AML Crypto

📲 SMS Trap: How One Message Can Steal Your Crypto on P2P Platforms When selling cryptocurrency for fiat on P2P platforms, scammers often use a scheme involving fake SMS or email payment notifications. Here’s how it works — so you know what to watch out for. 🎬 How the scheme works You decide to exchange your cryptocurrency for fiat (USD, EUR, GBP, etc.). You have, for example, USDT on a popular exchange (Binance, Bybit, MEXC, Gate.io, Kraken, etc.). 1️⃣ You go to the P2P section of the exchange. 2️⃣ You post an ad or select an existing offer. 3️⃣ As the payment method, you choose phone number transfer or instant payment app (🇺🇸 Zelle, Cash App, Venmo — USA; 🇪🇺 SEPA Instant, Revolut, bank-linked phone number — Europe). 👉 At this point, the counterparty receives your phone number or linked account details. 🎭 How the scammer operates • They use an exchange account registered under a fake or stolen identity (such accounts are sold on darknet marketplaces 🥷 for $20 to $300). • Instead of sending a real payment, they send you a fake SMS or email, pretending to be a notification from your bank or payment app. They typically don’t spoof the official sender name — the message comes from a random number or email (spoofing sender names has become more difficult). 📩 Example of such text: “Payment received: $1,200.00 USD via Zelle. Available balance: $4,350.00 USD.” • After sending the message, the scammer starts pushing in chat: “Payment sent, please confirm the transaction.” • The victim, seeing the familiar template, rushes to complete the deal and confirms the transaction on the exchange — without checking the actual bank account or app. 🚨 What happens next • The cryptocurrency is immediately transferred to the scammer’s wallet. • Even if you quickly realize the scam and contact exchange support: • You confirmed the transaction yourself — from the exchange’s point of view, everything was executed correctly. • The scammer usually withdraws the funds instantly — making it nearly impossible to recover them. 🛡 How to protect yourself ✅ SMS or email ≠ payment confirmation. Always verify the actual receipt of funds in your banking app or online banking. ✅ Any pressure to “confirm quickly” is a clear red flag. ✅ Remember: if you confirm the transaction, the exchange is unlikely to refund your crypto — even if fraud is proven. 🛡 AMLcrypto.io | ✔ TG - Bot (t.me/AMLCryptobot | 💬 Contact us (t.me/AMLCrypto)

👻 Fake Exchange: Great Rates, Friendly Operator — Money Gone More and more scammers are building their own crypto exchange websites — often without even trying to hide behind the names of legitimate brands (aka phishing exchanges). These platforms are widely promoted on Telegram, social media, and crypto forums — luring victims with “unbeatable rates.” 🎣 ❗️But it rarely stops there. The scam is usually combined with other tactics: • 💸 A fake broker (t.me/AMLcryptonews_…) (example) convinces the victim to buy crypto and “recommends” their trusted exchange; • 🚚 The exchange offers to process the transaction in person — via a courier who delivers cash, or at an office — but first asks the victim to complete a fake AML verification (t.me/AMLcryptonews_…) (example). 💡 In AMLcrypto’s investigations, we’ve seen cases where such exchanges would process small amounts at first — to build trust. But when the victim later sends a large sum — the scammers disappear. 👉 Important: this is no longer a “backyard scam.” It’s a well-structured business funnel. These actors are ready to nurture their victims for months. 🦉 How to protect yourself: ✅ Check the exchange’s domain registration date via WHOIS. ✅ Look for real reviews on independent platforms such as: • Trustpilot • Reddit (r/CryptoScams, r/CryptoCurrency, etc.) • Bitcointalk (Scam Accusations section) ✅ Verify that the exchange is licensed and/or listed with trusted regulatory bodies (e.g. FCA, FinCEN, BaFin), or in official VASP registries. ✍️ Remember: the more “amazing” the deal sounds — the higher the risk. 🛡 Web (amlcrypto.io) | ✔ TG - Bot (t.me/AMLCryptobot) | 💬 Contact us (t.me/AMLCrypto)

