The teams that need compliance and security the most are the ones just starting out. @hexens Builder Support Program fixes that — top-tier tooling for early-stage protocols, at builder-stage prices. Time to show what we bring to this partnership. For teams accepted into the program — Match Systems perks: ▸ AML/KYT — risk scoring built on real investigative experience: we don't just flag risks, we trace fund origins, transaction links, and full operation context ▸ KYB — counterparty verification before you trust anyone with your infrastructure ▸ Incident Response — funds stolen or wallets compromised? We launch immediately: on-chain tracing, blockchain investigations, recovery support Special rates on all services for Builder Support participants. Apply: hexens.io/pages/builder-supp…

The UK just sanctioned HTX - one of the largest crypto exchanges by volume. 55M users, $3.3T in 2025 trading volume. This isn't just about the exchange. AML systems retroactively re-label historical transactions. Millions of clean addresses may turn red through no fault of their own. What does your transaction history look like? 👇 matchsystems.com/htx-sanctio… #HTX #sanctions #AML #crypto

🔓 Tether unfroze 497 USDT addresses in one day — $79.2M total. Not a glitch. Not an error. The result of months of dispute work hitting completion at the same time. We broke down exactly how it works 👇 matchsystems.com/tether-unfr… #USDT #Tether #TetherFreeze #USDTFrozen #CryptoCompliance #BlockchainForensics #AML #CryptoInvestigation

In 2026, you don't have to be a criminal to get frozen. You just have to accept USDT from the wrong counterparty. Tether has frozen $4.4B to date — coordinated with OFAC and law enforcement, no advance notice, no appeal window. One tainted hop upstream. One blocked wallet. Months of dispute ahead. We help companies screen before it happens — and navigate recovery when it already has. #USDT #Tether #AML #KYT #Blockchain #Investigations #Crypto #Compliance

$577M in April: Why Stablecoin Issuers Failed to Freeze Stolen Funds, and What It Changes cryptotimes.io/insights/577m… via @CryptoTimes_io

Tether froze USDT of people who did nothing wrong. No hack. No scam. Just received funds from the wrong person - and now their balance is locked with no explanation. Cases like this have multiplied in 2026. Innocent users stuck. Why it happens and what actually works 👇 matchsystems.com/tether-froz… Has this happened to you or someone you know? #USDT #Tether #Freeze #Block #CryptoCompliance #AML #CryptoSecurity #BlockchainInvestigation #CryptoRecovery

🤝 Our partners @FixedFloat published a practical guide: what to do if your crypto is stolen. → ff.io/en/blog/guides/if-cryp… Covers the most common attack vectors — phishing, seed phrase leaks, address poisoning — and step-by-step actions in the first hours after an incident. Includes a section on our joint investigations and how coordinated blockchain analysis leads to real asset recovery. #CryptoTheft #BlockchainForensics #CryptoRecovery #PhishingAttack #AddressPoisoning #MatchSystems

🛡 Our Case. Episode 6 600K in One Transaction: How Deep Analytics Revealed a "Hidden" Block In one of our cases, a client lost over $3 million to theft. We immediately performed AML tagging so the assets would be flagged as stolen across exchange AML systems. One address stood out from the rest: approximately $600,000 in Bitcoin had been sitting in a separate wallet for an extended period — with no visible connection to any crypto service. No public links. A genuinely complex situation. We applied advanced investigative methods and additional checks, including clustering of related addresses. Eventually, we identified that this "invisible" address belonged to one of the major exchanges. The funds were blocked based on our AML tagging. We received confirmation of the block from the service and, together with the victim's law enforcement authorities, initiated the recovery process. Conclusion Basic analytics isn't always enough. Some blocks triggered by AML tagging remain hidden — and without deep analysis and specialized techniques, certain addresses simply cannot be attributed to an exchange at all.

🔐 Crypto Theft Schemes in 2026 — And How to Protect Your Assets Crypto scammers never sleep. While you're reading this, someone is losing funds to drainers, phishing attacks, SIM swaps, or a months-long "pig butchering" con. We broke down the most common attack schemes tracked by Match Systems analysts: 🪤 Crypto Drainers — you sign the permission yourself, thinking it's a routine action. The script handles the rest. 🎣 Phishing & Fake AML Checks — pixel-perfect clones of real services that ask you to "connect your wallet." Legitimate AML checks never require wallet access. Ever. 📋 Clipboard Hijacking — you copy a wallet address, but malware has already swapped it for the attacker's. The first and last characters often match — so you won't notice. 🐷 Pig Butchering — weeks of "friendship" or "romance," a too-good-to-be-true investment platform, then the withdrawal freezes and your new "friend" vanishes. 💸 Recovery Scammers — already been robbed? That's when "blockchain specialists" appear, promising to get your funds back — for an upfront fee. It's the second hit. Plus: OTC traps, dust attacks, fake ICOs, Ponzi schemes, and more. 3 rules that actually work: ✅ Slow down — urgency is a scammer's favorite weapon ✅ Separate your wallets by purpose — never use your main holdings wallet for day-to-day activity ✅ Keep your holdings private — in crypto, oversharing is an open invitation Full breakdown of every scheme, protection tips, and a step-by-step guide on what to do if you've been hacked — on our website: matchsystems.com/crypto-thef…

