There is a question I get asked often enough that I have started to notice the pattern: someone has been using cryptocurrency in their business for years, they are thoughtful and experienced, and then something happens — an account is frozen, a counterparty turns out to have connections they did not expect, a wallet is drained — and in the aftermath they say, with genuine surprise: "I didn't know that was possible."
Most conversations about cryptocurrency risk focus on price volatility. The asset goes up; the asset goes down. This is real, and it receives the most attention — in the financial press, in regulatory guidance, in the warnings that accompany every retail investment product. It is also, in my experience, the least interesting of the risks facing a business or a private individual who holds meaningful cryptocurrency assets.
The risks that I watch cause actual harm — lost funds, damaged banking relationships, physical danger, regulatory exposure — are structural. They arise not from the volatility of the underlying asset but from how the cryptocurrency is held, how the architecture around it is built, and how clearly the people involved understand the nature of the instruments they are using.
Three of these risks are consistently underestimated. None of them is exotic. All three are manageable — but only if they are understood, and only if the architecture is designed with them in mind. And what makes them particularly dangerous is that the people most exposed to them are not careless beginners. They are experienced operators who simply never had reason to look at these specific vulnerabilities until the moment they became relevant.
The first thing that surprises most people when they begin to understand how blockchain technology actually works is that the transaction record is public and permanent. Every transaction ever made on a public blockchain — Bitcoin, Ethereum, and most others — is recorded in a ledger that anyone in the world can read. The addresses involved, the amounts transferred, the timing: all of it is visible, permanently, to anyone with the tools to look.
This is, in a sense, the design. Transparency and immutability are what make the system trustworthy as a record-keeping mechanism. But many people who began using cryptocurrency understood this intellectually without internalising its practical implications. They treated their wallet addresses as they might treat a bank account number — not entirely public, but not something that required active protection. The tools for analysing blockchain transactions have since improved enormously. The ability to trace a chain of transactions, to identify patterns, to connect an address to an exchange withdrawal or a counterparty payment, is no longer the preserve of specialist forensic firms. It is widely available, increasingly automated, and growing more powerful every year.
What was built in private is now, in many cases, readable.
But the implications of blockchain transparency are not limited to those who had something to hide. This is the point most frequently missed — and most consequential for honest businesses and individuals who hold significant cryptocurrency assets.
A wallet address that holds a substantial balance is publicly visible. The blockchain shows not just what is there now, but everything that has ever flowed through that address. Connecting that address to a real person is a task that has become progressively easier: through exchange KYC records, which have been subject to multiple significant data breaches; through on-chain analysis that identifies patterns linking addresses to identifiable counterparties; through social media disclosures, intentional or otherwise; through the ordinary operational interactions of running a business. Once the connection is made, the information is durable. It does not expire.
When a wallet address can be linked to a specific individual known to hold significant assets, three categories of threat become possible.
The first is targeted phishing. A conventional phishing campaign casts a wide net. A targeted campaign, constructed with knowledge of what the target holds and where, is an entirely different proposition. The attacker knows the approximate scale of the assets and can construct communications that are specific, plausible, and difficult to distinguish from legitimate interactions.
The second is targeted fraud. Offers and investment opportunities constructed with awareness of the target's known holdings are more persuasive than generic approaches. The attacker's advantage is the asymmetry of information: they know more about the target's position than the target knows about them.
The third — and the most serious — is physical coercion. In professional security language, this is called a wrench attack: the recognition that it is sometimes simpler to threaten a person physically than to break a cryptographic system. A person who is known to hold significant cryptocurrency, whose home address or daily movements can be identified, and who lives in a jurisdiction where law enforcement is slow or unreliable, faces a threat that has nothing to do with digital security. No password is strong enough. No hardware wallet is secure against someone prepared to use physical force.
I am not describing edge cases. I am describing patterns that I have observed, directly and through the experience of clients, in multiple jurisdictions. The people affected are not careless or naive. They are business owners who hold cryptocurrency as part of a legitimate commercial structure, who live normal lives, who have families, and who did not fully appreciate that the public record they were building had an audience they had not considered.
The architectural response is not to avoid cryptocurrency. It is to build a structure in which the connection between public blockchain addresses and identifiable persons is not easily reconstructable — separating addresses by function and exposure level, using holding structures that do not connect the public record directly to the beneficial owner, and treating on-chain privacy as a design requirement from the outset. The goal is not to obscure activity from regulators. It is to ensure that the public record does not serve as a map for those whose interest in your assets is not legitimate. A structure that interposes a legal entity between the public address and the private individual is not a structure designed to evade. It is a structure designed to protect.
The second risk is more widely known in principle than it is understood in practice.
Stablecoins — USDT, USDC, and the instruments that followed them — are widely used as a store of value within cryptocurrency structures. They are pegged to fiat currencies, can be held and transferred without volatility, and function as a practical intermediate for businesses operating where conventional banking is unavailable or slow. For almost all practical purposes, one USDT or one USDC appears equivalent to one US dollar. The transfer is fast. The cost is low. The infrastructure is well established.
What they are not is money. They are not bearer instruments. They are liabilities of their issuers — Circle in the case of USDC, Tether in the case of USDT — and those issuers retain, by design, the ability to freeze any address holding their tokens at any time, without judicial process, without advance notice, and without a legal standard the holder can challenge in court.
This is not a theoretical power. Tether has frozen hundreds of addresses, some holding balances of several million dollars. Circle has done the same. The freezes have been executed in response to law enforcement requests, in response to court orders, and in some cases at the issuer's own initiative. The holder has no practical recourse. The funds are not destroyed — they remain on the blockchain — but they are entirely inaccessible, potentially indefinitely, without any of the procedural protections that would apply to a bank account in a regulated jurisdiction.