🤥 Phishing Metamask: How $1.4M Was Stolen — Despite a Safe and Proper Seed Storage One of the real cases from our practice: 💰 $1.4M was stolen from a wallet whose seed phrase was stored on paper in a safe. The safe was accessible only to the wallet owner. 🧠 How did this happen? After purchasing a new MacBook Pro, the user started installing her usual apps. She typed “Metamask” into the search bar. The top result was a sponsored ad leading to a phishing website. The site looked identical to the official one, differing only by the domain extension. When clicking “Install Metamask,” the site did not redirect to the official Chrome Web Store, but instead immediately prompted her to enter her seed phrase — supposedly to “restore” her wallet. After entering the seed phrase, the site redirected her to the actual Chrome Web Store, where she installed the official Metamask extension. ⚠️ The prompt to enter the seed phrase again inside the extension seemed like a minor inconvenience at the time. ❗️ The user had no idea she had visited a phishing site — she believed she had installed Metamask from the “official website.” As a result, the attackers gained full access to the wallet and drained all the funds. 💡 Interesting fact from the investigation: we discovered that the client had visited a phishing site only after analyzing the browser history — she was completely unaware of it. 🚨 Important: scammers create such phishing sites not only for Metamask, but also for other popular crypto wallets — Trust Wallet, Phantom, and many others. 🔐 How to protect yourself: • ✅ Only use officially verified wallet websites. Cross-check information from multiple sources: official websites, social media, verified wiki articles, crypto forums, and trusted AI tools. • 🚫 Never click on sponsored ads in search engines to download wallets or apps. • 🔎 Double-check websites using site reputation tools — for example, scamadviser.com. • ⚠️ Stay alert: any unusual website behavior — strange prompts, seed phrase requests outside the expected flow — is a major red flag. • 🛡 Only enter your seed phrase in a verified official app or extension — and only when you are intentionally restoring your wallet. 🚨 Lost funds? AML Crypto can help investigate the incident, prepare a professional report, and increase your chances of recovery. We engage within just a few hours. 🛡 Web (amlcrypto.io) | ✔ TG - Bot (t.me/AMLCryptobot) | 💬 Contact us (t.me/AMLCrypto)

💔 Blockchain Romance: A Love Story That Ended in a Mixer 📖 This is the story of one of our clients. Let’s call her Alena, 35. She met a man on Telegram. Russian, living in Germany 🇩🇪 for over 10 years, works in IT. Polite, humble, always in touch. The conversation unfolded gradually: books, life abroad, moving, loneliness. After a couple of weeks, he brought up crypto. 💬 “You’re smart. I’ll help you figure it out. That’s how I earn — steadily.” He sent her a link to an “international exchange.” Looked completely legit: charts, balance, support chat. Alena deposited 1,000 USDT. 🟢 The very next day, her balance had grown by 5% — up to 1,050. He showed her how she could withdraw $200. The money actually arrived. 💬 “See? It works. But don’t withdraw now — better to grow the balance for higher profits.” Alena deposited more. And then more. Within two weeks, she had deposited 23,800 USDT. 🚨 When she tried to withdraw a large amount, an “error” popped up: “Withdrawals are temporarily locked. To unlock, please deposit an amount equal to your transfer.” ⚠️ He said it was a standard anti-money laundering (AML) check. “Things are strict in Germany,” he added. Alena sent more. The last transfer was done with a credit card 💳 — she had to buy more crypto. Then came a new requirement: “Please pay income tax.” 🤔 She got suspicious. She reached out to AML Crypto. 🔎 We explained: this is a classic scam. The site is a fake, mimicking a real exchange. No legitimate platform asks for additional payments for “unblocking” or “taxes.” 💡 We also emphasized: threats and begging don’t work — scammers hear it all the time. The only way forward is to start an investigation, collect digital traces, and contact law enforcement. 🤦‍♂️ Two days later, he messaged again — “generously” offering to transfer part (!) of the funds within the platform, but said half still had to be paid upfront. 🔍 What AML Crypto’s analysis revealed: • 💱 The funds were swapped via Uniswap: USDT → ETH • 🕸 The ETH was dispersed across numerous blockchain addresses • 🌪 Then it was funneled through Tornado Cash, a mixing service • 🧩 One address had previously been linked to a similar scam • 🏦 A centralized exchange was also identified, from which native tokens were sent to one of the scammer’s addresses to cover gas fees — allowing for an official request to help identify the individual behind the activity 📄 With such a request, law enforcement may obtain: • ✅ KYC data: full name, documents • 📧 Registered email and phone number • 🌐 Login logs with IP addresses • 📊 Full transaction history • 💼 Account balances and current assets • … ⚖️ Even if the account is registered to a drop (fake identity), this data helps build connections, collect digital traces, and create a solid evidence base. ❤️‍🩹 Love isn’t a reason to take out credit. Trust without verification can cost you dearly.

