Binance and the MiCA Licence: The Hostage’s Selfie
Buried in a civil forfeiture complaint over $2.5 million in USDT, before a court in Washington, lies a single photograph that says more about Binance’s European MiCA licence than any regulator’s communiqué. Beside it lies something more: a $4.3 billion guilty plea, a live compliance monitor, and fresh allegations the exchange denies. And the crypto industry’s favourite slogans fall apart on first contact with the evidence.
A man stands with his back to a wall. His eyes are scrunched shut, his mouth twisted into something between a grimace and an attempt at a smile. There is no extended arm in the frame, so the photograph could not have been taken by the man himself. This is not a crime-scene photo. It is a KYC verification selfie, submitted when opening an account on a crypto exchange, a document that by definition is meant to prove one thing: this is me, opening an account of my own free will. The FBI agents who looked at it reached the opposite conclusion. That they were looking at a man who, in all likelihood, had no choice.
That photograph is described on page 22 of a forfeiture complaint filed in Washington, at paragraph 55 of the complaint itself rather than in any separate exhibit. Read beside what the exchange has since admitted, it stops looking like an isolated image and starts looking like a thesis: about why Binance may not receive its European MiCA licence, that one frame says more than all the official communiqués combined. But the frame is only where the evidence begins.
The Greek Puzzle That Isn’t
Begin with what we know, and with the caution a matter of this kind deserves. Reuters reported, citing two independent people familiar with the matter, that Binance’s application for a MiCA licence, submitted to Greece’s Hellenic Capital Market Commission (HCMC), is expected to be rejected before the 30 June deadline. The application was filed in January 2026 through a newly formed subsidiary, Binary Greece, a single-shareholder public company with €25,000 in capital. The Greek regulator declined to comment, citing confidentiality. Binance holds the opposite position: that it went through some eighteen months of dialogue with the supervisor, that the HCMC completed its review and deemed the application compliant with MiCA, and that the matter was examined at ESMA level. At the level of the decision itself, then, the situation remains formally unresolved, and honesty requires saying so plainly: what is solid is the report, from two sources, not a published rationale, of which there is none.
Yet the stakes are enormous, because a single CASP licence granted in any EU member state passports across all twenty-seven markets. A Greek refusal therefore closes not Athens but Europe. After 1 July 2026, when the transitional period ends, any entity without authorisation must cease providing services in the Union. France’s AMF has warned that operating without a licence is a criminal offence punishable by up to two years’ imprisonment and a €30,000 fine, and that supervisors may impose penalties of up to 12.5% of annual turnover and blacklist firms. Binance does not appear among the authorised entities in the ESMA register, while Coinbase, Kraken, and OKX have already secured theirs. The question, then, is not whether this matters, but why here and why now.
The MiCA Regulation places on the national supervisor an obligation, not a discretionary power, to refuse authorisation where there are objective and demonstrable grounds to believe that the management body threatens prudent management, that qualifying shareholders fail to provide sufficient guarantees, that close links or third-country law would prevent effective supervision, or that the applicant does not meet the requirements of Title V (capital, governance, AML/CFT). These are the criteria of Article 63 MiCA. They read like bureaucratic prose. In a moment it will turn out that each of them has a face in the file from Washington, and some in Binance’s own signature.
A refusal looks mysterious only to someone who has not read the right documents.
A Complaint That Isn’t Against Binance
Here precision is essential, because it is what separates analysis from punditry. The case, docketed 24-cv-2063 before the United States District Court for the District of Columbia, is an in rem action. The defendant is not Binance. The defendant is 2,546,415.01 USDT, a sum in the dollar-pegged stablecoin Tether, seized from two of the exchange’s accounts. Formally, the United States is litigating against money, not against the platform. What is more, Binance cooperated with the investigation: it was the exchange that handed law enforcement the transaction records, access logs, IP addresses, and KYC data from which investigators reconstructed the whole.
And here arises the first paradox worth pausing over. A document built on the exchange’s cooperation is more incriminating of that exchange, not less, than an enemy’s accusation. These are not a competitor’s insinuations or a disappointed client’s conspiracy theory. These are the platform’s own system logs, read by investigators.
Fairness, however, demands setting out the counterarguments, and strong ones. First, an FBI agent’s declaration is an allegation, not a judgment, the prosecution’s account untested in litigation and proved to a preponderance standard. Second, through an exchange of this scale dirty money will sooner or later flow, just as it does through any large bank, and the presence of laundering is not, in itself, proof of institutional fault. Third, the fact that Binance supplied the evidence weighs toward compliance, not against it. These reservations are true, and they should be held in hand throughout the reading of this one case.
