StarCompliance Blog

How to block wallets of scammers?



Blocking stolen crypto inside an attacker’s wallet: step by step guide

Blocking stolen crypto inside an attacker’s account is something we offer as a service. Read more to understand how it’s done.

Basics of the crypto blocking process

Scammers are the best readers, because they are going to read this article avidly before you and try to implement counter-measures. To prevent them having an advantage over you, we’ll explain the process in the basic terms.

Stolen crypto can be blocked inside an attacker’s wallet. It is possible thanks to AML policies implementation. You see, before AML became widespread you had to provide real solid evidence for any action. Worst case scenario is that CEX won’t do anything even having the evidence — it was a real Wild West in the age of crypto development. Thanks to AML policies each and every CEX is now obligated to take action against money laundering. Thing is — eventually scammers need to cash out, one way or another those stolen coins will end up in CEX records. Technically, an attempt to cash out your stolen crypto counts as money laundering — here is where lawyers can intervene.

In short, blocking stolen crypto looks like this

  • You provide evidence on suffering from crypto theft
  • Talk with AML-compliant regulators and CEX’es
  • Based on the evidence they decide what to do next
  • In case evidence is solid enough attacker’s wallet is going to be blocked
  • If lawyers are involved, CEX might initiate a hard refund on attacker
  • This results in you getting your money back and attacker being charged with fines

If your crypto is stolen — we can launch processes to mark it as stolen. Swapping crypto for other crypto leaves traces, those can be accounted for. By utilizing software like DataWalk we are able to check for connections between each transaction involving crypto swap and trace further movement of coins. By having evidence and legal stance it is possible to initiate legal dialogue with stablecoin emittents or other controlling parties in order to mark stolen crypto. Doing so makes it almost impossible to profit from the said crypto — stolen BTC run with 20% discount in black markets, so marking action alone deals significant financial damage to the attackers.

What happens when crypto is marked as stolen

  • CEX’es share a variety of databases, where they keep record of every stolen crypto
  • Every crypto tracker, explorer and swapper use these databases to account for stolen crypto
  • Public scam databases also can be populated with info about an attacker
  • After crypto is marked as stolen this info is then passed to shared databases
  • Upon trying to do anything with marked crypto attacker would be blocked
Example of public scam database from

Why it’s important to mark crypto as stolen as soon as possible

  • It will be harder to hide your coins
  • When marked crypto surfaces anywhere it is possible to seize these funds and return them back
  • This is done silently, so attacker might be caught by the hand
  • Law enforcement can be involved to seize the crypto if the thief identity is known

Who blocks attacker wallet and why they would do it

When crypto is labeled as stolen — it can’t be exchanged. There are, of course, ways to bypass this. But in general — stolen crypto can’t go through any payment operator, exchange or swapper without being noticed. This means to cash outis to pass through either an AML-compliant operator or lose a significant portion of stolen funds in mixing and hiding operations. Moreover, while trying to hide traces all attackers are doing is actually leaving much more scents to work with. By using Chainalysis Reactor and DataWalk we are able to unweave webs of wallets and address mixing with high accuracy and efficiency.

Is it possible to get back the stolen BTC? Yes, but to some degree. These are isolated cases so far, but some users managed to get the cryptocurrency back. We are talking about large amounts of hundreds of thousands of U.S. dollars. For example, the London court, for the first time in world practice, used interim measures in a digital asset fraud case. A resident of Great Britain put 64 BTC into trust management, but the investment company turned out to be fictitious and the coins were transferred to other addresses. With the help of experienced lawyers and digital experts, they managed to trace the funds and seize two BTC wallets of fraudsters located on the Binance and Kraken exchanges.

Every AML-compliant operator will return your crypto. After coins are labeled as stolen and we deliver third-party evidence it is possible to force AML-compliant actors to return your crypto back. This is part of AML procedures, because stealing crypto and trying to cash it out counts as a crime. Usually, evidence gathered through Crypto Investigation is enough to reinforce legal actions. To hasten the process, a team of our lawyers prepare documents related to the hard refund procedure and represent your interests in local courts. From there it is possible to return crypto back.

  • Each CEX has a toolset to combat crypto theft. Its versatility varies from CEX to CEX, because the range of measures that can be taken against an attacker is pre-coded. Depending on the case, it is possible to initiate a manual block of the attacker, or request a pre-coded system to handle the restrictions.
  • Attacker’s wallet can be blocked, along with stolen funds. It required third-party expertise to do so. Depending on the size of stolen funds, in general, the more was stolen — the better evidence you have to provide. For example, a case with $1000 in question is easier to handle alone, than, say, a case with $10000 in question.
  • If law enforcement receives submission with solid evidence — they are allowed to act. As you may know there’s a cyberpolice department in every country. After receiving a claim with evidence and provided with legal argumentation on further action — they will force CEX to take actions and launch AML countermeasures to return your funds.

When an attacker’s wallet is blocked, we can initiate a refund on your behalf. After the internal AML department or the relevant regulator determines that the funds in the wallet are stolen or related to illegal activities, the ability to withdraw and deposit funds to the account and wallet is frozen. This process is managed by the AML department based on its own investigation, or at the behest of law enforcement authorities with appropriate permission. Depending on the decision of law enforcement agencies, in cooperation with the internal department of the AML service where the wallet is located, a decision is made on the further fate of the frozen funds based on the details of the case. If it was possible to establish that the funds were stolen, and to whom they belong, the funds will be transferred to the real owner.

Contact us if you need to

  • Protect your rights and money in case of suffering from crypto theft
  • Receive a third-party expert data which is crucial to determine if crypto was stolen
  • Launch processes to mark crypto as stolen
  • Handle legal part of AML compliance and communications on your behalf
  • Have us take care of CEX or law enforcement initiating measures against an attacker