🚨 CLIPPERS — When the Enemy Is Already in Your Clipboard! You’re an experienced crypto user. You don’t fall for “investor-experts”, you never connect your wallet to shady fake AML-check websites, and no one’s going to trick you with a fake token during a swap. Your crypto is under control, and your decisions are sharp and calculated. That’s what one of our clients thought — until the day he personally sent 19,800 USDT straight to a scammer. 😐 How did it happen? A regular business conversation in Telegram. He asked the counterparty for a blockchain address to send 19,800. Ctrl+C — copied the address, Ctrl+V — pasted into the recipient field. 💸 Clicked “Send”. Transaction went through. Status: Success. But the counterparty replied: “Nothing received.” ❓ A typo in one of the 34 characters of the Tron address? Double-checked… 😱 WTF… Every single character is different. 📛 That’s a clipper. 🔍 What is a clipper and how does it work? A clipper is malicious software that silently replaces any copied blockchain address with one from a scammer’s list. It lives in your system undetected — until the right moment. 🛠 How the scheme works: 1. The virus gets onto your device — usually via “free” software, cracks, fake updates. 2. When you copy a wallet address, it’s automatically replaced with the attacker’s address. 3. You paste the fake address and send the funds — without even noticing. 🛡 How to protect yourself from clippers: ✅ Use the satoshi test — first send a small amount and confirm receipt. ✅ Install antivirus software and run regular system scans. ✅ Don’t download software from sketchy sources. Paying for a license is cheaper than losing all your assets. 💬 AML Crypto helps victims of clippers and other crypto scam schemes. We: 🔎 trace the movement of stolen funds 🧠 tag and identify scammer addresses 📄 prepare documentation for appeals 🤝 communicate with exchanges and law enforcement

🤥 Beware of ENS: Scammers Are Exploiting Trust Since the launch of Ethereum Name Service (ENS), it’s been widely adopted not only by regular users but also by scammers. And although the scheme isn’t new, it still works—especially among victims with low crypto literacy. 🧠 How does it work? ENS allows replacing a long wallet address with a readable name. Instead of 0xd8dA6BF26964aF9D7eEd9e03E53415D37aA96045, you can simply use vitalik.eth. Convenient—but risky. Here’s how scammers operate: 1. They create spoofed domains like vital1k.eth instead of vitalik.eth. 2. They register ENS domains that mimic real wallet addresses. For instance, Bybit’s hot wallet is 0xf89d7b9c864f589bbF53a82105107622B35EaA40 (btrace.amlcrypto.io/report/05b2e28…). A scammer registers 0xf89d7b9c864f589bbF53a82105107622B35EaA40.eth. If someone sends funds to that ENS address by mistake, the money goes straight into the scammer’s wallet. 3. Using social engineering, scammers impersonate exchange representatives and convince victims to send funds to .eth addresses—creating an illusion of trust and legitimacy. 🧐⚠️ This exact domain is already registered. If you try to send anything to 0xf89d7b9c864f589bbF53a82105107622B35EaA40.eth, the funds will go to 0x43df365C5286c3b15bec82188c877871c1EbB9c6—not where you expected. 🔐 How to protect yourself: • Don’t trust ENS domains blindly. Always check what address is behind them: ens.domains • Never send crypto to an ENS address unless you’re 100% sure—especially if the amount is significant. • Improve your crypto literacy. Basic attentiveness is one of the strongest tools for self-protection. 🚨 Already lost your funds? AML Crypto can help you trace the assets, prepare a professional report, and increase your chances of recovery. We act quickly, lawfully, and have real-world case experience. We’re ready to step in within hours of your request. 📩 Contact us: t.me/AMLCrypto

