Zondacrypto – The Ghost Wallet

Zondacrypto – The Ghost Wallet

2026-04-16

How the C.E.O. of a Polish crypto exchange produced one of Bitcoin’s most famous dormant addresses as proof of his company’s reserves — and what the company’s own financial statements say

By Robert Nogacki

 

On the afternoon of April 16, 2026, Przemysław Kral, the chief executive of BB Trade Estonia OÜ — the Estonian entity that operates the Polish cryptocurrency exchange zondacrypto — posted an eighteen-minute video on X. The exchange had frozen customer withdrawals for three weeks, and the usual sequence of crisis P.R. had run its course: the reassuring statement, the missed deadline, the second reassuring statement, the second missed deadline. Now Kral was offering what sounded like the final, definitive answer. On the screen behind him, a string of thirty-four alphanumeric characters: 16aEn4p6hK4FMpLtJGpoQZMZ946sDg1Z6n. The address of a Bitcoin wallet. Contents: four thousand five hundred and three bitcoins. Value: something north of three hundred and thirty million dollars. Here, he seemed to be saying, is where your money lives.

The difficulty is that anyone with a browser and a spare ten seconds can verify that this particular wallet has been a kind of public spectacle in the cryptocurrency world for nearly a decade. It sits at No. 39 on BitInfoCharts’ global ranking of Bitcoin addresses dormant for more than eight years, and at No. 55 on the five-year list; it shows up in the top three hundred richest Bitcoin wallets in the world. If you’ve ever Googled “top dormant bitcoin addresses,” you’ve seen it. It is, in the folklore of the blockchain, a wallet of the undead — either a diamond-handed holder’s shrine or, far more plausibly, a tomb of “dead coins,” the term of art for Bitcoin whose private keys have been irretrievably lost.

And this, according to Kral, is where zondacrypto keeps its customers’ money.

For the keys to this wallet, the C.E.O. gestured toward Sylwester Suszek — the exchange’s previous chief, and a man who went missing in March, 2022, under circumstances that remain unresolved to this day.

It is possible that I have misunderstood Mr. Kral. But, on the available evidence, I do not think I have.

 

The cold-wallet principle is one of those rare technical concepts that survives intact when translated into the vernacular. Any cryptocurrency exchange, zondacrypto included, runs on a two-chambered architecture. A small fraction of customer funds sits in a “hot wallet,” connected to the internet, handling the daily churn of deposits and withdrawals. The rest — by industry convention, somewhere between ninety and ninety-eight per cent — is stored in a “cold wallet,” offline, locked away in something functionally analogous to a bank vault. This distinction is not aesthetic. It is the lesson that every major exchange catastrophe, from Mt. Gox to FTX, has written in the account ledgers of people who lost everything.

An operational cold wallet, observed over a decade, looks a certain way. Analysts call the pattern the “exchange breath”: rhythmic inflows as surplus is swept in from the hot wallet, occasional outflows when the hot wallet needs replenishing, periodic technological migrations as the industry moves to more efficient address formats. A professional exchange that had held its entire client reserve, for ten years, in a single unmigrated address from 2016 — without a multi-signature scheme, without a single recorded withdrawal — would be an institution so anachronistic as to be essentially mythological. It would be a bank in 2026 that kept its reserves in bearer bonds, in a shoebox, under the floorboards.

 

Now consider the address Mr. Kral put on the screen.

The entire on-chain history of 16aEn4p6hK4FMpLtJGpoQZMZ946sDg1Z6n can be summarized in a sentence. Two large deposits in March, 2016 — 4,434 BTC on the sixth, 69.26 BTC on the fifteenth — funded the wallet to its current balance. Then: nothing. Thirty-one subsequent incoming transactions, all of them microscopic “dust” payments of around five hundred and forty-seven satoshis (a dollar or two at most), sprayed across the intervening years by blockchain analytics bots and, more recently, by a peculiar cottage industry of extortionists. Not a single satoshi has ever left. You can check this for yourself on mempool.space, on Blockchain.com, on Blockchair. The numbers will be the same, because the numbers are the blockchain, and the blockchain is a public ledger that cannot lie.

