A Wallet, a Decade, a Question

The address that the C.E.O. of zondacrypto pointed to as proof of 4,503 BTC in reserves has not made a single consequential outbound transaction since March of 2016. What does that mean for the customers? An on-chain investigation. The next installment in our series on zondacrypto.

I lay out the threads connecting cold wallet 16aEn4p6... to — the Russian darknet.

I consider whether it is at all possible that this is the genuine cold wallet of BitBay / Zonda.

 

I. Three Hundred Million Dollars in a Frozen Vault

The vault is empty. Or rather, it is full. It is just that no one has been inside it for ten years.

In mid-April of 2026, the chief executive of zondacrypto, Przemysław Kral, decided to quiet the market.

Customers had been unable to withdraw their funds for weeks. The forensic firm Recoveris had published an analysis on April 6 reporting that the exchange’s primary operating wallet held 0.086 bitcoin. Roughly twenty thousand złotys. For the entire exchange. To honor withdrawals to tens of thousands of customers who had, by the company’s own audited statements at BB Trade Estonia OÜ, deposited the equivalent of seven hundred and twenty-two million euros.

Nine days after the report appeared, Kral recorded a video and posted it to X.

He said it was a misunderstanding. The press, he said, had confused the “hot wallet” with the “cold wallet.” The real reserves, the actual treasury, sat on a second, offline account, holding 4,503 bitcoin — about a billion three hundred million złotys at current prices, roughly three hundred and forty million dollars. And, on camera, he read aloud one specific address: 16aEn4p6hK4FMpLtJGpoQZMZ946sDg1Z6n.

Then he said something the market had not expected.

He said the exchange did not have the private keys to that address. The keys, he said, were with the founder, Sylwester Suszek — who has, in the public records of the Republic of Poland, been listed as a missing person since March of 2022.

This was meant to be the end of the discussion. The pointing to a specific address on the public blockchain — because the blockchain, unlike a chief executive, does not lie. The money is there or it isn’t. Check for yourself.

I checked.

What I saw is a more interesting story than Kral might have wished. A story whose analogues in the cryptocurrency world now number at least a dozen. Each ends the same way: customers lose their savings, the chief executive disappears or dies under circumstances that no foreign jurisdiction quite gets to the bottom of, investigators eventually conclude that the cold wallet displayed at the press conference was something other than what it was claimed to be.

The title of this story is cold wallet of Zonda. Ten years of silence.

 

II. A Brief Course in Blockchain for the Lay Reader

A digression, of three minutes. Without it, what follows will not register.

The Bitcoin blockchain is a public ledger. Imagine a county recorder of deeds, except that, instead of being maintained in a single courthouse, it is maintained in parallel on tens of thousands of computers around the world, each holding an identical copy. Anyone can read it. Enter any address into a viewer — mempool.space or blockchain.com — and you will see, in seconds, every transaction that address has ever sent or received. Ten years of history, accessible to a child, immune to revision.

A Bitcoin address is the equivalent of a bank-account number, with the salient difference that no name is attached. It is a string of letters and digits. Anyone can have as many as he likes. Each is public. The balance of any address can be checked in seconds.

Hot wallets and cold wallets. Every reputable crypto exchange runs on a hybrid. The hot wallet is connected to the internet; it processes day-to-day deposits and withdrawals. The teller’s till. The cold wallet is air-gapped — physically disconnected from the network — and holds the bulk of customer reserves. The vault. The keys to it typically reside on a hardware device locked in a safe, accessible to a small number of authorized officers. Industry standard since 2014: ninety to ninety-eight per cent of customer assets in cold storage, the remainder in the hot wallet.

Proof-of-control. The most important concept in this article. To prove that you possess the private key to a Bitcoin address, you sign a short message — any message, perhaps the day’s headline — using that key. The operation takes three minutes. Its result is publicly verifiable. It cannot be forged. Every popular wallet — Bitcoin Core, Electrum, Trezor, Ledger — offers it. The cryptographic equivalent of I have the key. Here is the proof.

That is everything you need to know. We return to the investigation.

 

III. Four Lines That Were Enough

Within an hour of Kral’s video, I entered the address 16aEn4p6... into a blockchain viewer. What I saw fit into four sentences.

