Blocking honest cryptocurrency users

This is not legal advice.
Operational risk tips only.

Crypto under banking regulations in 2025

In 2025, you can be blocked not for intent, but for someone else’s dirt. This is the norm, not the exception.

The rules are getting stricter. Off-ramp has become the main pain point. If you want to spend crypto, play by the banking rules.

How not to get crushed by the compliance millstones when you’re honest, but the system disagrees.

The screws are tightening

Common refrain: “I’ve been involved in crypto for many years. I’ve never checked if it’s clean. I’ve never had a problem cashing it out.”

Time does not stand still. In many jurisdictions, starting in the West and moving to the East, rules around both crypto and traditional finance keep tightening. Even if you self-custody today, you’ll probably hit banks or card rails later. Plan for that now.

For example, yesterday you could buy a car with cash, but today you need a bank account. Not to mention buying real estate. It’s getting to the point that you won’t be able to buy a computer or a smartphone without a payment card.

Sooner or later, directly or indirectly, you connect your crypto wallets to one or another bank. They exchange information about you in both directions with the government, crypto exchanges, payment systems and other financial sector companies. Accordingly, the day is approaching when the government will receive complete information about all your crypto wallets associated with these companies.

Despite the original purpose of blockchain and cryptocurrencies as supranational assets, regulators are constantly trying to get their hands on their governance. The results of these endeavors are mixed.

Governments can’t steer the consensus of decentralized coins, unlike centrally issued tokens such as CBDCs (central bank digital currencies). Regulators and law enforcement agencies push instead on infrastructure, services, and users.

Mostly off-ramps, on-chain analytics, and sanctions lists are doing the heavy lifting. An off-ramp converts crypto to fiat (conventional) money via CEX (centralized crypto exchanges), neobanks, P2P fintech providers, or OTC desks. Off-ramp is a key control point.

In turn, many traditional banks are wary, if not hostile, to crypto transactions due to regulatory risks. Because off-ramp controls vary wildly and keep changing, even careful users get tripped up.

Fines, sanctions and restrictions by exchanges and banks are not always fair. From a corporate or personal security point of view, treat these like any other security risk.

---

TL;DR Study the laws and the practice of their application. Separate clean and tainted (suspicious) cryptocurrency into different wallets. Use KYT services. Collect screenshots with evidence of legality or at least good faith. Prepare procedures in advance for the steps before, during, and after the transaction, as well as in case of a lockout.

AML/CFT risks on exchanges and banks

The methods and means of government influence on cryptocurrencies are related to AML (anti-money laundering) and CFT (combating the financing of terrorism). These methods and tools give rise to new risks that have significantly increased in recent times. They continue to grow even for experienced users who often underestimate them.

Even if you have no malicious intent, the fact of accidentally obtaining cryptocurrency from a questionable source can lead to CEX or neobank account blocking, asset freezes, denial of service, and even criminal charges.

That’s not the only risk. Even if CEX or a neobank is not against the transaction, and even if cryptocurrency is not prohibited in your jurisdiction, when transferring the cryptocurrency to a traditional bank, it may request documentation proving the source of funds before crediting or allowing withdrawal. If you can’t provide convincing evidence, the bank may end the relationship.

Regulators are tightening requirements for banks and exchanges, effectively shifting some of the risks to the recipients of payments. That is, most often, those who sell their services or goods for cryptocurrency.

So you need to adapt to the requirements and minimize the risks. To do this, you need to study them, and start with the basics of cryptocurrency anonymity. Experienced users are advised to skip the mini glossary and the next part of the article. 

---

Mini glossary AML/CFT – Anti-Money Laundering and Combating the Financing of Terrorism. KYC – Know Your Customer. Customer identification systems and procedures. KYT – Know Your Transaction. Risk-scoring of on-chain addresses and transactions. CEX – Centralized EXchanges (custodial platforms). DEX – Decentralized EXchanges (typically non-custodial). TXID – Transaction ID. UTXO – Unspent Transaction Output. A spendable output in UTXO-based chains.