A wallet of this size — between a thousand and ten thousand bitcoins — is what cryptocurrency analysts call a “whale”. (Anything above ten thousand is a “humpback”; the taxonomy, compiled by the firm BGeometrics, has the faintly absurdist earnestness of Victorian ornithology.) Whale movements are tracked, in real time, by services like Whale Alert; the reactivation of any such wallet after years of silence is its own genre of crypto news. And this is the relevant point: the 16aEn address has been observable, watched, and unlabelled for nearly a decade. BitInfoCharts routinely tags wallets known to belong to exchanges — “Coinbase,” “Binance-Cold-Wallet,” “MtGox-Hack” — on the basis of transaction clustering, corporate disclosures, and court orders. For six years, not a single analyst has connected this address to zondacrypto, to its predecessor Bitbay, or to any related entity. Nor, in six years, has the company ever made the connection itself. The identification surfaced on April 16, 2026, in the twenty-second day of a withdrawal crisis, as an act of self-defense.

There is, it must be said, something almost touching about the choice. If one were obliged to pick a wallet from the public wilderness of the Bitcoin blockchain and claim it as one’s own, one could do worse than to pick the most photogenic whale on the BitInfoCharts rankings. It holds the right amount. It has the right provenance. It has, until now, had the merit of being comfortably anonymous, which made it useful. The problem is that public address rankings work in both directions. A wallet you can find in three clicks can be disqualified in three clicks.

The more interesting question — and here the story opens out — is what the dust transactions reveal. Over the last several years, the 16aEn address has received a stream of tiny incoming payments embedded with OP_RETURN messages: small blocks of text riding along with the satoshis. Some of them read, in earnest-sounding legalese, “LEGAL NOTICE: We have taken possession of this wallet and its contents,” or “Prove ownership by an on-chain transaction using private key by Sept 30,” and they point to a website — salomonbros.com/owner_notice — which is a kind of whale-harassment Potemkin village, a scam operation with precisely no legal standing. This phenomenon was extensively reported in the crypto press in the summer of 2025; the fullest account, in a Substack essay titled “4,000 Bitcoin Addresses Got Fake Legal Notices”, estimated that the campaign targeted roughly four thousand wallets, selected for a specific profile: big balance, long dormancy, legacy address format. A profile, it should be said, that fits 16aEn exactly.

If zondacrypto had held the keys to this wallet for a decade, its compliance officers would have spent the past year fielding these threats and, presumably, filing a great many incident reports. No such reports have surfaced. No such denials were ever issued. The wallet has, instead, been treated by the professional attackers of the blockchain as what it appears to be — an orphaned whale, its owner either indifferent or gone.

 

Which brings us, inevitably, to Sylwester Suszek.

When Mr. Kral suggested, in his video statement, that the private keys to the 16aEn address might reside with his predecessor — who disappeared on the afternoon of March 10, 2022, after a business meeting at a fuel depot in the Silesian town of Czeladź and has not been seen since — he was offering his viewers a narrative, and a narrative with a certain gothic coherence. Suszek, according to Kral, had signed a written commitment to transfer the keys to all of the company’s addresses. He did not do so. He disappeared shortly thereafter.

The narrative, unfortunately, does not survive contact with its own chronology. The 16aEn wallet received its bitcoins in March, 2016, when Suszek was the chief executive of Bitbay. If this was ever the exchange’s cold wallet, then Suszek spent six years as C.E.O. of a platform serving hundreds of thousands of customers — customers who were presumably making withdrawals — without once moving a satoshi out of the main reserve. This is not a theoretical inconsistency. It is a physical impossibility, in the sense that an exchange cannot operate that way any more than a river can flow backwards.