The address has received exactly two consequential deposits. The first — on March 6, 2016, of 4,434 bitcoin — arrived in a single consolidating transaction with ninety-four inputs. The second, nine days later: 69.2586 bitcoin on March 15, 2016. Total: 4,503.25907650 BTC. Plus, in subsequent years, a thin scatter of dust — satoshi-sized fractions of pennies, scattered by automated bots whose owners have long since stopped maintaining them. After that, silence.

Nothing has ever left the address. Not a satoshi.

I will repeat that. Nothing. For ten years. Two deposits in March of 2016, zero outflows ever since. Anyone can check. Mempool.space shows the same history as Blockchain.com and Blockchair. The blockchain has one defining property: it cannot be revised.

Imagine a bank. The bank announces that its vault contains three hundred million dollars. The vault has an electronic lock with a counter that records every opening. The counter reads: zero. The door was opened once, ten years ago, when the money was placed inside. Since then, no one has been in.

Now imagine that the bank, over those same ten years, has served thousands of customers daily, depositing and withdrawing in the millions. Every withdrawal has been honored. Every customer has gone home with his money.

Then something has to be true. The withdrawals must have come from somewhere. They did not come from the vault, because the vault has not been opened. They came from somewhere else.

This is not interpretive. It is arithmetic. Two and two. An operating cryptocurrency exchange that has paid out, according to its own Estonian filings, hundreds of millions of euros to its customers cannot have a cold wallet from which not a single satoshi has ever flowed. The two facts are mutually exclusive. Either the company paid out, or the cold wallet is the cold wallet. Both cannot be true at once.

If the withdrawals came from somewhere else, the natural question is: from where?

And a second, more interesting one. Where did the 4,503 bitcoin in the wallet come from in the first place? Because the blockchain remembers not only what leaves but what enters. And what enters can be traced backward, hop by hop, to the second.

What did I find?

 

IV. Cluster [033a676d6f] — Where It All Began

We rewind a month, to February of 2016.

The bulk of the 4,434 bitcoin — the larger of the two deposits — arrived at the destination wallet from another wallet. In the database maintained by WalletExplorer, this other wallet bears the identifier [033a676d6f50f05c]. For convenience, we will call it [033a676d6f].

A word on the term cluster. In on-chain analysis, a cluster is a group of Bitcoin addresses known to be controlled by a single entity. We know they are controlled by a single entity because they were used together as inputs to a single transaction, and signing a transaction requires possession of the private keys of all its inputs. The heuristic is as simple as physics. Either you have the keys, or you cannot sign.

Cluster [033a676d6f] had a thirty-seven-day life span. It activated on January 29, 2016. For thirty-three days afterward, it accepted deposits — seventy-six in total, ranging from a handful to a hundred and eighty bitcoin, originating from dozens of different addresses. Then, on March 6, 2016, at 8:03 in the morning Universal Time, the cluster was emptied. Ninety-four of its addresses were used as the inputs to a single transaction (txid 4d1a1058...). The contents — 4,434 bitcoin — flew out, all at once, to the address 16aEn4p6....

After that, the cluster died. Balance: zero. Activity from March 2016 to the present: none.

This is not a private investor’s wallet.

A private investor purchasing $1.86 million of bitcoin (at March 2016 prices) does so by a single transfer from a single OTC desk. He does not gather satoshi from seventy-six sources over a month. He does not use ninety-four different addresses. He does not behave like a teller’s window during business hours.

This cluster behaved like the opposite. It behaved like an exchange’s intake. Because that is what it was. The pattern has a name in the field — exchange aggregation — and is the textbook signature of a 2016-era exchange. Customers deposit on hundreds of throwaway hot-wallet addresses; every few weeks, the operator consolidates everything into a single transaction and sends it to cold storage, in order to minimize the time-at-risk of funds in the hot wallet. Every serious exchange of that period operated this way.

So 16aEn4p6... is a cold wallet of an exchange. The only question is which one.

 

V. Hypothesis One: BitBay

In 2016, a Polish exchange named BitBay was operating out of Katowice. It had been founded in 2014 by Sylwester Suszek — the same Sylwester Suszek who has been missing since March of 2022. Polish corporate registry, Polish customers, Polish address. In February of 2018, the Polish Financial Supervision Authority placed BitBay on its public-warning list. The company then moved its operations to Malta, and afterward to Estonia — where the regulations were lighter. BB Trade Estonia OÜ was incorporated. In November of 2021, the company rebranded as Zonda. In May of 2023, it rebranded again, as zondacrypto.

