As a result of the interview we found out that a couple of months ago the user bought a new device and installed the Metamask Wallet on it. Our initial hunch that the user had been exposed to a phishing site was confirmed. After collecting all available information, we started our investigation.
Investigated address: 0xbfe... on the FTM Fantom network. Funds are stolen on the FTM network, so we go to the Fantom explorer (blockchain browser) and look for transactions on it.
Depending on the circumstances of the case, we recommend to contact the law enforcement agencies, depending on the location: the victim / exchanges to which the funds were withdrawn / the intruder (if his alleged location became known during our investigation) / in a place with a more well-regulated law. Each of the options has its own characteristics.
Chance to recover stolen funds