There is also the question of the written commitment. If such a document exists, zondacrypto has had four years to enforce it — either directly against Suszek (who, as a matter of Polish civil procedure, could have been declared dead in absentia, opening probate proceedings) or against his estate. The company has done neither. Either the document does not exist, or it does and the keys it refers to are not the keys to this wallet.

And then there is the matter, not small, of what Mr. Kral is confessing if his own account is to be believed. In 2022, when he assumed the chief-executive role, BB Trade Estonia was holding crypto-assets belonging to its clients worth more than a hundred and fifty million euros. If he genuinely believed the keys to those assets were held by a man whose whereabouts were unknown, the first act of his tenure should have been to file a material-control incident report with the Estonian Financial Intelligence Unit — a filing that would almost certainly have resulted in the revocation of the exchange’s license. No such filing was ever made. No such revocation occurred. The exchange continued to operate, continued to accept deposits, continued to assure its customers that their funds were safe.

 

They assured them, one must say, with considerable fluency. For weeks, as withdrawal requests piled up, zondacrypto’s customer-service team sent out emails whose collective message was that everything was fundamentally in order. I have a copy of one, dated April 11, 2026, addressed to a client who had been waiting for his funds for more than twenty days:

“We inform you that, due to a general technical problem affecting the operation of the withdrawal system, in particular in the area of the automatic funding of the operational wallet (HOT wallet), funds are being drawn manually from deposit addresses to the hot wallet for each specific withdrawal. We are receiving erroneous responses on withdrawals. They fall into ‘confirming’ or ‘rejected’ status at the operator due to incorrectly selected funds. Your funds are safe and remain under full control. The withdrawal has not been cancelled and remains active in the system. We will inform you separately when the withdrawal is executed.”

In public, meanwhile, Mr. Kral was telling the press that the exchange held more than forty-five hundred bitcoins in reserve, that client obligations were “more than one hundred per cent covered,” and that the delays were the fruit of “implementing new, advanced security and transaction-monitoring systems.” On the sixth of April, he set a deadline of April 12th for withdrawals to return to normal. Meanwhile, a forensic analysis by the firm Recoveris, published by money.pl and Wirtualna Polska, found that the hot wallet’s Bitcoin balance had dropped from roughly 55.7 BTC in August, 2024, to 0.086 BTC on April 1, 2026 — a decline of 99.7 per cent.

Set these assurances against the address Mr. Kral would later publish, and each one takes on a slightly different hue.

Consider, for instance, the promise that one’s funds are safe and remain “under full control.” The assertion is coherent only if the company controls the wallets in which those funds sit. But the only cold wallet ever offered as public evidence — 16aEn — is, on the C.E.O.’s own telling, a wallet whose keys are held by a man who has been missing since 2022. “Full control” and “held by a missing person” cannot both be true. One of them is not.

Or the claim of more than a hundred per cent coverage of client obligations. To defend that claim, one would need to show where the assets stand that cover the €722 million owed to clients. The company has shown a single address, containing roughly $330 million worth of bitcoin. Even if that address were what it is presented as (which, as we have seen, it is not), it would cover less than half of what is owed. The claim of full coverage fails the arithmetic that the company itself has supplied.

Or the narrative of a security upgrade. A modernization implies an architecture that works, with improvements being layered on top. The support email describes an architecture that has broken: automatic funding no longer functions, transactions are failing, funds are being pulled together by hand for each individual withdrawal. The Recoveris analysis adds the number that the narrative cannot accommodate — a hot wallet drained to 0.086 BTC. In that state, “manual selection from deposit addresses” is not a description of a security upgrade. It is a description of a system being run on the incoming deposits of new customers, because the reserves that would ordinarily flow down from a higher layer no longer flow.

Or the reassurance that a withdrawal remains “active in the system.” Formally, it does. There is a row in a database, with a status of “pending.” But if the company does not hold the keys to the wallets from which the withdrawal would be made, “active in the system” is a statement about the existence of a claim, not about its satisfaction. Between “the withdrawal is queued” and “the withdrawal will be executed” there is a distance; zondacrypto’s support team, over many weeks, has conspicuously failed to close it.