The company that today operates under Kral’s leadership, in other words, is the same company that, under a different name, operated in 2016. Then it was BitBay. Same customers, same deposits, same cold wallet.

WalletExplorer maintains a dedicated page for BitBay at walletexplorer.com/wallet/BitBay.net — 321,245 transactions, all bearing the label BitBay.net. Most of them date from 2019 to 2025. The cluster that interests us here, [033a676d6f] from 2016, is not labeled. The reason is mundane: WalletExplorer’s labels are heuristic, and they do not cover every old cluster. The absence of a label does not mean the cluster did not belong to BitBay. It means only that a piece of attribution software didn’t get around to assigning it. The behavior of the cluster — a thirty-three-day aggregation followed by a consolidation to cold storage — fits a 2016 BitBay as well as it fits any other exchange of the period.

Consider this scenario coolly.

If the cluster [033a676d6f] was BitBay’s operational aggregation wallet from early 2016, it would mean that, in March of 2016, BitBay consolidated 4,503 bitcoin from its operating wallets into the cold wallet 16aEn4p6... — and never moved the funds again. Not once. Not in ten years.

That is where the trouble begins. Because BitBay/zondacrypto, over those ten years, has been paying out to customers. Hundreds of millions of euros, per the publicly filed financial statements of BB Trade Estonia OÜ. Each of those payouts had to come from somewhere. They did not come from this cold wallet. The wallet has never released a satoshi.

From somewhere else. Somewhere else is the operative phrase here.

There are only two coherent answers to the question of how the contradiction resolves. Each is worse than the one that preceded it.

 

Is it possible that BitBay / Zonda lost the private keys to this cold wallet?

Perhaps from a hardware failure, a botched migration to a new medium, one of the dozens of banal accidents familiar to anyone who has ever worked with cryptographic infrastructure. In 2016, 4,503 bitcoin were worth about $1.8 million. A loss of that scale was something a healthy exchange could rebuild from operating margin in two years. The presumption is that the company set out to do so. Note the chronology, too: the keys were lost in March of 2016, not when Suszek vanished in March of 2022, because the wallet has been completely inert since 2016.

The bitcoin had other ideas. By 2017, the price had touched twenty thousand dollars. By November of 2021, sixty-eight thousand. The hole that had been $1.8 million in 2016 was, in November of 2021, three hundred and ten million dollars. Three hundred and ten million dollars. Growing every month. Without prospect of recovery. Each new bull-market peak pushed the gap further away.

 

What argues that the keys were already lost in 2016?

It is worth pausing on a detail the blockchain establishes unambiguously. The address 16aEn4p6..., over ten years, has not merely been untouched — it has not even been maintained. Those are two different things.

Any conscientious holder of a substantial bitcoin position, given access to his keys, does two things over time. First, he migrates funds to newer address types as they become available — SegWit from 2017, Taproot from 2021 — because they are cheaper to transact and more secure. Second, he periodically rotates or consolidates keys, every few years at minimum, to mitigate cryptographic and physical risk to the storage medium (drive failure, the still-theoretical but increasingly thought-about quantum attack). These are the elementary practices of every professional custodian, every family office, every serious private-key holder.

The address 16aEn4p6... has not been maintained in any of these ways for ten years. The key has never been used. Not once. Not even to sign an empty transaction. Not even to demonstrate existence.

This is the crucial distinction: keys deliberately concealed behave differently from keys that have been lost. If Suszek were today living somewhere in the Caribbean off these funds, he would be spending them — moving them onto newer wallets. Quietly, in small tranches, but moving them. Three hundred million dollars left sitting at a 2016 address is the digital equivalent of pirate’s gold buried under a legendary palm: interesting, but operationally useless. No rational person leaves a fortune to sit, untouched, for a decade. Unless he has no choice. Because the key is gone.

This explains the chronology of Suszek’s disappearance — a chronology we set out at length in the third article in this series, drawing on commercial registries from four jurisdictions. A quiet resignation as C.E.O. of BB Trade Estonia OÜ. June, 2021: Divisio Holding AG is registered in Zug, with Kral as its sole shareholder. September, 2021: the Czech vehicle EXPOFÉR is acquired. November, 2021: the first rebranding, to Zonda. January, 2022: Suszek is removed as managing director of EXPOFÉR. March 10, 2022: he leaves his home in Czeladź and does not return. Eight months of methodical disengagement from every layer of the structure. Not an accident. Not a crime against him. A choreographed exit, executed through a calm sequence of complex legal operations, distributed across time and across the BitBay group’s companies in several countries.