🧨 Scam with MEMO: When You Send Money to a Scammer Yourself — Without Even Realizing It Scammers have learned to exploit a specific feature of certain blockchain networks — MEMO / TAG / Payment ID, which is a mandatory parameter for transfers on networks like XRP, EOS, WAX, and others. 📌 In these networks, exchanges use a shared deposit address for all users — unlike Ethereum, Tron, or Bitcoin where each user gets a unique address. To credit your funds correctly, the exchange requires you to specify a MEMO / TAG / Payment ID — this is your personal identifier on the platform. 💡 Enter the wrong MEMO — and the money goes to someone else. 🎯 Scammers are taking advantage of this. 🎭 How the scam works: 1️⃣ They create an account on an exchange and receive their own MEMO. 2️⃣ They contact you pretending to be from the exchange or support team. 3️⃣ They provide a legitimate exchange address to avoid suspicion. 4️⃣ But they insert their own MEMO instead of yours. 5️⃣ You copy everything and send the funds. 6️⃣ The exchange receives the funds and, based on the MEMO, credits the scammer’s account. They quickly withdraw the assets. ⚠️ From a technical point of view — everything was correct. ❌ But your money didn’t go to you. And getting it back is extremely difficult. 🧠 Why this is dangerous 🚫 Exchanges don’t verify whether the MEMO actually belongs to you. 🙈 Users often think MEMO is just a “comment” field — not a critical part of the transaction. 🧾 Everything looks “clean” — no phishing, no address spoofing. ✅ How to protect yourself 🔐 Always copy the MEMO directly from your personal account on the exchange. 📵 Never trust payment details sent via messengers or forums. 🧩 Understand how transfers work in your chosen blockchain network. If you use exchanges, wallets, or send crypto, it’s crucial to know which parameters impact the transaction. MEMO is not optional — it’s a vital element. Spend 10 minutes learning how your network works — it could save you thousands.

The “Black Triangle”: How Victims, Money Mules, and P2P Crypto Sellers Get Caught in a Money Laundering Scheme The Black Triangle is a real and growing scam pattern where unsuspecting individuals become part of a laundering chain — sometimes without even knowing it. 📌 How the Scam Works 1️⃣ The Victim Scammers impersonate: — bank fraud prevention teams, — law enforcement officers or federal agents, — representatives of tax authorities, healthcare, social services, or even schools. They create urgency using pretexts like: 🔹 unauthorized access to your online banking or accounts, 🔹 identity theft alerts, 🔹 unclaimed tax refunds or legal notices, 🔹 school data updates for your child, 🔹 security upgrades for your home. ❗️The outcome — they convince the victim to: — transfer funds to a “secure holding account”, — apply for personal or payday loans to “protect your credit”, — provide remote access or personal data via screen sharing tools or fake websites. Once access is gained, loans are issued in the victim’s name and the funds are withdrawn — starting the laundering phase. 2️⃣ The Money Mule (Drop) The loan funds are transferred to a bank account controlled by a third party — often someone who has sold or rented access to their account on forums or to “money flipping” recruiters on social media. Scammers fully manage the account, while the mule may think they’re just helping with “crypto arbitrage” or “job-related payments” — unaware they’re enabling a crime. 3️⃣ The P2P Crypto Seller Scammers go to a peer-to-peer crypto exchange (e.g., Bybit, Binance P2P, MEXC, Telegram Wallet, LocalBitcoins) and look for a crypto-for-fiat listing. 💸 Using the mule’s account, they send fiat money to the wallet or bank details of the P2P seller. The seller receives the payment, releases USDT or BTC — and believes it’s just another trade. But the fiat originated from fraud. ⚠️ The seller now becomes part of the laundering chain — whether they realize it or not. 🎯 What happens next? The real victim realizes what happened and files a complaint. Law enforcement traces the flow of funds — first to the mule, then to the P2P seller’s account. This can result in: — account freezes, — law enforcement inquiries, — KYC reviews or delisting from platforms, — potential legal exposure. ✅ How to Reduce Risk (for P2P Sellers): — Avoid first-time buyers with incomplete profiles — Never accept payments with misleading notes (e.g., “for goods” or “invoice”) — Cancel trades if the payment source looks suspicious — Ask for proof of identity and ownership of the payment method — Always wait for the receipt and proper confirmation before releasing crypto 👮 For Law Enforcement Investigators: — When a user claims they’re involved in a P2P trade, request: • exchange account details, • exact transaction or trade ID, • wallet info and fiat side account confirmation. — Send formal data requests to the exchange to identify both sides of the trade. 💡 Money laundering isn’t always obvious. The Black Triangle shows how fast trust-based systems can be abused. If you’re a victim, seller, or platform seeing suspicious activity — act early. Time is everything in these cases.