The relative anonymity of blockchain

Many cryptocurrency users believe that the blockchain provides anonymity. However, in practice, most popular networks are pseudonymous. 

Most popular coins like Bitcoin (BTC), Ether (ETH), Tether (USDT), and USD Coin (USDC) have public transactions, which are permanently stored on the network. Anyone can track the complete history of fund movements. This can result in less practical privacy than fiat money for typical users. 

Modern analytical tools allow matching addresses and linking them to specific individuals based on behavior patterns, IP addresses, participation in KYC (user identification procedures), public actions (e.g., NFT minting), etc. Such deanonymization is actively used by exchanges, regulators, investigators, and even attackers.

Cryptocurrency owners can maintain relative anonymity as long as they do not have to convert cryptocurrency to fiat. This is critical to understanding the nature of tainted transactions and the risks associated with them. Let’s take a closer look at how exactly they arise.

The war of privacy and compliance

On the one hand, even the partial anonymity of cryptocurrencies attracts all sorts of offenders. Modern money laundering techniques use not only DEX (decentralized exchanges), NFT (non-fungible tokens), and cryptomixing, but also more sophisticated technological strategies. For example, creating fake identities or companies by combining real and fictitious information, and combining microtransactions with cross-chain transactions. That is, “hopping” between networks (chain-hopping), such as through THORChain. Criminals automate these strategies.

On the other hand, states and law enforcement officials are trying to keep up. They are trying their best to reduce the anonymity of cryptocurrencies and track all transactions. The intergovernmental organization FATF (Financial Action Task Force) sets global standards for virtual assets, including the Travel Rule. The European Union’s MiCA (Markets in Crypto-Assets Regulation) introduces additional requirements for service providers in the European Union. The main tools in the fight against illegal funds are KYC (Know Your Customer) procedures and systems, as well as AML/CFT.

In this conflict between states and crime, the interests of honest users suffer. We have already described the legal and ethical sides of such a conflict of interest on our blog. Sooner or later, society will learn to live and work with these contradictions. Meanwhile, regular users are stuck between compliance and crime. So they are forced to evaluate and take into account the capabilities and limitations of various technologies and systems used by states and offenders.

Hence, two sets of risks arise for bona fide users. First, it’s about unintentional receipt of funds, the origin of which is connected with criminal activity. These are so-called tainted transactions. Secondly, sanctions due to errors of AML/CFT systems are not excluded. So let’s study these systems better.

How AML/CFT systems are organized

For AML/CFT, the risk factors (“yellow” and “red” flags) are:

• Exposure to banned addresses directly or indirectly in history.
• Technologies that conceal transactional provenance (mixers, some privacy coins, frequent cross-chain hops, etc.) raise risk flags.
• Transactions from countries with weak regulation or from unregulated exchanges. This is the vast majority of DEX and some CEX.
• Suspicious transaction size, frequency, or patterns. For example, many small transactions below reporting thresholds or instant withdrawals after a transaction.
• Suspicious sender and receiver profiles. For example, refusal to provide documents as part of KYC requirements, frequent change of IP addresses, etc.

AML/CFT systems do not have a single “statute of limitations”. The depth of history analysis varies from provider to provider. This means that even if a transaction occurred many years ago, it may be linked to recently identified illegal activity. This linkage will be factored into the current risk assessment.

Modern AML/CFT systems typically identify sources of risk by tracking dozens of transaction hops. This lets analysts trace funds across many hops and intermediaries. Your funds may be blocked even if you received them from a seemingly legitimate source, but they in turn received them from an illegitimate one. An exchange’s AML/CFT system can identify this hidden connection because this system analyzes the entire chain of transactions up to the original source. 

Tools classify risk as direct vs indirect exposure and policies decide what to do with indirect exposure. So even bona fide users may inadvertently become involved in money laundering schemes if they do not realize the origin story of their funds.

At the same time, traditional AML/CFT systems often fail to cope with new offender tactics. The reasons are rigid rules, fragmented data, and outdated risk assessment models. False positives remain common, so honest users still get flagged.

