Sooner or later, you will face a “crypto problem”: fraud on your platform, hacked or misdirected funds, high-risk counterparties, suspicious flows flagged by compliance, or a dispute where the key evidence lives on-chain.
​
Our blockchain forensics & crypto recovery service helps businesses turn these situations into structured, manageable cases. We trace funds across chains and services, identify counterparties and risk hotspots, and translate complex transaction patterns into clear, defensible findings that your management, board, regulators and courts can understand.
​
Beyond pure investigation, we help you act on the results: preparing documentation for regulators and law enforcement, supporting civil or criminal proceedings, engaging other VASPs for freezes or information, and designing internal controls so similar incidents are less likely to happen again.
Who should approach us?
Company's systems are encrypted. Attackers demand crypto. Company must assess legality (sanctions risk), decide on payment strategy, trace funds, and meet stakeholder/regulatory expectations.
Services
Identifying attacker wallets. Mapping prior activity/typology. Sanctions and risk checks. Advising on legal/comms posture. If payment occurs, tracing flows in real time to VASP choke points. Coordination of preservation with VASPs Coordinating with CSIRTs. Support in drafting NIS2/DORA-aligned reports.
Ransomware viruses
An employee/contractor with access to corporate bank account or to company's crypto wallets or exchange accounts siphons crypto.
Services
Correlating access logs, custody records, and approvals with on-chain flows. Clustering receiving wallets and exchange accounts. Quantifying losses and building a defensible timeline of control and intent. Coordinating preservation with VASPs. Preparing litigation-ready evidence and testifying (if required).
Internal fraud
A crypto/security incident requires rapid containment, customer comms, and notifications within statutory (NIS-2, DORA) timelines.
Services
Rapid tracing to identify choke points (exchanges/bridges/mixers) and risks. Stakeholder coordination and regulatory notifications as required (NIS2/DORA). Preservation/freeze requests. Drafting regulator-ready incident report, annexes (methodology, timelines, hashes), communication templates, remediation roadmap.
Forensic Reports (tax auIncident response (NIS-2, DORA)thorities)
Our approach to blockchain forensics
​For business clients, we treat every case as both a technical investigation and a compliance / legal project. The goal is not only to understand what happened on-chain, but to give you defensible material for internal decision-making, regulators, auditors, clients and courts.
1. Structured intake & scoping with stakeholders
​
We start with a focused workshop with your key people (compliance, legal, security, operations). Together we define the incident or question, the legal and regulatory context (e.g. MiCA, AML, sanctions, tax, contractual disputes) and what “success” looks like from your side – freeze, recovery, reporting, litigation support, risk assessment, or internal remediation.​
​
2. Data and evidence consolidation
We collect and align all relevant data sources: on-chain transaction IDs and wallet addresses, platform logs, KYC/AML files, internal case notes, correspondence with customers and counterparties, and any prior investigations. We then normalise this into a single evidential dataset, with clear traceability so that it can stand up under audit or in court.​
​
3. On-chain tracing, clustering & risk mapping
Using professional blockchain analytics platforms and specialised open-source tools, we trace the flow of funds across chains and services, cluster related wallets, and identify key entities (exchanges, OTC brokers, custodians, mixers, bridges, high-risk services). We classify counterparties and flows by risk level and typology (fraud, hacks, layering, sanctions exposure, etc.).​
​
4. Scenario analysis & impact assessment
​
We translate findings into business and regulatory language: potential losses, customer impact, sanctions/AML exposure, operational gaps, and likely questions from supervisors, auditors or counterparties. Where relevant, we outline alternative scenarios (e.g. possible explanations, degrees of intent) and their implications for your next steps.​
​
5. Reporting, escalation support & remediation input
​
Finally, we deliver clear, structured reports tailored to their audience: internal management, board, regulators, auditors, or legal teams. We assist with incident notifications, SAR/STR preparation, regulator Q&A and expert support in litigation or arbitration. When appropriate, we also provide input for improving your controls, playbooks and monitoring rules so similar cases are easier to detect and handle in the future.​
Our approach to crypto recovery
​​​​​1. Recovery strategy & decision framework
Based on the forensic findings, your contractual position, and the regulatory environment, we define realistic recovery paths: direct engagement with other VASPs, civil claims, criminal complaints, insurance claims, internal remediation, or a mix of these. We help you weigh costs, the probability of success, and strategic implications so management can make informed decisions.​​
​
2. Building a regulator- and court-ready case file
We assemble a coherent evidence package: on-chain traces, platform logs, KYC/AML records, customer communications, internal decisions and our expert analysis. The focus is on consistency and evidential value – so the same package can support internal decisions, regulator notifications, law enforcement referrals, or legal action if needed.
​​
​
3.Engaging counterparties and intermediaries
​
We support your team in approaching exchanges, custodians, payment processors, banks and other VASPs with precise, actionable requests (freezes, KYC info, transaction details). We structure communication so that it aligns with their legal obligations (AML, sanctions, fraud response, MiCA, etc.) and reduces the risk of “no action” replies.
4. Coordinating with legal, compliance and law enforcement
​
​Where appropriate, we work alongside your legal and compliance teams to translate technical findings into filings, complaints or claims. We assist in preparing documentation for police, prosecutors or regulators, and can provide expert input in negotiations, litigation or arbitration.
​
5. Follow-up, monitoring & lessons learned
​
Not every case leads to immediate recovery. We can keep key wallets and clusters under continuous monitoring, alerting you to movements that may open new recovery options. In parallel, we help you extract “lessons learned”: strengthening controls, updating terms and policies, tuning monitoring rules and improving your incident response playbooks – so the next case, if it happens, is easier and cheaper to manage.​​​
How do we charge our services?
Our core business policy is to offer support only when we believe our services would benefit our clients. For our services, we charge only a success fee, ranging from 15% to 30% of the assets recovered. Additional costs might apply for the services provided by third parties.
​
For other services where the goal of our service is not to recover stolen or frozen assets, we charge our hourly rate of 200,00 EUR/h.