Suszek, between 2016 and 2022, was leading a double life of the Jan Marsalek variety. Marsalek — an Austrian member of the management board of Wirecard AG — spent the last two years before the company’s collapse outwardly performing as the executive of a regular publicly listed fintech, while privately knowing that 1.9 billion euros on the firm’s balance sheet did not exist, and preparing his exit. In June of 2020, two days after KPMG’s report appeared, he vanished from the small private airport at Bad Vöslau, near Vienna, and — according to the subsequent findings of German and Austrian intelligence — surfaced in Minsk, then most likely in Moscow, where credible reporting places him to this day.

Suszek lost the keys in 2016. From that moment, in all probability, he ran the company in awareness of that fact. The balance sheets grew, year by year, more fictional. Each peak in the bitcoin cycle deepened the hole by hundreds of per cent. By 2021, when bitcoin reached sixty-eight thousand dollars, the hole had become mathematically irreparable — and that is when the systematic withdrawal began. From May 2021 to March 2022. The Silesian Marsalek.

That is the first layer: keys lost, hole grew unmanageable, founder vanished. The other layers follow from it.

 

If so, BitBay was knowingly paying out to customers whose bitcoin had been frozen in the cold wallet — from later deposits

If the company lost some of its bitcoin and continued to honor withdrawals, it follows that there existed a class of customers who were paid out using bitcoin deposited by other customers. This is not an accusation. It is an arithmetical necessity. The assets did not balance, and yet the withdrawals were processed; the difference had to come from somewhere; it came from current deposits. Customers who withdrew in 2017, 2018, 2019, 2020, 2021 — they were paid with bitcoin that had been deposited, in those same months, by other customers. The first wave got a hundred per cent. The last wave is on the phone with customer support in April of 2026, getting nowhere.

This is the definition of a Ponzi scheme. Customer A is paid with the deposits of Customer B until Customer B notices. When B notices, the structure cracks. It cracks now: in April of 2026, with the hot wallet at 0.086 bitcoin and the cold wallet, by the chief executive’s own admission, holding keys the company does not have.

The same arithmetic destroyed QuadrigaCX, in Canada, fourteen years ago. There, too, customers were paid with other customers’ deposits, until the inflow stopped covering the outflow. When it did, the founder died on the other side of the world. We will return to that in Section VIII.

 

The marketing fugue, or, How to Recover a Loss of 4,500 Bitcoin

Once the gap exceeded a few hundred million dollars, the only way to keep the structure alive was to accelerate the inflow of new customers. Hence the campaigns of 2022 to 2026: brand ambassadors, football-club sponsorships, a gala for Polish Olympic medalists, the slogan “Trade tomorrow, today,” the positioning as “the largest regulated cryptocurrency platform in Europe.” All of it paid for, in the end, from current customer deposits. In 2024, BB Trade Estonia OÜ spent 5.7 million euros on advertising alone — against 9.7 million in cash on the balance sheet. Sixty per cent of available liquidity went to marketing. That is not the budget of a healthy exchange. It is the budget of an entity that needs to recruit the next wave of customers before the current wave realizes that its bitcoin isn’t there.

 

Regulatory flight, or, How to Conceal a Loss of 4,500 Bitcoin

Under MiCA — the European Union’s Regulation on Markets in Crypto-Assets, in full force since the thirtieth of December, 2024 — a balance-sheet hole of this scale is no longer concealable. Article 75(7) requires the legal segregation of customer assets from the firm’s own. Article 70 prohibits conflicted dealing. The capital requirements for licensed Crypto-Asset Service Providers force an audit of own funds. Each of these obligations, fulfilled in good faith, would surface the absence of the 4,503 bitcoin.

The company chose another route. In 2024, BB Trade Bahamas Ltd. was added to the consolidation group — a Bahamian entity, registered under the Digital Assets and Registered Exchanges Act, the same legal framework under which Sam Bankman-Fried’s FTX Digital Markets was registered. The same Nassau. The same kind of license. The same distance from Warsaw, measured in the count of mutual-legal-assistance requests required to obtain a single document. The website for BB Trade Bahamas Ltd., as of November 30, 2025 — per the public registry of the Securities Commission of the Bahamas — still reads “TBD.” To be determined. The phone number listed for it is a Polish cell. The preparations are essentially complete.