And yet. Beside this untested complaint there exists a record that is no longer the prosecution’s allegation but the exchange’s own admission. To that in a moment. First let us see what the file shows, because it is the file that gives the numbers a face.
What the File Actually Shows
Return to the man against the wall. Binance, like every regulated exchange, requires a photograph at account opening as part of “know your customer” procedure. Most clients send an ordinary selfie. This one, in the investigators’ view, documents coercion. And the account opened with it was used to receive over $1.7 million in USDT. The mechanism is familiar: pig-butchering operations open accounts under other people’s names, often the names of human-trafficking victims lured by the promise of work and held in forced-labour compounds across Asia, in order to put distance between themselves and accounts full of dirty funds. The verification selfie, the cornerstone of compliance, turns out here to be a record of captivity.
Go further, because it gets more interesting still. Two accounts, both registered as “personal,” opened a day apart, from the same IP address in Bangkok. Log analysis showed 257 events in which that same IP address logged into both accounts. In one documented instance, the same Bangkok address touched both accounts within minutes, after which 750,000 USDT immediately moved between them. In other words: one man was watching both sides of his own transaction, once as sender, once as recipient, pretending to be two different people.
And now the fact that ought to cost a night’s sleep to anyone who keeps insisting the blockchain sees everything. Eighty-eight percent of the deposits into the first account came from other Binance accounts. Transfers between accounts on the same exchange are not recorded on the public blockchain. They are invisible without a court order and the exchange’s cooperation. That $1.7 million moved through Binance Pay, an internal, zero-fee mechanism based on QR codes, which the prosecutors, in a footnote, compare outright to Venmo. The laundering did not happen on the blockchain. It happened beside it, in the exchange’s private ledger, into which the chain has no view.
And then the scale, because numbers are sometimes eloquent on their own. The second account, also “personal,” took in over 52 million USDT across 354 transactions over two years, at an average value per operation of nearly 147,000 USDT, from a hundred and twelve different addresses. A personal account moving the budget of a small town.
The protagonist of this story, a Thai “broker,” supplied the best commentary himself, in conversation with the police. He admitted that he ran a crypto business, that his Binance account had been “frozen on multiple occasions,” which he attributed to volume, and that to get around the daily limit of two million baht he distributed funds to “friends” for a small fee. The detail that settles everything: he could have raised that very limit by submitting a three-month bank statement and proof of address. He chose the costlier, more contorted road, the laundering-shaped road, over the trivially simple compliant one. And when the Thai police ordered him to halt transfers, he made the transfers anyway, as if the order applied to someone else.
On the other side of that account stand the victims. The pig-butchering mechanism, literally “the fattening of a pig,” works like this: contact through an app, patient trust-building, a small withdrawal at the start to lend the platform credibility, and at the end, when the victim wants to leave with the “profits,” the demand for a fictitious “tax,” a last squeeze before the account is closed. These are people who answered the wrong message. And it was their money flowing through the hostage’s selfie.
What Binance Has Already Admitted
Here the realm of allegation ends and the realm of admitted fact begins. On 21 November 2023, Binance entered into an agreement with the Department of Justice and pleaded guilty. The total: $4.3 billion in fines, forfeitures, and civil penalties, the largest of its kind in history. The exchange admitted the wilful failure to maintain an effective anti-money-laundering programme, the operation of an unlicensed money-transmitting business, and violations of U.S. sanctions law (IEEPA).
The substance of the admission is what no marketing communiqué can undo. Binance acknowledged that it deliberately failed to vet thousands of customers from August 2017 through October 2022; that it failed to identify and report more than a hundred thousand transactions potentially linked to, among other things, terrorism, ransomware, and child sexual exploitation; that it served users in Iran, North Korea, Syria, and Crimea; and that it processed transactions for Hamas’s al-Qassam Brigades, Palestinian Islamic Jihad, al-Qaeda, and ISIS. FinCEN imposed a $3.4 billion penalty and installed a five-year monitorship, giving an independent monitor (Forensic Risk Alliance) access to the exchange’s books, records, and systems. OFAC added $968 million for sanctions violations. The founder, Changpeng Zhao, pleaded guilty to a single count, stepped down, and was sentenced to four months of imprisonment, well below the guidelines and the three years the prosecution had sought; he was released in September 2024. In October 2025 he was pardoned by President Trump. The pardon erases his personal criminal record but does not disturb the corporate plea, the $4.3 billion, or the monitor, all of which remain in force.
