Crypto Platform Asking for Passport to Withdraw? A UK Check

Crypto-investment fraud is the largest single category of investment fraud Action Fraud now tracks. UK victims reported losing £649 million across 25,843 investment-fraud cases in 2024, with cryptocurrency involved in 66% of those reports — a 16% increase year on year. The scams almost all share one shape: a long emotional or financial-relationship build-up, a small initial deposit that “makes money” on a fake trading dashboard, then a withdrawal request that gets blocked behind ever-larger “verification fees” until the victim runs out of money or runs out of patience.

The name people use for the longest-running version of this is “pig butchering” — an unsettling translation of the Mandarin term that refers to the way scammers fatten up the victim with apparent gains before slaughtering the relationship. A University of Texas study in 2024 traced more than $75 billion in funds flowing from pig-butchering victims to crypto exchanges between 2020 and early 2024. The operations are industrial: organised crime groups running compounds of scammers in South-east Asia, each working dozens of UK and US targets simultaneously through dating apps, WhatsApp, LinkedIn, and Telegram.

What makes the withdrawal phase the most dangerous moment in the cycle is that it is when victims send their identity documents. The first deposit is just money — bad enough, but money can be replaced. The withdrawal phase asks for passport, selfie-with-passport, sometimes a utility bill, sometimes bank statements. Those documents are then sold on, used to onboard new victims, or used to open fraudulent UK bank accounts in the victim’s name. The financial loss is the headline; the identity-fraud exposure is the long tail.

Once you try to withdraw from a fake exchange, the script becomes very consistent. If you see any of these, you are not dealing with a real crypto platform — you are dealing with a scammer who is trying to extract more money and documents before going dark:

1. “KYC release fee” before withdrawal. The most common version. You’re told you need to pay a percentage of your “balance” (often 10–20%) to release the funds for withdrawal. Real exchanges run KYC before you deposit, not before withdrawal, and they never charge for it.
2. “Tax withholding” on the gain. Sometimes framed as HMRC withholding, sometimes as a generic “tax deposit”. HMRC does not work through crypto platforms. UK crypto tax is reported and paid through Self Assessment by the individual, never withheld at source by the exchange.
3. “Anti-money-laundering deposit”. A specific amount you have to deposit to “prove the source of funds”. Real AML checks involve providing documents (bank statements, payslips) — they never involve depositing more money.
4. “Selfie holding your passport” demand. Genuine exchanges run automated liveness checks during a one-time onboarding flow. Asking for a fresh selfie-with-passport mid-relationship, especially via a contact you met outside the platform, is the gold-standard pattern for fraudulent UK bank-account opening.
5. A “customer support” phone or chat that contradicts the platform’s public help docs. The platform “help” you reach via the contact you met outside the site (Telegram, WhatsApp, a friend who introduced you) is operated by the same fraud team as everything else. Real customer support comes from the platform’s official channels — not from a friend’s friend.
6. Sequential fees escalating each time you pay. The first “release fee” gets paid; the next demand is for “final clearance”; the next for “risk-management deposit”. Each is positioned as the last one. This sequence has a name in fraud literature: it’s the “final squeeze”, and it continues until the victim runs out of capacity.

Before you put any more money in — or before you put a first deposit in — run two free checks. They take a few minutes between them and resolve almost every case where you might be in doubt:

1. FCA Cryptoasset Register. Since January 2020 any UK firm carrying out cryptoasset activities must be registered with the FCA for anti-money-laundering purposes. The register is at register.fca.org.uk (filter by cryptoasset firm type). If the platform you are using isn’t there, it is operating outside UK regulation. That doesn’t automatically mean it’s a scam, but it does mean you have no FCA recourse if it turns out to be one. For platforms that claim to be exchanges (rather than offshore broker dealers), absence from the register is essentially conclusive.
2. FCA ScamSmart warning list. The FCA also publishes a ScamSmart warning list of firms it has received complaints about. Search the platform name — if it appears, you are looking at a known fraud operation. Searching takes ten seconds and catches a high share of the brazen ones.