☠️ The Counterparty’s Fake Shadow: Similar Address Attack 📅 This scheme has been active since 2022 and is still in use today. Scammers monitor active blockchain wallets and generate millions of addresses that are visually similar — typically matching the beginning and end of legitimate addresses. When you send or receive a transaction, the attacker sends a small amount (e.g., 0.001 USDT; in some cases we’ve seen up to 8 USDT) from one of these similar addresses to your wallet. The goal is simple: to mislead you into copying the fake address instead of the legitimate one — and ultimately send your funds to the scammer. In November 2024, AML Crypto was among the few companies brought in within minutes to investigate an incident where a user mistakenly transferred $129 million USDT to a scam address. The funds were recovered thanks to swift action, the scammers’ panic over such an unusually large sum, and coordinated efforts by analytics firms, law enforcement, and regulators. Within the first hour, a detailed analysis of the fake address network and sources of funds was conducted — despite the use of bridges and attempts to obscure the trail. The graph provided illustrates the analysis of fund sources related to this attack, specifically tied to a 1.01 USDTtransaction — a key lead that helped identify services leaving digital traces of the perpetrators. Returning only 90% of the funds wasn’t enough to let the attackers “swap their black hats for white ones” — the attempt to pose as ethical hackers failed. They were forced to return every last dollar. How to Stay Safe: ✅ Never copy addresses from your transaction history — they may have been spoofed to resemble a legitimate address. ✅ Verify the entire address, including the middle part — don’t rely solely on the beginning and end. Make sure it matches exactly.

Telegram is Flagging SCAM Channels Offering “Trust Management of Funds” If you’ve encountered a channel that promises to “invest on your behalf,” “multiply your funds,” or offers to “manage your money for you,” it is very likely a scam. Such channels can now receive an official SCAM label from Telegram. 🔎 What this label does: • Removes the channel from Telegram search, • Warns users about the risk of fraud, • Registers indicators of unethical activity within Telegram’s system. ⚖️ Why it matters: A label from Telegram can serve as an additional supporting factor, strengthening your case when: • Contacting law enforcement, • Filing fraud complaints, • Communicating with legal teams, banks, or crypto platforms, • Initiating international freezes on cryptocurrency wallets. 📩 How AML Crypto Can Help: If you’ve encountered such a channel, we will help you gather evidence, properly format your complaint, and submit it directly to Telegram. 📋 What’s Required: 1. A screen recording clearly showing: • The username of the channel or its administrator, • The offer of trust management. 2. If available – documents/proof of damages (transfers, screenshots of chats, post-transfer blocks, etc.). 📨 Contact Information: TG: @AMLCrypto Email: info@amlcrypto.io 🔐 All inquiries are handled with strict confidentiality. 📢 Helping Telegram identify scammers. Protecting users. Let’s act together. AML Crypto | Anti-Scam. Pro-Transparency.