The cardinal rule of risk mitigation

Where to start to reduce the risk of wrongful accusations of illegal transactions? Think in risk tiers. Consider all cryptocurrency as belonging to one of three types:

• Clean. Documented origin and KYT passed. 
• Uncertain. Evidence not yet gathered. 
• Flagged. Known exposure to sanctions, hacks, or mixers, etc. per KYT or AML/CFT. 

Treat any wallet that ever touches banks or taxes as ‘regulated-surface’. Follow the rules those institutions enforce. If they’re wrong, dispute, but don’t route around.

Accordingly, keep suspect and clean funds in separate wallets/accounts. Never mix them. This isn’t a legal guarantee, but just a practical way to simplify audits and investigations. Let’s suppose some coins came from older, unverified sources. You should keep these wallets separate from wallets and accounts with clean crypto purchased recently on exchanges with modern KYC and AML/CFT procedures.

If you once bought 100 USDT to your wallet from an exchanger that didn’t verify your ID, then you shouldn’t sell that cryptocurrency on a major regulated exchange. Anyway, avoid ‘cleaning’ tactics (mixers, DEX, chain-hopping) because many exchanges treat these as risk factors and may escalate or report.

If you’re adamant about not accepting tainted crypto, take action early. Keep three distinct wallets: 

1. Intake wallet. Only receives new funds. 
2. Review wallet. Holds funds while screening finishes. 
3. Main wallet. Used only after checks pass. 

No sideways moves between these wallets. Flows are Intake → Review → Main only. Don’t fund the Review wallet from the Main wallet ‘just this once’. That breaks the audit trail.

---

🧭 Reality check. Mixers, DEX, and chain-hopping look like intent to obfuscate in most tools today. So don’t expect sympathy.

KYT. Your personal tripwire before blocking

An important risk mitigation measure is the use of personal AML tools, i.e. KYT (Know Your Transaction). The term wallet/address screening is also often used. The term KYA (Know Your Address) is less common. Such checks are especially useful before receiving crypto or transferring it from cold wallets to major exchanges.

For example, apply screening services based on API or platforms of Chainalysis, Elliptic, TRM Labs or similar. This list is just for illustration purposes, although we tried to select services that cooperate with large exchanges. Choose services based on their reputation, coverage of your jurisdictions, and compliance with your exchanges.

Often the process of verifying sender addresses is simplified to three steps: insert address, click “Verify,” get report. Personal KYT provides a benchmark, but does not guarantee legal compatibility with corporate AML/CFT, such as CEX AML/CFT. For large transactions, use multiple independent KYT services. Document the results of checks.

If you are paid for your services or goods in cryptocurrency that you plan to bank in the future, record the addresses of their wallets in contracts with counterparties and verify them in KYT services. If the address of a potential counterparty is tainted, then either ask him for another one, or switch to fiat settlements, or refuse to interact with this counterparty.

If the counterparty’s address looks clean, it does not guarantee that the hidden “dirt” will not be revealed later. Then you may need a contract with that counterparty, screenshots and reports of its address verification in KYT services for your own protection.

Don’t share addresses linked to your KYC’d accounts with dubious entities or post them publicly. Otherwise, they may receive tainted crypto at the most inopportune moment.

That’s the quick-start. More detailed examples of procedures for the phases before, during and after the transaction are at the end of this article. Now, some automation notes.

KYT automation

Before you build ‘block-before-transaction’ controls, treat address screening as exchange-agnostic. Internal exchange policies often differ from public analytics. Assume mismatches and design fallbacks.

If you build wallet workflows, use generic address-screening hooks (e.g., from reputable analytics providers) to warn or block before transaction. Do not assume any exchange’s internal compliance logic matches what third-party tools show. 

Look for KYT services closer to exchanges. Coinbase announced a KYT API in 2022 and still markets compliance tooling. It deserves attention. However, current public developer docs don’t clearly expose KYT in Wallet APIs.

What to do if you received tainted crypto

Tainted funds hit a non-custodial wallet

What to do if tainted funds land in your clean non-custodial wallet? 