In parallel, the firm engaged with the Polish regulatory process governing crypto-assets — participating in panels, in consultations, in meetings at the Sejm. Such engagement is, in itself, unremarkable; a dozen Polish firms do similar things. But viewed against the present scale of the balance-sheet gap, every hour spent shaping the rules that would have surfaced the gap takes on a different cast. No longer a defense of an industry’s interest. The defense of one’s own shield.

Zonda was sabotaging Poland’s crypto rules because it did not want to be licensed in Poland — licensing in Poland would have meant an audit of assets. It wanted, instead, the pretext for a flight to the Bahamas.

Four layers. Each one made necessary by the inadequacy of the one before. Each one harder, legally, than the last. The end state: in April of 2026, the company cannot pay its customers; the C.E.O. is reported to be in Israel; the Polish Regional Prosecutor’s Office in Katowice is conducting a criminal investigation; and a shell company waits in Nassau. Trade tomorrow, today.

 

VI. “The Card Has to Turn”

A step sideways is in order here. Because the reader who has come this far may have a fair question: How is it possible that an experienced executive, the head of a regulated exchange, in the presence of auditors, lawyers, and a prosecutor’s office, decides to publicly point to an address whose keys he does not hold and to say — on camera, on X — that the keys are with a vanished founder? How does a rational person arrive at such a moment?

The answer is that, by this point, the person is no longer rational. He is a gambler.

The psychology of gambling is one of the best-documented domains in cognitive literature of the past fifty years. Tversky and Kahneman, in the 1970s, set out the framework: the gambler does not weigh losses proportionally. The deeper the loss, the stronger the motivation not to close it. Because if the loss is not closed, formally, there is no loss. The loss becomes a loss only at the moment the gambler walks away from the table. As long as the game continues, the loss is in superposition. It might still be reversed.

The mechanism produces a finite repertoire of thoughts that any psychiatrist treating gambling disorders recognizes immediately. “I can’t leave now — I’m about to come back.” “The card has to turn; statistically I can’t keep losing.” “One more bet, ten thousand more, and I’ll recover the three hundred thousand from the last hour.” “I can’t leave on a loss — I have to leave at least at zero.” “This bet has to come in — it would be unjust if it didn’t.” Each of these thoughts is epistemically false. Each is psychologically irresistible.

Look at zondacrypto through this lens. The four layers we set out in Section V are not the decisions of a rational business. They are the decisions of a gambler in an escalating spiral of loss-chasing.

Layer one — the loss of keys in 2016 — is the initial setback. Modest, $1.8 million, manageable. Here, there is not yet a gambler, only an operational error. But the moment the management decides not to write the loss down and not to inform customers, it enters the role of player. The first bet has been placed.

Layer two — paying out from other customers’ deposits — is the first classic gambler’s thought. “We can rebuild the gap from operating margin in two years; the customers won’t notice; we’ll have a clean balance sheet by the 2018 audit.” The plan assumes that bitcoin will not appreciate, that the bull-market cycle will not repeat, that operating margin will suffice. All of these are optimistic. None of them comes true.

Layer three — the marketing fugue — is classical doubling down. The card didn’t come, so we increase the stake. Five-point-seven million euros on advertising against 9.7 million in cash. Brand ambassadors, football clubs, the Olympic-medalists’ gala. “We have to bring in the next wave of customers, so their deposits can replace what’s missing.” Every new customer acquired is, at the same time, a new victim — because his deposits will go to honor withdrawals from older customers, while he himself joins a queue whose end is invisible. The gambler doesn’t see this arithmetic. The gambler sees only the card that still has to turn.

Layer four — the Bahamas — is an exit strategy, but not the kind a rational business would pursue. A rational business, recognizing an irreparable hole, declares insolvency, returns to customers what it can, files a CASP-license application in Poland with a notation of asset loss, and seeks restructuring. That is the legal path. Painful, costly, but legal. BB Trade Bahamas Ltd. is not that path. It is its inverse. It is a play to remain at the table for as long as possible. Maybe something will happen. Maybe bitcoin will fall to two hundred thousand and the gap will close. Maybe a new investor will appear with capital. Maybe the next wave of customers will deliver bitcoin enough for one more round.

The same tone radiates through Kral’s April video. “I can’t admit now that the keys are gone — it would be the end.” “I’ll show the address, the customers will calm down for a week, and meanwhile we’ll figure something out.” “I’ll say the keys are with Suszek, because Suszek won’t contradict me — Suszek hasn’t legally existed for four years.” Each of these thoughts — like the thoughts at a poker table at three in the morning, after twelve hours of play — is psychologically irresistible and logically absurd.