🔑 Your wallet won’t stay yours once a scammer gets your SEED phrase (The “Seed Phrase Compromise” Scheme) A seed phrase is the master key to your crypto wallet and all the funds stored in it. 🪙 There are various ways scammers can gain access to your seed phrase: 🎣 Phishing websites. Scammers create fake websites that look exactly like legitimate crypto wallets. They prompt users to either enter the seed phrase for an existing wallet or “create” a new one. In both cases, the entered or generated seed phrase is captured and stored by the scammers. 🖥 “Help” via screen sharing. Pretending to be technical support, consultants, or brokers, scammers offer to assist in creating a blockchain address and ask you to share your screen. They claim they can’t see your seed phrase due to privacy settings in Zoom, Teams, or other platforms — manipulating you into generating it in their presence. 📞 Fake tech support. Scammers pose as support agents and ask for your seed phrase under the pretense of resolving wallet issues. 📂 In one case investigated by AML Crypto, scammers took things even further. They pre-created a blockchain address and embedded the associated seed phrase in a QR code. Then, using a detailed step-by-step guide, they instructed the victim to scan the QR code in the Trust Wallet app to “create” a wallet. Since everything happened on the user’s device, it felt secure — but in reality, they were activating a wallet that the scammers already fully controlled. 📸 To help you understand how this might look in practice, we’ve prepared a simulated conversation — a demonstration based on a real analyzed case. This is not a real chat, but an educational example showing how such a compromise can happen step-by-step via a QR code. 🧠 Knowing these schemes in advance is key to protecting your digital assets. How to protect yourself: 🔒 Never share your seed phrase — with anyone, under any circumstances. 🧠 Always create your wallet yourself, using only official sources. 🖥 Don’t share your screen while setting up a wallet — even if someone offers “help.” 🔍 Double-check website URLs — a single wrong character can cost you everything. 🚫 Remember: no legitimate support team will ever ask for your seed phrase.

🔍 How Were Strategy’s Addresses Exposed? The AML Crypto Team Investigates Today, a major development hit the news — *Arkham Intelligence* published a list of wallet addresses they claim belong to Strategy (formerly MicroStrategy). 📈 According to Arkham, these wallets hold around $50 billion in BTC — nearly 87.5% of the company’s publicly disclosed reserves. But the real question is: how was it done? The AML Crypto team decided to investigate the hypotheses and analyze the possible reasons behind the deanonymization. 💡 Here are the three working theories we’ve identified: 1️⃣ Ties to Coinbase Prime Only Almost all of the mentioned addresses receive funds exclusively from Coinbase Prime — an institutional custody platform. Such a pattern suggests insider knowledge — even just knowing which address was used or that a transaction occurred. 2️⃣ A Signature Pattern: Satoshi Test + Large Transfer Before major deposits in the tens of millions in BTC, there’s often a tiny “satoshi test” — a 0.0001 BTC transaction. This is a recognizable pattern that can trigger clustering or address attribution in blockchain analysis tools. 3️⃣ An Address Exposed via a Tiny Transaction One of the addresses linked to Strategy was revealed through a minuscule transfer of just 0.0000069 BTC. 🔎 And yes — even a transaction that small can tell blockchain analysts more than you’d expect. 📸 Attached is a visualization from Bholder, showing how Coinbase Prime transactions fan out into wallets believed to be connected to Strategy. We specifically tracked microtransactions that may have left the trail. 🔐 At AML Crypto, we’re committed to diving deeper into cases like this. Because a transaction isn’t just a number — it’s a story waiting to be read.

Continuing the topic of fake tokens — we also conducted a large-scale investigation that uncovered over 9,000 victims, tens of millions of dollars in damages, and more than 90 counterfeit tokens issued by a single perpetrator. The image shows just a fragment of the asset movement scheme we reconstructed.