And here one must pause over the distinction on which the entire analysis rests. The forfeiture complaint is an allegation. The plea is an admission. My cautious counterargument, that the flow of dirty funds through a large exchange does not by itself prove the institution’s fault, holds for the Washington case. But here the institution itself, under its own signature, acknowledged wilful failures. That shifts the Article 63 assessment not by a degree but by a category. The supervisor no longer has to reason from circumstance. It has the exchange’s own statement.
A Fresher Matter, Still Contested
Were one to stop there, the picture would be closed and historical. It is not. In February 2026, The New York Times, followed by The Wall Street Journal and Fortune, reported that Binance’s internal investigators had identified roughly $1.7 billion in transfers from two of the exchange’s accounts to Iranian entities linked to terrorist organisations, over the period from March 2024 to August 2025. According to those reports, at least four compliance employees who flagged the transactions were subsequently dismissed or suspended, with the exchange citing “violations of protocols concerning client data.” Senator Richard Blumenthal opened a formal inquiry of a Senate subcommittee, pointing to intermediaries (Hexa Whale, Blessed Trust), wallets associated with Iran’s Islamic Revolutionary Guard Corps, and payments to crews of Russia’s “shadow fleet.”
Here the highest epistemic caution applies, and I will repeat it plainly: these are press reports and parliamentary allegations, not findings of a court. Binance denies them and states that an internal audit found no sanctions violations. They must be treated as unconfirmed. And yet their weight for the MiCA analysis comes not from whether they are true, but from what they concern: precisely the category of failure that the 2023 settlement was meant to close, and that the five-year monitor was meant to oversee. If the reports are borne out, they become a question about the very effectiveness of that monitor. If they are not, they remain a piece of context the regulator is nonetheless entitled to consider. The Article 63 standard, after all, is not “proven beyond reasonable doubt” but “objective and demonstrable grounds to believe.” Between those two thresholds lies the whole difference between a criminal trial and a licensing gate.
Demolition: Six Slogans That Don’t Survive Contact with the Evidence
I have a soft spot for the crypto industry, because its marketing is the only genre I know in which a slogan and its refutation can hang side by side on the same page. The file from Washington, and the 2023 settlement alongside it, let us test six favourites.
The first: “the blockchain is transparent, fraud has nowhere to hide.” In fact the most effective laundering in this case happened off the blockchain, in Binance’s internal transfers and in Binance Pay. The chain shows the lobby. The laundering took place in the back office, which only a court order opens.
The second: “crypto is decentralised, you don’t need intermediaries.” The entire scheme is a parasite on a centralised intermediary. Without accounts on the exchange, on which funds can be consolidated, withdrawn, and clouded, dirty money stays trapped in the chain. Decentralisation is the advertising slogan. The centralised exchange is the load-bearing wall.
The third: “stablecoins are the safe, boring corner of the market.” Throughout the case, the currency of laundering is USDT: stable, liquid, ubiquitous, issued by an entity registered in the British Virgin Islands and, as the file notes, run out of Hong Kong. It is precisely the stability that makes it good money for the criminal too.
The fourth: “KYC protects users and screens out bad actors.” The selfie documented a hostage. The “personal” accounts were industrial laundering conduits. The theatre of compliance produced the record of its own failure.
The fifth: “regulation kills innovation, MiCA is bureaucratic overreach.” The Article 63 criteria, the fitness of the management body, effective supervision, AML risk, are not an abstract ticking of boxes. They are tailored precisely to the failure modes these documents describe, and to the ones the exchange admitted to itself. A refusal, if it comes, is not Luddism. It is the system working.
The sixth, specific to Binance: “we met every requirement, the refusal is political.” We do not know the HCMC’s file, and that bears repeating. But we have an admitted $4.3 billion settlement, a live monitor, and a public document in which the platform figures as a venue for industrial-scale laundering, with internal rails resistant to tracing and an onboarding procedure that admitted photographs taken under duress. A supervisor assessing “effective supervision” and “money-laundering risk” does not need a political motive to hesitate. It is enough that it can read.
An Architecture, Not a Single Rule
Here begins the thing the industry usually prefers not to see: MiCA does not act alone. It is one element of a net. Regulation (EU) 2023/1113, the EU’s travel rule for crypto-assets, in force since 30 December 2024, requires originator and beneficiary information to be attached to transfers, addressing precisely the invisibility the Washington case exposes. The EBA Guidelines of 4 July 2024 operationalise that rule for crypto-asset service providers, and Poland’s GIIF Communication No. 87 confirms its application to entities registered in Poland from the same date. The DORA Regulation adds operational-resilience requirements. The 2024 AML package, including Regulation (EU) 2024/1624, and the new EU authority, AMLA, build supervision of money laundering across national borders. The Union strung its net precisely under the holes this case fell through.