This is the moment in the spiral when the loss — nine hundred million dollars — lies on the table. Walk away, and the loss becomes definitive. Stay, and the loss remains in superposition. It might still be reversed. The card has to turn.

The card did not turn. It never does. That is the first thing every recovering gambler learns at his first support meeting: the card has no memory, the block has no conscience, statistics has no sympathy. Every bet is independent. The loss-chasing spiral cannot be exited by another bet. The loss-chasing spiral can be exited by exactly one move: standing up from the table.

Kral did not stand up from the table. He boarded a flight to Tel Aviv.

 

VII. Hypothesis Two: Zonda Never Held the Keys to This Address

Kral, compelled to display some customer reserve, found on the public blockchain a wallet that fit the narrative — it contained a tidy quantity of bitcoin, it had sat untouched for a decade, it looked like a cold wallet — and he pointed at it and called it his. A Bitcoin address has no name plate. There is nothing on it that reads “property of BB Trade Estonia OÜ.” Anyone can point to any wallet and call it his own. Without a signature with the private key, the claim is meaningless. It is the digital equivalent of pointing to someone else’s billboard and saying I live there.

It bears adding that the address 16aEn4p6... is not a difficult one to find. Quite the opposite. It has appeared for years near the top of the public dormant-wallet rankings — on BitInfoCharts’ eight-year list and on its ten-year list — at the very top. Every on-chain analyst in Europe has seen this address hundreds of times. For six years, on these lists, it appears with no BitBay, Zonda, or any other exchange label. Because no one — not BitBay, not WalletExplorer, not Chainalysis — has, in those six years, reported that the address belongs to a Polish exchange. Zonda itself didn’t report it, either. Until April of 2026.

In this scenario, the cold wallet 16aEn4p6... belongs to someone else entirely. Perhaps to a foreign-exchange shop that wound down operations in 2016. Perhaps to an exchange in another country. Perhaps to someone who lost the keys and has himself since died. It hardly matters — what matters is that it does not belong to zondacrypto.

And zondacrypto, by pointing to this address, is doing something more than misleading its customers. It is doing it publicly and deliberately. This is a textbook misrepresentation.

A hypothesis of this kind has, in fact, far more interesting implications — because it means that all or part of the missing funds may yet be hidden somewhere on the blockchain.

There are also solid threads connecting cold wallet 16aEn4p6... to — the Russian darknet.

 

What argues for Kral having pointed at a random address as his cold wallet? And if the wallet is not Zonda’s, then whose is it?

There is a second explanation for the behavior of cluster [033a676d6f]. A very interesting one. Because it leads to a place where Poland ends and Russia begins.

The first deposit that fed cluster [033a676d6f] in February of 2016 came from a hub at the address 1MmkA1uaH3r5iut1wr1vymqjasCvHN5pD2. A hub — a wallet that serves as an operating node, channeling large volumes onward to other addresses. On the same day that the hub sent 65 bitcoin to cluster [033a676d6f], the hub did one other thing.

On February 1, 2016, at 1:53:23 in the morning Universal Time, the same hub sent (txid 53a3bccd...) 750.146 bitcoin to the address 1EwpC13XxtH2hGawzYLJaYar6LmTVEXBph. That destination address — verifiable in the WalletExplorer database — belongs to the cluster labeled BTC-e.com.

We will pause here for a story. Without it, the rest will not register.

In the summer of 2011, when bitcoin cost two dollars and was the preserve of forum-going programmers, two Russians in their twenties — Aleksandr Vinnik and Aleksei Bilyuchenko — founded an exchange called BTC-e. Office in Bulgaria. Servers in the United States and France. Bank accounts in Cyprus, Singapore, the Czech Republic. No license in any jurisdiction. No customer-verification procedures. An interface in English, Russian, and Chinese.

For the next six years, BTC-e did for the criminal world what Swiss banks once did for the tax-evading rich of the twentieth century. It was the place where money of any provenance could be entered into the system without questions asked. The hackers who broke into Mt. Gox in 2014 and made off with hundreds of thousands of bitcoin laundered their take through BTC-e. Ransomware operators — including the groups responsible for crippling American hospitals — deposited ransoms there and walked out with clean dollars. Drug dealers from Silk Road. Credit-card thieves. Eastern European bureaucratic graft. All of it, according to the U.S. Department of Justice’s eventual indictment, passed through BTC-e’s accounts.

