Blockchain Forensics & Crypto Recovery
Businesses
Sooner or later, you will face a “crypto problem”: fraud on your platform, hacked or misdirected funds, high-risk counterparties, suspicious flows flagged by compliance, or a dispute where the key evidence lives on-chain.
Our blockchain forensics & crypto recovery service helps businesses turn these situations into structured, manageable cases. We trace funds across chains and services, identify counterparties and risk hotspots, and translate complex transaction patterns into clear, defensible findings that your management, board, regulators and courts can understand.
Beyond pure investigation, we help you act on the results: preparing documentation for regulators and law enforcement, supporting civil or criminal proceedings, engaging other VASPs for freezes or information, and designing internal controls so similar incidents are less likely to happen again.
Who should approach us?
Ransomware viruses
What we do?
Company's systems are encrypted. Attackers demand crypto. Company must assess legality (sanctions risk), decide on payment strategy, trace funds, and meet stakeholder/regulatory expectations.
Identifying attacker wallets. Mapping prior activity/typology. Sanctions and risk checks. Advising on legal/comms posture. If payment occurs, tracing flows in real time to VASP choke points. Coordination of preservation with VASPs Coordinating with CSIRTs. Support in drafting NIS2/DORA-aligned reports.
Internal fraud
What we do?
An employee/contractor with access to corporate bank account or to company's crypto wallets or exchange accounts siphons crypto.
Correlating access logs, custody records, and approvals with on-chain flows. Clustering receiving wallets and exchange accounts. Quantifying losses and building a defensible timeline of control and intent. Coordinating preservation with VASPs. Preparing litigation-ready evidence and testifying (if required).
Incident response (NIS-2, DORA)
What we do?
A crypto/security incident requires rapid containment, customer comms, and notifications within statutory (NIS-2, DORA) timelines.
Rapid tracing to identify choke points and risks. Stakeholder coordination and regulatory notifications (NIS2/DORA). Preservation/freeze requests. Drafting regulator-ready incident reports, annexes (methodology, timelines, hashes), communication templates, and a remediation roadmap.
Who should approach us?
1. Structured intake & scoping with stakeholders
We start with a focused workshop with your key people (compliance, legal, security, operations). Together we define the incident or question, the legal and regulatory context (e.g. MiCA, AML, sanctions, tax, contractual disputes) and what “success” looks like from your side – freeze, recovery, reporting, litigation support, risk assessment, or internal remediation.
Our approach to blockchain forensics
For business clients, we treat every case as both a technical investigation and a compliance / legal project. The goal is not only to understand what happened on-chain, but to give you defensible material for internal decision-making, regulators, auditors, clients and courts.
2. Data and evidence consolidation
We collect and align all relevant data sources: on-chain transaction IDs and wallet addresses, platform logs, KYC/AML files, internal case notes, correspondence with customers and counterparties, and any prior investigations. We then normalise this into a single evidential dataset, with clear traceability so that it can stand up under audit or in court.
3. On-chain tracing, clustering & risk mapping
Using professional blockchain analytics platforms and specialised open-source tools, we trace the flow of funds across chains and services, cluster related wallets, and identify key entities (exchanges, OTC brokers, custodians, mixers, bridges, high-risk services). We classify counterparties and flows by risk level and typology (fraud, hacks, layering, sanctions exposure, etc.).
4. Risk, pattern and scenario analysis
We translate findings into business and regulatory language: potential losses, customer impact, sanctions/AML exposure, operational gaps, and likely questions from supervisors, auditors or counterparties. Where relevant, we outline alternative scenarios (e.g. possible explanations, degrees of intent) and their implications for your next steps.
5. Reporting, escalation support & remediation input
Finally, we deliver clear, structured reports tailored to their audience: internal management, board, regulators, auditors, or legal teams. We assist with incident notifications, SAR/STR preparation, regulator Q&A and expert support in litigation or arbitration. When appropriate, we also provide input for improving your controls, playbooks and monitoring rules so similar cases are easier to detect and handle in the future.
Our approach to crypto recovery
Once company's crypto funds are lost somewhere in the crypto space, it is difficult to get them back. Rapid blockchain forensics, cooperation with the authorities and applied pressure on the crypto custodians are necessary actions within the recovery process.
1. Recovery strategy & decision framework
Based on the forensic findings, your contractual position, and the regulatory environment, we define realistic recovery paths: direct engagement with other VASPs, civil claims, criminal complaints, insurance claims, internal remediation, or a mix of these. We help you weigh costs, the probability of success, and strategic implications so management can make informed decisions.
2. Building a regulator- and court-ready case file
We assemble a coherent evidence package: on-chain traces, platform logs, KYC/AML records, customer communications, internal decisions and our expert analysis. The focus is on consistency and evidential value – so the same package can support internal decisions, regulator notifications, law enforcement referrals, or legal action if needed.
3.Engaging counterparties and intermediaries
We support your team in approaching exchanges, custodians, payment processors, banks and other VASPs with precise, actionable requests (freezes, KYC info, transaction details). We structure communication so that it aligns with their legal obligations (AML, sanctions, fraud response, MiCA, etc.) and reduces the risk of “no action” replies.
4. Coordinating with legal, compliance and law enforcement
Where appropriate, we work alongside your legal and compliance teams to translate technical findings into filings, complaints or claims. We assist in preparing documentation for police, prosecutors or regulators, and can provide expert input in negotiations, litigation or arbitration.
5. Follow-up, monitoring & lessons learned
Not every case leads to immediate recovery. We can keep key wallets and clusters under continuous monitoring, alerting you to movements that may open new recovery options. In parallel, we help you extract “lessons learned”: strengthening controls, updating terms and policies, tuning monitoring rules and improving your incident response playbooks – so the next case, if it happens, is easier and cheaper to manage.