Isolate it and pause spending. Assume potential taint for any directly linked wallets until you get professional advice. A refund won’t automatically reset analytics scores. So expect to document context if you interact with an exchange or neobank.

Tainted funds hit a custodial wallet

What if you received tainted crypto to your clean custodial wallet? For example, to a crypto exchange or neobank account. This case is more complicated. Your main actions:

1. Freeze activity. Do not move funds further, combine them with others, exchange or withdraw them. 
2. Use alternative KYT services to confirm or deny the conclusion about the illegal source of funds. Save screenshots.
3. Do not wait for your account to be locked. Immediately contact the custodian who holds the keys to your wallet. For example, with the support service of an exchange or neobank. Describe in detail the situation, your good faith behavior and send proof.
4. In case of serious amounts, consult a lawyer working with cryptocurrencies and AML law.
5. Document all actions with the custodian (screenshots, correspondence, tracing). This may be necessary when communicating with the custodian, regulators, banks or law enforcement agencies.

Such actions show your good faith and often help avoid blocking of accounts and further legal consequences. Find more detailed procedures, structures and templates in case of blocking at the end of this article.

If your account was still blocked due to suspicions of AML/CFT systems despite receiving funds in good faith, the list of actions is the same. If it doesn’t work, file complaints with higher authorities, regulators, supervisory and judicial bodies.

Modern AML/CFT procedures often sanction first and then require the user to prove their innocence. The presumption of innocence argument may work in one jurisdiction, but may be useless in another. So for big sums, don’t go solo. Get a crypto lawyer fast.

---

🧭 Reality check. If you get banned from an exchange, don’t try to be a hero on your own. Hire a lawyer with experience in litigating with that exchange.

AML/CFT of traditional banks

Above, we mostly discussed AML/CFT at crypto services: exchanges, payment systems, etc. Their requirements often overlap in basic principles (KYC, KYT, sanctions lists), although they differ significantly in terms of thresholds, procedures and documentation. 

Banks are a different story. They’re tied into correspondent networks and card schemes, so their risk filters, processes and audit trails tend to be stricter and slower. Here’s the 2025 snapshot.

AML/CFT requirements, regulations and practices of traditional banks change over time and depending on the specific country and bank. From criminalization of cryptocurrency, as in China, to legalization and adoption, as in Malta.

The actual situation with funds withdrawn from crypto, for example, in European banks, is quite diverse. In a number of banks, small amounts are sometimes passed through without additional requests. This depends on the policy of the particular bank and the profile of the client.

In other cases, the bank asks for a lot of documents. Expect requests for documents on the origin of funds, contracts, invoices, tax returns, official translations of all documents into the language of the bank’s country, notarizations, apostilles, and bank-specific formatting.

Finally, in other cases, when trying to legalize cryptocurrency in a bank, no documents at all help. Not even official contracts with a cryptocurrency market operator company with a license issued by the same state that issued the license to this bank.

Even if local laws allow cryptocurrency transactions, banks are cautious. They have the requirements and risks of sanctions at the level of international institutions: payment systems and law enforcement agencies. In practice, bureaucracy means soft denial for some clients and use-cases. 

However, we have prepared for you checklists of actions and documents that can help you with both exchanges and banks. These checklists are provided at the very end of our article.

---

🧭 Reality check. If you touch fiat rails, you play by bank rules.

Bottom line

We’ve covered the risks of sanctions for inadvertently engaging in illegal cryptocurrency transactions, sanctions due to errors in AML/CFT systems, and risks of banking restrictions.

What if you found out about all of this too late? What if, for historical reasons, your wallets ended up with too much cryptocurrency purchased without KYC and not verified by KYT? Start by checking the addresses of your crypto wallets in KYT’s personalized services.

If your wallet comes back ‘high-risk’, assume a false-positive is possible but prepare for a fight. Ping us, we’ll map next steps.

In any case, do not try to use DEX, cross-chains, Monero, cryptomixers, etc. to clear money. As noted above, these are all risk factors for AML/CFT. So it is obvious that by doing so you will only make the situation worse. That’s operational risk advice, not a legal verdict. The problem is how these patterns are treated by compliance tools today.