🎭 Looks Real, Worth Nothing: Fake Tokens and Deception One of the AML Crypto cases involved counterfeit tokens — assets that appear legitimate but have no real value. These schemes are becoming increasingly common, ranging from fake presales and P2P exchanges to “investment” projects and knockoffs of popular stablecoins. ⚠️ The core issue is that many people don’t realize that tokens labeled as USDT or ETH can actually be based on entirely different smart contracts. Visually, the name looks the same — but in reality, it's a worthless clone. 🔍 In this case, the investigation was initiated not by the victim, but by the police. We joined the process upon an official request to provide technical analysis. 🧑‍💻 A user (let’s call him John) bought a token during a “presale” via Uniswap, trusting a Telegram influencer. Everything seemed legit: screenshots, announcements, and promises of a future listing. The token was delivered — but it couldn’t be sold. It turned out to be a clone issued on a different contract. 😓 In an attempt to “recover” his losses, John tried to use the fake token in a deal — he offered it as payment to a seller on Amazon. The seller later discovered that the asset had no value and reported it to the police. John ended up being prosecuted for fraud, even though he himself was initially defrauded. 📌 How to Avoid Falling Into This Trap 1. Verify the token's smart contract — only use official sources like CoinMarketCap, Etherscan, or similar platforms to confirm authenticity. 2. Check the market price — if the token isn’t listed or actively traded on reputable exchanges, it likely has no real value. 3. Don’t trust “insider tips” on Telegram — especially if someone urges you to manually buy a token via a direct link. 4. Never use fake assets as payment — even if you’ve been scammed, trying to “pass on” your loss can result in criminal charges.

📡 Interaction with One of the Blockchain Bridges Used in the Money Laundering Scheme The screenshots show correspondence between the AML Crypto team and representatives of a blockchain bridge that was used by the attackers to launder part of the stolen assets. 🔹 The first screenshot shows an outgoing request from AML Crypto, which includes: — The transaction hash related to the cash-out of funds — The address to which the tokens were transferred — A request for any available information about the user who initiated the transfer — A request to block any further operations from the associated account — An attached investigation report in PDF format 🔹 The second screenshot shows the response from the bridge representatives, confirming: — Receipt of the request from legal authorities — Transmission of the requested information — Willingness to continue cooperating in the investigation — The need for a formal request on official letterhead in order to provide non-public data 🧾 This case illustrates how AML Crypto’s technical investigation is complemented by legal interaction — aiming to block assets and trace leads that could help identify the perpetrator.

💸 Crypto Exchange with AML Check at Entry, Zero at Exit One of the typical scenarios the AML Crypto team frequently encounters during investigations is a fake crypto exchange offering a “favorable rate” with a mandatory AML check. In one such case, the victim lost nearly 120,000 USDT. Part of the funds has already been frozen. The essence of the scheme: No phishing or hacking involved — the victim voluntarily grants access to their wallet, believing they are undergoing a routine “cleanliness” check. 💬 How the victim was deceived: - The user saw an ad for an exchange offering “cash on the same day” and a wide network of local representatives. - The first interaction left a good impression: responsive support, willingness to meet, and the option to send crypto during an in-person meeting with a courier or at an office. - After some time, the client returned and agreed to a deal — an exchange in person with a courier. - Before the courier’s dispatch, they requested an AML check and sent a link to an AML service. - The client connected their wallet. A few minutes later — the balance was wiped. - The message with instructions disappeared right after. 🔍 What actually happened: - The scammers ran an advertising campaign and responded actively to inquiries — creating the illusion of a legitimate service. - A clone of a real AML service was used, and when the victim connected their wallet, they effectively granted token management permissions. - Funds were instantly transferred to the scammers' addresses, broken down, laundered through non-KYC exchanges, bridges, and partly moved into Monero. 🧠 AML Crypto’s actions: - Identified the platforms, addresses, and exchanges involved. Sent requests for fund freezes and data to help identify the perpetrators. - Prepared a fund flow graph and tagged high-risk addresses. - Supported law enforcement with a full report, request templates, and contacts of the services used for laundering. - With the help of Tether, part of the stolen USDT was frozen. 🔒 How to protect yourself: - Verify exchanges: check reviews, use aggregators, and look for operational transparency. - Always double-check what permissions you're granting when connecting your wallet. - If funds are lost — act fast. Reaction speed is crucial for recovery.