Fake USDT is becoming a real problem in crypto. Scammers create tokens that look identical to USDT and send them to victims hoping they won’t notice the difference. In this article for @CryptoTimes_io , we explain: • how fake USDT works • how scammers trick users • what to check before accepting a transaction If you work with crypto — it’s worth knowing how this scheme works. Read the full guide: cryptotimes.io/learn/fake-us…

Stolen crypto? Report the incident and help flag the attacker’s wallet across the ecosystem. Our team has already helped recover $80M in stolen crypto. Report the case → matchsystems.com

🛡 Our Case. Episode 5 The Long-Term Effect of AML Tagging: Blocks Still in Place a Year After the Theft In 2024, a major Asian exchange became the victim of a high-profile hack that media outlets linked to the so-called North Korean “crypto army.” Hundreds of millions of dollars were stolen. At the initial stage, the exchange chose to conduct the investigation independently. We continued monitoring the case for research purposes. Throughout this period, we tagged newly related addresses and tracked further fund movements. Nearly a year later, the exchange returned to us for assistance. At that point, the key outcome became clear: the previously established AML tagging was still effective. Assets continued to be blocked across multiple exchanges, despite the time that had passed. Large platforms strictly follow their AML policies and maintain restrictions on assets when relevant tagging is present. As a result, even months later, a portion of the funds remained frozen and available for transfer back to the affected party. Conclusion This case shows that AML tagging is not only about speed in the first hours after an incident. It is about creating a durable trail that continues to work months later. #AML #CryptoRecovery #CryptoScam #Scam #ScamAlert #scammers

Why does one exchange allow a transaction with Medium risk, while another blocks it? Because a risk score is not the truth. It’s a reflection of the specific tool and the depth of data behind it. First, AML services build their databases in very different ways. If a tool simply doesn’t have information about certain addresses or connections, it may show Low or Medium risk. That doesn’t mean the address is “clean.” It means the data is incomplete. Second, what really matters is which AML tools are used by the compliance team of the crypto service that froze your funds. The same address can look acceptable in one system and trigger stop-flags in another — sanctions exposure, high-risk sources, or links to problematic clusters. And there’s another detail most people don’t talk about. There are AML services on the market (we won’t name names) that show different risk scores for the exact same address: — one version for a regular user who buys a $1–2 report — and a completely different view for compliance teams with full platform access The user sees Medium risk. The exchange sees a set of red flags. The outcome is a freeze. No “exchange mistake” involved. The takeaway is simple: a risk score without understanding the data source, labeling depth, and decision context is a very poor reference point. We explain how address labeling actually works — and why speed and data depth matter more than a number in a report — in detail here: matchsystems.com/blockchain-… So think about it: are you trusting the number — or the infrastructure behind it?

🛡 Our Case. Episode 4 How AML Tagging Stopped a $200,000 Withdrawal In one of our cases, a crypto exchange in the CIS region lost approximately $200,000 USDT. The theft occurred during an exchange transaction and was carried out using a man-in-the-middle scheme, commonly referred to as a “triangle” attack. The affected service responded immediately and contacted us right after the incident. We performed AML tagging of the involved addresses and added them to analytical databases. A few days later, the attacker attempted to withdraw and exchange the stolen funds through another exchange. However, that platform was already running an AML system that recognized our tagging. As a result, the transaction was halted. With legal support, the funds were returned to their rightful owner. Conclusion This case clearly shows that exchanges operating within a shared anti-fraud framework reinforce each other and reduce risk across the entire ecosystem. This outcome was possible only because the second exchange was already connected to our AML service. Connect to the Match Systems AML infrastructure to stop suspicious transactions before funds are withdrawn. matchsystems.com/aml

Trust Wallet Card Scam Instagram ads have started appearing with the wording “official Trust Wallet card with no KYC.” Even at this stage, the offer should raise questions, but the flow becomes more interesting further on. The ad does not lead to an official domain, but to a landing page at trustalpha.plus, styled to resemble Trust Wallet. The key detail is that when the button is clicked from a mobile device, the user is not taken to a regular browser. The page opens inside Trust Wallet, in the wallet’s built-in browser. For an unprepared user, this looks like a native part of the application. Next, another site loads, trustwallet.guide, where the user is invited to “activate the card.” To do so, they are asked to enter their seed phrase. From a social engineering perspective, the flow is well constructed: ad → pseudo-official domain → built-in wallet browser → sense of legitimacy → theft of funds. The seamless transition inside the wallet is what makes this scheme particularly dangerous. Visually, it does not feel like a redirect to a third-party resource. The main weak point of the scheme is the direct request for the seed phrase. If a contract drainer had been used instead, user losses could have been significantly higher. A reminder: any “wallet products without KYC” have no relation to official services. The fact that a page opens inside a wallet does not make it official. A seed phrase is never used for activations, cards, or confirmations. Stay safe. #ScamAlert #scam #TrustWallet #TrustWalletscam #cryptoscam #CryptoScams #CryptoScamAlert