And then there are the deadlines. April 12th, as promised by Mr. Kral. “The next five days,” per one support email. “The next eight days,” per another. “The next seven days,” per a third, sent hours later to correct the second. None of these dates is consistent with any of the others. None is consistent with the C.E.O.’s public statement. Taken separately, any of them might be excused as the kind of miscommunication that plagues companies under stress. Taken together, and read against what we now know — that the company has no demonstrated access to any real cold wallet, and that its own public narrative places the keys with a missing person — the succession of shifting dates ceases to look like chaos. It looks like a sequence of assurances the company had no technical ability to keep at the moment it issued them.

 

All of which is merely the public face of the matter. The deeper story, the one that ought to have been obvious for years, lies in the company’s own annual reports.

BB Trade Estonia OÜ files its financials with the Estonian commercial register, and its consolidated statements for 2022, 2023, and 2024 are all publicly available. They tell a story, though not the story the company’s public-relations efforts have been at pains to tell.

The 2022 statements disclose that client crypto-assets on December 31st of that year totalled €154.4 million, of which 40.6 per cent was Bitcoin. The company’s cash position was €9,959,948 — against a total obligation to clients of €164,207,285. Forty times more debt than cash, papered over by a crypto position whose actual control was, to put it delicately, not independently audited.

The 2023 statements are where the story takes on its diagnostic edge. The company’s auditor, Sergei Tšistjakov of Assertum Audit OÜ, issued a qualified opinion — in Estonian, a märkusega arvamus. The qualification centers on a paragraph that deserves full quotation:

“The balance-sheet item ‘Varud’ shows, as of 31.12.2023, crypto-currencies worth 172 million euros (31.12.2022: 155 million euros), which were identified, but we were unable to verify that the group exercises actual control over these assets (in lieu of verification, the group’s management proposed submitting a notarial affidavit). These assets are located in a ‘wallet’ belonging to the group’s platform, and independent third parties cannot provide information about the wallet’s true owner.”

Let the detail sink in. The auditor, whose job was to establish control over assets worth one hundred and seventy-two million euros, was offered, in place of proof, an affidavit. An affidavit, as every lawyer knows, confirms only that the person signing it has sworn to a statement — not that the statement is true. It was a proposal, in effect, to replace the audit with a schoolyard pinky-swear. The auditor declined it. He was correct to do so: proof of control over a crypto wallet is not merely attainable, it is trivial. It requires a single micro-transaction signed with the private key, and it takes thirty seconds. In 2023, it was not done. In 2024, it was not done. In 2026, in response to a full-blown public crisis, it has still not been done.

By 2024, the picture on the balance sheet had sharpened. Client obligations had reached €722 million — of which €565 million was in cryptocurrencies and €82,745,189 was classified under the suggestive Estonian heading kliendi vahendite kasutamisega, “arising from the use of client funds.” That line had grown from €19 million a year earlier; in twelve months, liabilities arising from the use of client money had expanded by three hundred and thirty-four per cent. The cash balance was €9,726,239. In other words: one per cent of what the company owed its clients was actually sitting, as cash, in the company’s bank accounts.

The most striking single entry, however, is what the 2024 notes call Loan 7. Seventy-five million euros, denominated in cryptocurrency (alusvaluuta: krüptovääring, the Estonian note reads, with the administrative laconism of all such disclosures), variable interest, no collateral, maturing in 2025. In 2023, this loan did not exist. It came into being over the course of a single fiscal year, and its magnitude — seventy-five million euros — is of the same order as the increase in the “use of client funds” line over the same period. Correlation is not identity, but the pattern is legible to anyone who has read more than one balance sheet in his life. Client funds were transferred as a loan to a third party — described in the filings as a juriidilisest isikust omanik olulise osalusega, a corporate entity holding a significant ownership interest, which is to say a related party of the exchange’s owner.