The set and nature of legal cryptocurrency risks are constantly changing. New types of failures and losses are emerging, as well as more sophisticated methods of fraud and money laundering. Regulatory systems are lagging behind the pace of innovation and causing significant inconvenience to conscientious users. So they need to constantly update their knowledge and adapt their security practices.

This article gives you a basic introduction to AML risks and is not a substitute for professional service. We help align screening processes and evidence base to your jurisdictions and banks. If you need help assembling KYT evidence packs, interacting with banks/exchanges, or if you have any other questions or challenges related to information security, legality or legalization of cryptocurrencies, contact us.

Bonus. Checklists and templates for crypto vendors

Here are practical checklists and templates for vendors of goods and services that are sold for cryptocurrency. You can copy-paste these examples into your runbook and customize afterward.

Before the transaction

1. Customer due diligence. Ask for buyer’s company details, beneficiaries, website, domains, legal address, contract/SoW, LinkedIn profile link. Prepare an invoice.
2. KYT and address screening. Run the counterparty address and your receiving address through 2+ independent providers with different risk graphs. Save all raw screenshots, PDF reports and their SHA-256 hashes. Reconcile the tags of sanctions, darknet, hacking, mixers, gambling, etc. 
3. Jurisdictions and sanctions risks. Make sure the counterparty and supplier chain are not on sanctions lists. If in doubt, refuse or request a different asset/channel.
4. Clean wallet. Consider using a new non-custodial address under the client, with no past inputs. For custodial deposits, generate a fresh address on CEX and verify that the network matches.
5. Network and asset. Lock in the asset ticker, network, chain ID, address format, need for Memo/Tag for some coins. Network errors are irreversible.
6. Scheduling a test transaction. Agree a small test transfer with the counterparty to verify address, network, and performance.
7. Settlement rules. Agree on who pays the fee, how payment is confirmed, what counts as execution, and what time windows are allowed.
8. Proof of origin of funds. Ask the counterparty for exported histories or blockchain explorer links that don’t reveal private data or violate their policies.
9. Bank off-ramp. If you plan to withdraw to fiat, talk to the bank in advance about the documents and limits, so as not to “run into a wall” after receiving crypto.
10. Plan for capturing evidence. Prepare a folder “Crypto-Deal-Case YYYYY-MM-DD” and a checklist with what and how you record each action.
11. Freeze and escalation policy. Spell out in advance what you do when red flags occur. No “clearing,” just pause and escalate after a certain number of days.
12. Tax and accounting nuances. Clarify what data the accounting department needs for subsequent reporting.

During the transaction

1. Confirm the parameters. Double-check the asset, network, amount, address, Memo/Tag, and deadline in a single message.
2. Test transaction. Receive and record the TXID of the test amount, perform KYT on entry, save screenshots of the blockchain explorer with the date/time visible.
3. Main payment. Receive the TXID. Until checks pass: for UTXO chains, don’t consolidate inputs before checks; for account-based chains, don’t sweep or forward.
4. Repeat KYT. In UTXO networks, check inputs/UTXOs; in account-based networks, check incoming transactions/account deposits. Save a PDF report.
5. Logging. Record the transaction hash, the exchange rate at the time of receipt, the commission, and the status screen “confirmed N/required M”.
6. Communication with the counterparty. Confirm receipt, send a link to the TXID, and record the correspondence.
7. Wallet key hygiene. Do not make parallel spending transactions from the same address until checks are complete to avoid co-mingling clean and suspect UTXOs.
8. Data quality. Verify that exported reports are readable and contain dates and identifiers.
9. Documents. Sign the cryptocurrency payment receipt or acknowledgment of payment, link it to the TXID.
10. Evidence files. Immediately place everything in the prepared case folder. Append filename + SHA-256 lines to README.md, one per artifact.