On July 25, 2017, on the beach at Ouranoupoli, in the Chalkidiki region of Greece, Aleksandr Vinnik was arrested by the Greek police on a U.S. extradition warrant. The American indictment charged him with twenty-one counts related to money laundering. According to the Department of Justice, more than four billion dollars’ worth of bitcoin had passed through BTC-e. Four billion. That is not a typo.

Vinnik fought extradition for six years between Greece, France, and the United States. On May 2, 2024, in the federal courthouse in Northern California, he pleaded guilty to conspiracy to commit money laundering. In his statement of facts, he described the scale of the operation: “tens of thousands of bitcoin per month.” His co-founder, Bilyuchenko, remains a fugitive.

The funds are being recovered slowly. In June of 2025, the Department of Justice filed a civil-forfeiture complaint targeting 925 bitcoin and roughly $89 million in other crypto-assets connected to BTC-e. In October of that year, a movement of more than 6,500 bitcoin from wallets associated with the exchange — around $694 million at the day’s prices — was observed. The bulk of BTC-e’s funds remains diffused on the blockchain.

It is to this story, with growing disbelief on my part, that the hub 1MmkA1u... leads.

The reconstruction is straightforward. On the first of February, 2016, a single wallet — the hub 1MmkA1u... — performed two operations:

• At 1:53 a.m., it sent 750 bitcoin to BTC-e (txid 53a3bccd...).
• At 12:31 p.m., it sent 65 bitcoin to cluster [033a676d6f] (txid acd7b553...).

Both transactions originated from the same wallet. The same private key. Whoever controlled the hub controlled it for both operations. The same day. Ten and a half hours apart. One deposit to BTC-e. The other — the first brick of what would become, thirty-three days later, the 4,434 bitcoin sent to the address that, ten years on, the C.E.O. of an E.U.-regulated Polish exchange would point to.

This is not proof that 16aEn4p6... belongs to BTC-e. The direction of flow — from the hub to BTC-e — suggests that the hub was a customer of BTC-e, not part of its infrastructure. The amount, 4,503 BTC, is also small relative to what we know about BTC-e; the October 2025 movement alone was 6,500 BTC.

But it is a thread. Only Chainalysis, Elliptic, and TRM Labs — firms whose proprietary clustering databases I do not have access to — can resolve it definitively. I am asking publicly. The question is precise. The answer takes seconds.

 

VIII. Three Disappearances

Another pause. Another story. This one is necessary, too.

In December of 2018, in the city of Jaipur, in northwestern India, a thirty-year-old Canadian checked into a hotel. His name was Gerald Cotten. He was the founder and sole director of QuadrigaCX, the largest cryptocurrency exchange in Canada. Inside his head, by his own claim, were the passphrases to all of the company’s cold wallets — 115,000 bitcoin, equivalent to about a hundred and forty-five million dollars at the time, the savings of Canadian customers.

Cotten died on December 9, 2018, in his hotel room in Jaipur. The official cause was complications from Crohn’s disease. He was thirty. He had recently married. He had recently signed a will — twelve days before his death. He had recently transferred his estate to his wife.

After his death, QuadrigaCX customers couldn’t withdraw. The company explained that no one had access to the cold wallets, because the passphrases had died with Cotten. Ernst & Young, appointed by the court as monitor, issued a report in early 2019.

The report contained two sentences that shook the market.

The first: the cold wallets, which no one could supposedly access, were empty.

The second: they had been empty since April of 2018. Eight months before Cotten died.

The whole story about the keys having died with the C.E.O. was a lie. The customer funds had vaporized long before. Cotten — the Ontario Securities Commission later concluded — had run QuadrigaCX as a Ponzi scheme. New customers’ money paid out withdrawals to old ones. He himself traded with borrowed customer funds. He took losses. He covered them with subsequent deposits.

And then he died. Or didn’t die, by some accounts. The death certificate issued in India was never verified by Western authorities. The body was not autopsied in the presence of Canadian consular officials. Some of QuadrigaCX’s dormant cold wallets woke up in 2022 and dispatched more than a hundred bitcoin to addresses unknown. To this day, no one knows who held the keys.

This is the pattern. It introduces the second strand of our story.