A useful real-world test: do a video call with your “contact” on a major platform (FaceTime, Zoom, Google Meet) and ask them to log in to the trading dashboard while you watch. Fraud operations cannot do this for two reasons — the dashboard is fake and a video call would let you see they are not the person in the profile photo. A real partner or contact will not object. A scammer will refuse, defer, or change the subject. That refusal is the answer.

Knowing how genuine UK-accessible crypto platforms behave makes the fakes easier to spot. The big real-name exchanges (Coinbase, Kraken, Binance UK, Bitstamp, Gemini, etc) operate in a fairly consistent way:

• KYC happens at onboarding, not at withdrawal. Real exchanges complete identity verification before you can deposit anything beyond a token amount. You provide ID once, automated liveness check runs, you’re approved or rejected. They never run a second KYC against your withdrawal.
• Withdrawals are free or carry a small fixed fee (typically < £25). Network fees for Bitcoin or Ethereum transactions vary, but the platform itself doesn’t charge percentages of your balance to release funds.
• No tax withholding. UK crypto disposals are taxed via Self Assessment by the individual. No exchange withholds tax on your gain.
• Customer support comes from the platform’s official help centre. You log in, open a ticket, get a reply from staff. Never via a WhatsApp number sent to you by someone who introduced you to the platform, never via a Telegram “support agent” in a private chat.
• No “account manager” phoning you. Real consumer exchanges do not assign personal account managers to retail traders, and they don’t cold-call you to push trades. Anyone presenting as a personal trading mentor associated with a platform is a scammer with very high probability.

If a platform you are using diverges from any of those, the question is no longer “is this a scam”. It is “how do I get out and how much can I salvage”.

Two things to keep in mind: crypto fraud is among the hardest categories to recover from financially because once funds are on-chain they generally can’t be reversed, and the identity-document exposure is the longer-lasting risk. The earlier you act on both fronts, the better the outcomes get.

What to do, in order:

1. Within the hour. Stop sending. Don’t pay the next fee, don’t send the next document, don’t reply to the next message. If you transferred from your UK bank to a third-party exchange and then on, call your bank’s fraud line and ask them to attempt a recall under the Authorised Push Payment (APP) fraud rules. The closer you are to the original transfer in time, the higher the chance of any recovery. Take screenshots of every conversation, every dashboard balance, every transaction confirmation — they will disappear when the site goes dark.
2. Within 24 hours. Report to Action Fraud on 0300 123 2040 and to the FCA at fca.org.uk/consumers/report-scam-unauthorised-firm with the platform name, the contact who introduced you, the transaction history, and the screenshots. Both will issue reference numbers. If you sent crypto from a UK exchange, contact that exchange’s fraud team — they can sometimes flag the receiving wallet to other exchanges, which limits where the funds can be cashed out.
3. Within the week. Check your credit report (free at Experian, Equifax, and TransUnion) for any account or application you didn’t make. Set up fraud alerts at all three agencies. Consider CIFAS Protective Registration (£30 for two years) given the document exposure. If your passport was sent, call HM Passport Office on 0300 222 0000 and ask them to flag the document; for driving licence, DVLA on 0300 790 6801.
4. Ongoing. The financial recovery side is a months-to-years process. APP fraud reimbursement under the PSR mandatory rules has time-bound steps; if your bank declines, the Financial Ombudsman is the escalation. The identity-fraud side is also a long monitoring task: stolen ID documents resurface in fraud attempts months or years after the original exposure, so the credit-file watch needs to keep going. Victim Support offers free, confidential help if you need it — crypto fraud often involves long emotional manipulation and the aftermath isn’t just financial.

One thing the FCA and City of London Police emphasise consistently: there is no legitimate “recovery service” that will get crypto funds back for an up-front fee. These “recovery scams” specifically target people who have already been defrauded once, and they are usually run by the same network or a related one. Any contact — through a forum, a social DM, a phone call — from someone offering to recover lost crypto for a fee, is itself a fraud. Use the official Action Fraud and FCA channels, not anyone who approaches you.