After the transaction

1. Final KYT. Prepare a final report on the funds received and the address where they are located, and save it in the case.
2. Address labeling. Mark your addresses as “commercial” and “completed” in your internal database so that they are not reused unnecessarily.
3. Accounting and taxes. Record the value of the asset at the time of receipt, the exchange rate, commission, invoice number, and customer number.
4. Funds transfer plan. Agree on the next step. If you must move funds, use a fresh destination to avoid co-mingling. Conversion to CEX, stablecoins, further on-chain payment, or fiat withdrawal via a bank. 
5. Preliminary communication with the bank. If it is an off-ramp, send a set of documents in advance: contract/SoW, invoice, TXID, KYT reports, and an explanation of the economic rationale for the payment.
6. Storage and segmentation. Do not mix incoming funds from different clients unnecessarily. Consolidate after “cooling” and verification.
7. Archiving the case. Pack the case folder into an archive with a checksum, store it in a secure cloud/storage, and specify the retention period.
8. Feedback to the customer. Briefly inform them that the payment has been accepted and verified, and attach the receipt.
9. Update procedures. If new flags appear, add them to standard operating procedures.

If blocked

1. Stay calm and document everything. Save the letter/notification from the platform, ticket number, reason, date/time, and take screenshots of your account.
2. Good faith package. Prepare a set of documents. Contract/SoW, invoice, correspondence, TXID, KYT reports from two providers, description of the business rationale for the transaction, and reasonable sources of the counterparty’s funds.
3. Response to compliance. Write a polite, structured letter, ask for specifics about the flags, offer alternative KYT reports, emphasize the lack of intent and willingness to cooperate.
4. Escalation. If there is no movement, request that the ticket be transferred to a senior compliance or financial security manager and keep a record of all SLA violations.
5. Alternative verification. Attach reports from other analytics providers, indicate possible false positives, and provide context for the transaction.
6. Legal support. If necessary, engage a financial compliance lawyer. Do not take any actions that could be interpreted as an attempt to circumvent the measures.
7. Unlocking options. Suggest a partial withdrawal of the “clean” portion with confirmation of the analysis, or a refund to the sender if permitted by the service policy. This as a negotiation option, not a right.
8. Regulator, ombudsman, court. If the funds remain frozen for too long, consult with a lawyer about further action: file a complaint with the relevant regulator or ombudsman, if provided for in your jurisdiction, or take legal action.
9. Post-mortem. Document the causes, update checklists and procedures to reduce the risk of recurrence.

Folder structure of the case

Crypto-Deal-Case_2025-08-28_Client-Name/
  00_Admin/
  00_Admin/0Z_README.md
  00_Admin/hashes.txt
  01_Contract_SoW_Invoice/
  02_Communication_Proof/
  03_Onchain_TXIDs/
  04_KYT_Reports_Multi-Vendors/
  05_Screenshots_Explorers/
  06_Banking_Offramp_Docs/
  07_Accounting_Tax/
  08_Postmortem_Notes/
  09_Legal_Correspondence/
  README.md

Transaction log (CSV)

date_utc,client,asset,network,amount,fee,from_address,to_address,txid,confirmations,rate_usd,notes 2025-08-28T12:34:56Z,Acme Ltd,USDC,Ethereum,12345.67,3.21,0xFROM,0xTO,0xTXID,64,1.00,”test tx ok; KYT clean”

Draft letter to compliance

Subject: Request for details on AML/CFT flags — Acme Ltd Hello, Compliance Team, We have received notification that the operation has been suspended due to increased risk. Case. Client Acme Ltd, payment under contract No. 123 dated 2025-08-15 for MSSP services. Details. Asset USDC on Ethereum network, TXID 0xTXID, date 2025-08-27. Amount 12,345.67. Evidence. We attach the contract/invoice, SoW, correspondence, KYT reports from [provider-1] and [provider-2], screenshots from the blockchain explorer, and a description of the economic rationale for the transaction. Request. Please review and unfreeze, or provide specific flags/risk categories and a list of documents required for unblocking. Please confirm receipt and an expected timeline. We are ready to provide you with reports from alternative KYT providers and additional information on the source of funds. Please indicate the responsible manager/department for direct communication. Thank you.