It is worth a comparative glance, because the difference in philosophy is instructive. The United States enforces ex post, asset by asset, by forfeiture after the fact. The Union sets a gate ex ante: a licence one does not receive before anything has happened. One model chases dirty money once it is already flowing. The other tries not to let it onto the market. Most importantly, the ex ante gate requires no final conviction. It requires only that the regulator form an objectively grounded belief that the criteria are not met. The material available to the HCMC, namely public court records, the admitted terms of the DOJ settlement, and the 2026 reports of violations, falls squarely within what Article 63 permits it to consider.
What Still Hangs Over It
The analysis would be incomplete without naming what could yet change this position, and in both directions. First, the fallback route: after a formal refusal, Binance may try to file in another member state before 1 July, but the information-sharing mechanisms among supervisors under ESMA mean a prior refusal travels with the applicant. Second, the intersection of the monitor with the Senate inquiry: Forensic Risk Alliance’s access to post-2024 data may cover the very Iranian transactions, tying the two matters into a single knot. Third, the civil RICO suit (Licht and others, a Massachusetts court), alleging that Binance knowingly facilitated pig-butchering schemes, is being expanded to add further plaintiffs and may proceed as a class action. Fourth, the travel rule’s application since the end of 2024 gives European supervisors a basis to demand full originator and beneficiary data, and thus retroactively exposes the off-chain gap documented in 24-cv-2063. Fifth and finally, the scope of the pardon: it applies to CZ as a person, not to the company, and so for the assessment of corporate fitness it is beside the point.
The Frame He Didn’t Choose
The crypto-bro narrative rests on the assumption that transparency and regulation are enemies of freedom. This case turns that assumption upside down. The laundering flourished in what was opaque and unregulated: in off-chain transfers, in weak account-opening procedures. And it was unmasked not by the blockchain and not by the free market, but by warrants, subpoenas, logs handed over by the exchange, and two conversations between the Thai police and a suspect. The ledger caught no one. People with legal process in hand did.
So return, one last time, to the man against the wall. He did not choose his frame. The European regulator, looking at a platform that waves such frames through as “verified,” that has admitted to wilful failures worth $4.3 billion, and that remains under a monitor, is choosing differently. A refusal, if it comes, is not a verdict on technology. It is a verdict on one question alone: whether convenience may go on outrunning control indefinitely.
And behind every truncated wallet address in this file stands someone who answered the wrong message. Naming the mechanism, naming what actually happened, is the first step toward recovering agency. The rest, as ever, is a matter of evidence. And of that, as we have seen, there is no shortage.
Further reading
The Moon King’s Fall – How Do Kwon Built and Destroyed a $40 Billion Crypto Empire
Robert Nogacki – licensed legal counsel (radca prawny, WA-9026), Founder of Kancelaria Prawna Skarbiec.
There are lawyers who practice law. And there are those who deal with problems for which the law has no ready answer. For over twenty years, Kancelaria Skarbiec has worked at the intersection of tax law, corporate structures, and the deeply human reluctance to give the state more than the state is owed. We advise entrepreneurs from over a dozen countries – from those on the Forbes list to those whose bank account was just seized by the tax authority and who do not know what to do tomorrow morning.
One of the most frequently cited experts on tax law in Polish media – he writes for Rzeczpospolita, Dziennik Gazeta Prawna, and Parkiet not because it looks good on a résumé, but because certain things cannot be explained in a court filing and someone needs to say them out loud. Author of AI Decoding Satoshi Nakamoto: Artificial Intelligence on the Trail of Bitcoin’s Creator. Co-author of the award-winning book Bezpieczeństwo współczesnej firmy (Security of a Modern Company).
Kancelaria Skarbiec holds top positions in the tax law firm rankings of Dziennik Gazeta Prawna. Four-time winner of the European Medal, recipient of the title International Tax Planning Law Firm of the Year in Poland.
He specializes in tax disputes with fiscal authorities, international tax planning, crypto-asset regulation, and asset protection. Since 2006, he has led the WGI case – one of the longest-running criminal proceedings in the history of the Polish financial market – because there are things you do not leave half-done, even if they take two decades. He believes the law is too serious to be treated only seriously – and that the best legal advice is the kind that ensures the client never has to stand before a court.