In his April 16th statement, Mr. Kral confirmed the outline of this transaction, describing it as “a loan to an entity supporting the company from a regulatory perspective.” He misstated the amount — seventy million, in his telling, rather than seventy-five — but the substance was there. The description, one should note, raises as many questions as it answers. Regulatory support does not ordinarily require seventy-five million euros of bitcoin-denominated loans to related parties at variable rates. It does not, in fact, ordinarily require loans in bitcoin at all.

 

From all of this, four possibilities present themselves, and they are mutually exclusive. Either one of them is true, or we will have to invent a fifth.

The first is that the 16aEn address is simply not zondacrypto’s cold wallet. Its on-chain profile is incompatible with the decade-long operational history of an exchange serving hundreds of thousands of clients. It has no exchange label on BitInfoCharts after six years; it has zero outgoing transactions after nine; it sits in the top ranks of public dormancy lists. The most economical reading of the evidence is that this is someone else’s wallet, orphaned and observable, which the company opportunistically pointed to when the pressure of the crisis made an answer necessary.

The second possibility is that the 16aEn wallet is indeed the cold wallet — in which case the 2022, 2023, and 2024 financial statements are internally incoherent. The Bitcoin share of client obligations at the end of 2024 was seventy-one per cent of €565 million, which at year-end prices meant perhaps four to five thousand bitcoins. A cold wallet that never had a single outgoing transaction could not have participated in the crypto-trading activity the company books in its own profit-and-loss statements. The Bitcoin it claims to hold for clients must, therefore, be somewhere else. That somewhere else is nowhere disclosed.

The third possibility is the one the C.E.O. himself raises: that the keys to the wallet are held by a third party — specifically, by Sylwester Suszek. If that were actually true, then what the company was announcing, from a regulated podium, was that access to the primary reserve of its clients’ assets depended on a man who has been missing for four years. This would, in itself, be a prudential violation so severe that any competent financial regulator would revoke the exchange’s license on the spot, regardless of how the underlying dispute ultimately resolved. No functioning management team can assert that a client’s money is safe when the key to the vault is held by a ghost. And, as discussed, Suszek could not have been the custodian of this wallet’s keys, because the wallet never moved during his tenure.

The fourth possibility is the one most charitable to the company. Someone in the legal or P.R. department, under acute pressure, looked around the internet for “an address with a large balance that roughly fits what we want to say” and pasted it into the C.E.O.’s statement. This would be the least damning interpretation — and it still leaves us with the fact that the chief executive of a regulated financial institution published, as proof of his company’s reserves, a document that collapses under the first available check. This is not a technical mishap. It is a question about the due diligence of a person occupying a C-suite role in an entity that holds consumer funds.

 

The accountancy here has implications beyond a single crypto exchange, and it is worth dwelling on them for a moment. The auditor’s 2023 qualification was not some minor matter of interpretive judgment. It went to the fundamental premise of the balance sheet — the existence of assets constituting roughly forty-six per cent of the group’s total assets (€172 million out of €375 million). In the 2024 opinion, which covers a year in which client obligations ballooned from €339 million to €722 million, the same auditor issued an unqualified opinion: a clean bill of health.

What changed between the qualified 2023 opinion and the clean 2024 opinion is the question that will determine whether this case has implications only for zondacrypto’s clients or for everyone who takes crypto-exchange audits at face value. If something changed in the underlying reality — if the company finally produced proof of control over the assets in question — the clean opinion is appropriate. If, on the other hand, what changed was the methodology by which the opinion was formed, the change represents a systemic failure well beyond the boundaries of this one case. As of this writing, the public record does not answer the question.

The other accountancy point, simpler and more immediate, is the test known as going concern. With cash of €9.7 million, short-term client obligations of €722 million, and crypto assets whose control remains unverified, the company’s current ratio — which it has calculated and disclosed itself — is 0.99 for 2024 and 0.97 for 2023. Below one. Both years. Systemically.