In October of 2017, at a conference in Lisbon, the last public appearance was made by Ruja Ignatova — the Bulgarian founder of the OneCoin pyramid scheme. According to the F.B.I., OneCoin defrauded its customers of four billion dollars. After Lisbon, Ignatova returned briefly to Sofia. On October 25, 2017, she boarded a flight from Sofia to Athens. She has not been heard from since. For eight years, she has appeared on the F.B.I.’s Ten Most Wanted Fugitives list. According to some reports, she lives under an assumed identity on a yacht off the coast of Dubai. According to others, she was murdered by the Bulgarian crime syndicate whose money she was laundering.

And then the third story. Polish.

On March 10, 2022, in Czeladź, an industrial town next to Katowice, Sylwester Suszek left his house and did not return. He was thirty-three. He was the founder of BitBay, the Polish cryptocurrency exchange that had, the year before, rebranded as Zonda and migrated its operations to Estonia.

Cotten died in a hotel room in India under circumstances Western authorities never quite verified. Ignatova vanished on a flight from Sofia to Athens and has been on the F.B.I. list since. Suszek went missing in Czeladź, near Katowice, and his keys, allegedly, to three hundred million dollars of his customers’ savings — per the present C.E.O. — are with him.

Do these three stories share a signature? I don’t know. I know only what disappeared with each, and what remained.

In Cotten’s case: $145 million of customer funds. He left behind a widow, a house, a yacht.

In Ignatova’s: four billion dollars of customer funds. She left behind an empty hotel room in Athens.

In Suszek’s: a company that, today, can’t pay its customers. The address 16aEn4p6..., into which 4,503 bitcoin were consolidated in March of 2016. And ten years of silence.

After Cotten, a yacht. After Ignatova, a hotel room. After Suszek, a petrol station in Czeladź whose surveillance camera stopped working on the day he disappeared, and a prosecutor’s office that opened its file six years later.

 

Annex: On-Chain Material for Independent Verification

All the links below lead to Bitcoin’s public blockchain. They require no login. They cannot be removed. They cannot be forged.

A. The Cold Wallet Pointed to by C.E.O. Kral

Address: 16aEn4p6hK4FMpLtJGpoQZMZ946sDg1Z6n

• Balance: 4,503.25907650 BTC
• Total received: 4,503.25907650 BTC
• Total sent: 0 BTC (since March 2016 — zero consequential outflows)
• Parallel explorers: Blockchain.com | Blockchair
• The address also appears on BitInfoCharts’ public dormant-wallet rankings: 8y | 10y

B. The Two Foundational Deposits, March 2016

Date (UTC)	Amount	TxID	Link
2016-03-06 08:03:46	4,434 BTC (94 inputs → 1 output)	4d1a1058...	open
2016-03-15 17:29:26	69.2586 BTC	b86e1c73...	open

C. Aggregation Cluster [033a676d6f50f05c]

• Active: January 29 – March 5, 2016 (37 days)
• Inflows: 76 transactions, totaling roughly 4,975 BTC
• Addresses: at least 94 (used as inputs in the consolidation)
• Closing balance: 0 BTC (cluster emptied March 6, 2016)
• Sample addresses: 1FqbKYWc6n9VH5kjLyfWEZ7iXy7jP4qRFu, 1Hyki2DaG69PvxsVud24hda4wvwwrk8Neu, 1ANWb4677Rps3yMxVWGakhnU5NWyWFQfMv
• The discrepancy between approximately 4,975 BTC accumulated in the cluster and 4,503 BTC sent to the destination address may reflect transaction fees, a few outbound transactions to other addresses, or imprecisions in the clustering heuristic.

D. Hub 1MmkA1u... and the February 1, 2016 Transactions

Hub address: 1MmkA1uaH3r5iut1wr1vymqjasCvHN5pD2

Time (UTC)	Amount	Recipient	TxID	Link
01:53:23	750.146 BTC	1EwpC13X... (BTC-e)	53a3bccd...	open
12:31:46	65.054 BTC	1EYJikrC... (cluster [033a676d6f])	acd7b553...	open

E. The BTC-e Cluster on WalletExplorer

• BTC-e cluster: walletexplorer.com/wallet/BTC-e.com
• BTC-e address (recipient of the 750 BTC): walletexplorer.com/address/1EwpC13X…

All cited addresses, transactions, and block numbers can be independently verified on public blockchain explorers. The analysis is based entirely on public data. We welcome dispute.