The businesses I work with are almost without exception legitimate. They are not the targets of law enforcement requests. But they face two other categories of risk that the freezing mechanism creates.
The first is associative risk. A freeze can be triggered not only by action against a specific holder but by action against a counterparty. Funds that passed through an address that subsequently came under scrutiny may themselves attract attention, even if the original transaction was entirely legitimate. The transparency of the blockchain — which records every prior connection — means that the history of a stablecoin holding is potentially relevant to how it is treated.
The second is jurisdictional risk. The stablecoin issuers are US-domiciled entities operating under US regulatory supervision. The reach of US law extends, through the issuers, to every holder of their tokens, regardless of the holder's jurisdiction. A business operating where US regulatory enforcement has no direct presence may nonetheless find its stablecoin holdings subject to action initiated by a US regulator.
The structural response: treat stablecoin balances as operational float rather than as a store of value — use them for transactions, not to accumulate them as an asset. And maintain genuine diversification across instruments and custody arrangements so that no single issuer decision can immobilise a material portion of the business's liquid assets. Understanding what stablecoins are means using them with an accurate model of what they are: instruments that combine the operational convenience of digital transfer with the legal character of a claim against an entity that retains the right to refuse that claim.
The third risk is the one most often addressed with the wrong tools.
The standard presentation of cryptocurrency security focuses on technology: hardware wallets, seed phrase storage, two-factor authentication. These things matter. But they address a specific class of attack — the attack on the private key — and leave unaddressed the broader problem of how a cryptocurrency structure fails under human pressure.
I have worked with clients who had done everything right technically. Hardware wallets. Cold storage. Careful key management. And who lost significant assets anyway — not because anyone broke their cryptographic security, but because someone convinced a person with authorisation to move funds that there was a legitimate reason to do so. The approach was sophisticated and targeted. It arrived looking like a counterparty communication, or an urgent compliance requirement, or a request from someone the target trusted. By the time the deception was understood, the transaction was irreversible.
The losses I have observed almost never result from the failure of well-designed technical controls. They result from the absence of architectural design: from a cryptocurrency setup in which the concentration of assets, the allocation of access, and the consequences of a single point of failure have not been thought through. The question is not whether any given person might make a mistake. They will. The question is whether the architecture is designed so that a single mistake produces a catastrophic outcome, or a recoverable one.
Three architectural principles address this directly.
Separation of hot and cold. Assets held for operational use should be held differently from assets held as reserves. Hot wallets, connected to the internet and accessible for daily use, are necessarily exposed to higher risk. Cold wallets, held offline, are not accessible to remote attack. Keeping only the assets required for near-term operations in hot wallets limits the maximum possible loss from any single operational failure.
Multisignature authorisation. A wallet controlled by a single private key has a single point of failure. A multisignature wallet requires authorisation from multiple independent keys before a transaction can execute. No single error, no single act of deception, no single individual's incapacitation can unilaterally drain the wallet. This is particularly important for business holdings, where the practical question is not only security against external attack but continuity of access if any individual becomes unavailable.
Role-based access. The person who initiates transactions should not be the same person who authorises them. The authority to move large amounts should require more steps than the authority to move small ones. These are the same segregation-of-duties principles that any well-run business applies to its conventional financial operations. The reason they are often absent from cryptocurrency operations is that the operations grew without deliberate design — and the absence of design is precisely what makes a single error catastrophic.
Privacy, security, and legality are sometimes presented as being in tension with one another. Privacy requires concealment; concealment conflicts with legality; security is a separate technical matter. This framing is wrong — and its wrongness has practical consequences.
The three properties are not in tension. They are complementary, and they are achieved by the same architectural decisions.
A structure that separates public wallet addresses from identifiable beneficial owners simultaneously protects privacy from those who would use the public record to cause harm, and maintains legibility to regulators who can look through the corporate structure to identify the beneficial owner. Privacy from malicious actors is not the same thing as opacity to legitimate authorities. A well-designed structure provides both.
A structure that applies multisignature authorisation, segregates hot and cold holdings, and implements role-based access is simultaneously more secure against operational failure and more legible to a bank or investor examining how the cryptocurrency layer is governed. Evidence of deliberate design — a documented treasury policy, a defined authorisation matrix, a clear separation between categories of holding — is exactly what a bank's compliance function is looking for.
A structure that treats stablecoin holdings as instruments with specific legal characteristics — not as cash, but as claims against issuers with defined rights and defined risks — manages the exposure honestly and presents it honestly to the banks and counterparties that need to understand it.
The cryptocurrency architecture that achieves privacy, security, and legality simultaneously is not the one that chooses the right wallet or the right blockchain. It is the one that was designed — from the beginning, or brought into order when it was not — with all three requirements in mind. That is architectural work. It requires the same discipline as any other layer of the business: stepping outside the structure, reading it as someone else would, and building what the reading reveals is missing.
The risks are real. The architecture that addresses them is available. The gap between the two is, in most cases, simply the gap between having thought carefully about the construction and having started using the instruments without that thought.
Vladimir Shuvalov works with international businesses and private clients on corporate structure, banking acceptability, and cryptocurrency architecture from Nicosia, Cyprus.
Thinking Globally — thinking-globally.com
Thinking Globally Consulting Limited
Registered in England & Wales · Company No. 17138834
128 City Road, London EC1V 2NX, United Kingdom
© 2026 Thinking Globally Consulting Limited · All rights reserved