For customers who find themselves unable to withdraw their money today, the practical question reduces to this: Does the address the C.E.O. disclosed represent the reserve from which their funds will be paid?

Nothing in the available evidence supports that conclusion. The address has been sitting on public dormancy lists, without any label linking it to zondacrypto, for six years. The company has not performed the one thirty-second action that would resolve the question. Its financial statements document a structure in which €82.7 million of client funds have been used for a related-party loan, and in which cash on hand is sufficient to cover roughly one per cent of obligations to customers. The forensic analysis by Recoveris documents a hot-wallet drawdown of 99.7 per cent. The support correspondence, which for weeks has reassured customers that their funds are under full control, has lost its footing in the facts that the company itself has now disclosed.

In such a circumstance, any customer with a claim against BB Trade Estonia OÜ ought to move promptly. A complaint to the company is a first step, and an insufficient one. A notification to Estonia’s Financial Intelligence Unit (Finantsinspektsioon), a complaint to UOKiK — the Polish office of competition and consumer protection — and, for larger claims, a criminal notification to the Polish National Prosecutor’s Office, which is already investigating the matter, ought not to be treated as a sequence to be spaced out over weeks. Against signals of continuing outflows, time is an asset that, in this situation, accrues entirely to the other side.

 

I do not claim that zondacrypto has committed fraud. Those are claims for a prosecutor and a court to make. What I claim is narrower, and, I think, sufficient.

The chief executive of a cryptocurrency exchange regulated under the Estonian supervisory regime, in the teeth of a withdrawal crisis, held up as proof of his company’s reserves a Bitcoin address that has been sitting, for six years, on the published rankings of the world’s most famous dormant wallets, with no exchange label of any kind attached to it — and he simultaneously attributed the keys to that wallet to a man missing since 2022. The verification of this narrative requires one click on a search engine and a visit to the address’s profile on BitInfoCharts. And yet the narrative was released into the public bloodstream.

Mr. Kral’s statement of April 16, 2026, does not resolve the questions about the safety of his clients’ money. What it does resolve are questions about the internal coherence of the financial picture the company has been presenting for three years, and about the internal coherence of the assurances it has been giving to customers waiting to withdraw funds. Either the address is an operational cold wallet — which is irreconcilable with its on-chain history and its status as a public dormant wallet — or the company’s financial statements have, for three consecutive years, described a state of affairs that did not substantively exist, and the customer-service assurances have described a reality other than the one the company has now disclosed.

Each of these possibilities carries consequences — civil and regulatory — for the company’s management, for its auditor in respect of the 2024 year, and for the members of its supervisory board. Those consequences do not expire with the release of a well-produced video. They expire only upon the return of customer funds or a formal resolution in court.

Two things, then, remain to be watched. The first is whether Mr. Kral will at any point execute, from the “cold wallet,” the thirty-second verification transaction that would put the matter to rest. The second is whether the 2025 audit, when it is filed, will reinstate the qualification of 2023, undo the methodological shift of 2024, or propose some third solution not yet observed in the wild.

Either way — we are watching, and we are taking notes.

 

Zondacrypto – The Vanishing

Zondacrypto – The Exchange That Lent Your Money

Zondacrypto’s Withdrawal Crisis

The Email That Said Too Much

 

Topical publications

Zondacrypto – The Exchange That Lent Your Money
2026-04-13

Zondacrypto – The Exchange That Lent...

“Client funds have been further invested.” This is not a line from an indictment. It is a sentence from the…

read more
Zondacrypto’s Withdrawal Crisis
2026-04-11

Zondacrypto’s Withdrawal Crisis

What Zondacrypto’s Withdrawal Crisis, a Century of Financial Panics, and the Psychology of Sunk Costs Tell Us About Getting Your…

read more
The Email That Said Too Much
2026-04-10

The Email That Said Too Much

In our previous analysis, we traced the anatomy of a liquidity crisis at Zondacrypto — Poland’s largest cryptocurrency exchange —…

read more
See more publications