Invested in a Lie: The Fake Broker Scheme Uncovered Here’s a real case from an AML Crypto client who fell victim to a pseudo-investment platform scam. Losses amounted to the equivalent of 602K USD. Everything appeared to be a legitimate investment, but it was actually a sophisticated and technological scheme to siphon off funds. 💬 What the Client Experienced (and How the Scam Operated): - A “personal manager” actively engaged in communication, often holding video calls. - The platform displayed deposit growth, trading activities, and transaction history. - Scammers staged scenarios like “withdrawal errors,” “regulatory checks,” and “fund freezes.” - The client was shown “care”: advised to install wallets (Trust Wallet, MetaMask), guided through creating addresses to gain access to seed phrases. - High-pressure tactics were used: “you need to deposit more to unfreeze your funds,” “we’ll withdraw everything after one final verification.” - Fake tokens and screenshots of non-existent transactions were sent as “proof.” 🔍 What Actually Happened: - All transfers went not to a legitimate investment platform but directly to blockchain addresses controlled by scammers. Funds were not invested; they immediately entered money-laundering processes. - Funds were dispersed across dozens of wallets. - Criminals used blockchain bridges between Polygon and TRON to complicate investigations. - Money passed through multiple addresses and was ultimately withdrawn to exchanges (Binance, HTX, Kyrrex, and others). 🧠 What AML Crypto Did: - Identified blockchain addresses involved in the fraud. - Gathered evidence of stolen funds moving to centralized exchanges. - Prepared a detailed report containing critical information: amounts, routes, dates, transactions—all useful for potential asset blocking. - Created templates for official requests to exchanges for law enforcement, as exchanges store critical digital footprints: account holders’ identity documents, KYC results, IP addresses, device information, phone numbers, and more. - Flagged compromised addresses — any funds originating from these can now be instantly marked as high-risk and blocked by partnered services. 📌 Conclusion and Recommendations: This case highlights how easily newcomers exploring cryptocurrencies can fall into traps, especially when fraud schemes masquerade as attractive investments. 🔒Recommendations: - Do not trust investment proposals from “managers” on messengers and social networks. - Never share seed phrases or create wallets following instructions from strangers. - Verify recipient addresses and platforms using analytical tools (btrace.amlcrypto.io). - If funds are lost, act immediately. Time is crucial for potentially blocking and recovering stolen assets. - Save correspondence, screenshots, and transaction IDs—they are essential for investigations. If you or your clients have doubts about a transaction, situation, or address, it’s better to check in advance than deal with consequences later. AML Crypto handles both individual and corporate incidents.

Introducing dApp Gallery ✨ A new major product that transforms your address page into an interactive hub. More than just a redesign, it showcases all the powerful ways to engage with your address through our tools and amazing partner services. Jump in and try it out today!

💥 Legal Expert Recommends DeFi Platforms Return Lazarus Swap Fees After ByBit Hack In light of recent events related to the Lazarus attack, legal expert Dr. Rasit Tavus, founder and CEO of LegalBlock, raises an important question: should DeFi platforms return swap fees associated with illicit transactions, such as those involving stolen funds from Bybit? 🔑 Key Takeaways: - Centralized platforms are required to comply with international AML standards and are accountable for preventing money laundering. For instance, companies like Binance have already returned illicit swap fees to the US Treasury. - DeFi platforms, however, operate differently. They are not directly legally liable for transactions, but if a platform fails to act and allows illicit swaps to occur, returning the fees becomes a justifiable action. - In the case of ThorChain, where millions of dollars in fees were generated from suspicious transactions, returning these funds would be a logical step, especially considering the platform did not take measures to prevent laundering. ⚖️ What does this mean for DeFi? While DeFi platforms are not legally obligated to return funds, they must avoid profiting from prolonged illicit activities. Returning swap fees in such cases would be an important step in protecting the reputation and trust within the industry. This issue is gaining momentum, and we may see more precedents in the future where DeFi platforms will be required to adopt such practices. API for getting the blacklist: btrace.amlcrypto.io/api/v2/bybit_b…

Most decentralized platforms used to launder the stolen funds from Bybit will not return anything. Some of these platforms earned more in fees from this incident than they did throughout the entire previous year. They will hide behind arguments about undermining decentralization, lack of responsibility, and so on. This will continue until precedents involving fines, arrests, and other legal actions emerge for direct or indirect facilitation of money laundering. Society will talk, debate, but ultimately do nothing. Just look at the user discussions on the ParaSwap forum: gov.paraswap.network/t/pip-59-propo…

Thoughts?

Interesting read by @dlnews @rata0x 👀 dlnews.com/research/inter…