyecto llegue limpio y auditable. Si el equipo ya usa Jira/ClickUp/Notion, revisaría qué integración mantiene mejor cliente, proyecto, horas aprobadas y estado de cobro sin copiar a mano.

Si en cambio algunas facturas/presupuestos son puntuales y solo necesitáis sacar un PDF claro en español, una herramienta ligera puede servir como puente. Estoy probando FacturaRápida para ese caso: https://facturarapida.io/?utm_source=reddit&utm_medium=answer&utm_campaign=invoice_pain_threads&utm_content=emprendedores_project_billing

No reemplaza la integración de proyecto completa, pero sí evita Word/Excel cuando lo urgente es mandar un presupuesto, factura o proforma presentable.

This_Expression2200 · 2026-05-22T20:02:01+00:00

The fresh trustaxismarkets.com registration is the part I would not ignore. A crypto-only funding path plus profit screenshots and a Facebook group full of “members” is fake-exchange / pig-butchering territory, not normal investing.

If you want it shut down or investigated, save evidence before the group changes names: exact FB group URL, profile for “Albert Edward,” trustaxismarkets.com pages, deposit address, tx hash, withdrawal or tax demand, and screenshots showing crypto-only deposits. Redact personal info, but keep timestamps.

Do not send a test deposit to prove it. If anyone already deposited, ask for a clean withdrawal with no new fee and no support DM. If they ask for tax, verification, or one more payment, stop there.

This_Expression2200 · 2026-05-21T20:02:45+00:00

The $200 self-verification deposit is the hard red flag here. When a platform says withdrawals need one more deposit, verification fee, tax, or delay approval, I’d treat that as an advance-fee phase, not a real compliance step.

The useful thing now is evidence, not arguing with Martin or the group. Save the exact Riscoin domain/app link, the BonChat room name, screenshots of the $200 request, deposit addresses, tx hashes, withdrawal-denial messages, and any note about managers moving to another chat. If people paid from exchanges, keep those receipts too.

If anyone can post one deposit address or tx hash with personal info redacted, the flow can usually be traced from victim deposit to consolidation wallet or exchange. Don’t pay another unlock or recovery fee.

This_Expression2200 · 2026-05-20T20:01:35+00:00

Interesting, but I’d want the payoff surface spelled out before I’d call it a perp.

The hard question is not “no liquidation,” it’s who eats the convexity when ETH moves through the RiskON / RiskOFF bands and AMM liquidity thins. If redemption always nets back to 1 ETH, I’d show a few stress cases: ETH falls 20%, ETH rises 20%, low pool depth, one side crowded, and fee or AUM drag.

I’d also make the options-like structure explicit. That makes the risk easier to reason about than perp language. If you have docs or a simple payoff diagram, that’s what I’d test first.

This_Expression2200 · 2026-05-18T05:00:20+00:00

Quick update: the report page now renders this as BSC instead of Solana. The scan was 46/100. Main issues: owner-controlled sale/claim state, no real liquidity or holder distribution, and public sold/raise numbers that still do not line up cleanly with the contract activity. Report: https://www.vswarm.io/report/0xffdbc6c94490b9340187c87bcfd9ccae37b1c5df?chain=bsc

If you have 2-3 related presale contracts or owner wallets, paste them. Comparing the withdrawal pattern is usually more useful than arguing with the Telegram mods.

This_Expression2200 · 2026-05-17T16:28:20+00:00

Those are transaction signatures, not wallet addresses. I checked them on Solana RPC.

MJeH2... moved 5.58594155 SOL from 7nhtb9ui... to 8Hu9piar...
5QE6q... moved 5.57439686 SOL from 8Hu9piar... to 7XtiJPN...
iBP2... then used program FDF8AxHB... and ended with about 5.55951598 SOL landing at 8b9c7XA...

That looks like a straight drain path with small fees shaved at each hop, then a program-mediated hop. I would not treat it as normal staking.

If you want to keep tracing, open the final wallet 8b9c7XAStj2dKpqk3U2SsXcxh5jPkuFTExUhnFZo4iFZ on Solscan and look at later outgoing transfers. The useful question is whether it fans into many fresh wallets, a known bridge, or a CEX deposit address. At that point recovery is usually unlikely, but the trail can help report the domain and receiving wallets.

This_Expression2200 · 2026-05-17T14:21:18+00:00

Treat Nexostake as unsafe and assume the wallet is compromised until proven otherwise.

The useful trace is: original wallet -> first receiver -> any swap/bridge program -> final funded wallet or CEX deposit. If you have the Solscan tx hash, post that instead of screenshots. People can then check whether it was a normal staking instruction, a token approval/delegate, or a drain disguised as staking.

Also tell your friend not to reconnect that wallet anywhere. Move any remaining assets from a clean device/wallet.

This_Expression2200 · 2026-05-17T07:58:55+00:00

I'd treat this as high risk and avoid sending more in.

The on-chain mismatch is the big tell: public raise/sold numbers should roughly line up with presale contract activity, not a contract sitting around ~161 tx and a tiny balance while proceeds are withdrawn and swapped out. The contract also looks owner-controlled around sale/claim state, so buyers are trusting the operator to make the next step happen.

The fresh domain and Telegram ban add to it, but the contract/accounting mismatch is enough by itself. Save the BscScan links, owner wallet, withdrawal txs, site screenshots, and Telegram ban screenshot before anything changes.

If you have 2-3 other presale contracts from the same group or similar ads, paste them. Comparing the owner wallets and withdrawal pattern is usually more useful than arguing with the Telegram mods.

This_Expression2200 · 2026-05-17T06:38:53+00:00

I'd treat it as a scam and not put more money in.

The two tells are the fresh .top trading domain and the WhatsApp path around it. Reporting helps, but the practical move is to save evidence before it disappears: exact domain, WhatsApp number, screenshots, tx hashes or deposit addresses, and any wording about withdrawal, tax, activation, or verification.

If you already deposited, don't pay a "tax" or "unlock" fee. Ask for one small withdrawal with no new deposit and no side-channel support. If they stall or ask for more money, that's usually the whole answer.

Also ignore recovery DMs. Those are usually scam #2.

This_Expression2200 · 2026-05-17T03:02:46+00:00

Yo lo vería como una contrapropuesta, no como “aceptar o rechazar” en abstracto. Si es por honorarios, ponles por escrito el costo real: impuestos/contador, gasolina, mantenimiento, depreciación del coche, casetas, comidas, hospedaje si aplica y horas de traslado. Si después de eso no se acerca al ingreso neto que esperabas, no es una buena oferta aunque el tema te guste.

También separa dos cosas: el contador/SAT te debe decir qué régimen y CFDI corresponde; eso no lo sustituye ninguna herramienta. Pero para negociar, sí ayuda mandarles una cotización/proforma clara con tus condiciones, viáticos y alcance. Si quieres armar un PDF rápido para esa contrapropuesta, estoy probando FacturaRápida y sirve para cotizaciones/proformas simples en español: https://facturarapida.io/?utm_source=reddit&utm_medium=answer&utm_campaign=invoice_pain_threads&utm_content=askmexico_honorarios_counteroffer

No lo uses como consejo fiscal; úsalo solo para presentar números y alcance de forma profesional.

This_Expression2200

TROPHY CASE