In the world of crypto fraud, a new facilitator has quietly emerged: Nested Services – sometimes referred to as the “money mule equivalent” of the crypto age. These services play a critical role in laundering crypto-assets stolen from unsuspecting investors.
What are Nested Services?
A Nested Service is a crypto intermediary that opens a wallet with a regulated exchange (like Binance or Kraken) and allows third parties to access this account for fraudulent purposes. While these third parties could open accounts directly, they intentionally choose not to. Instead, they operate through this “nest” to hide their identity, obscure transaction trails, and enjoy the appearance of compliance.
In fiat banking, this would resemble a money mule: a person or company who receives criminal funds into their account and passes them on. In both cases, the actual beneficiary remains hidden, and the account holder acts as a proxy.
Why Are Nested Services So Dangerous?
Nested services are often used to sell fraudulently obtained crypto assets via regulated exchanges. Because the exchange only sees the nested account, it has no visibility into the real customer. This turns the nested account into a laundering conduit, bypassing the security architecture of regulated platforms. Worse yet, some major exchanges knowingly tolerate or even collaborate symbiotically with nested services to expand their user base while minimizing regulatory friction.
The result? A shadow infrastructure within regulated exchanges that allows illicit actors to move millions – if not billions – undetected. Nested service providers function as modern money laundering conduits, similar to how hundreds of bank accounts at institutions like Postbank or ING BANK NV were used to funnel illicit funds for BARAK/LENHOFF back in 2018.
The Hidden Enabler: Regulated Crypto Exchanges Must Be Held Accountable
Regulated exchanges often argue that they are not responsible for what happens “behind” a client account — particularly when it belongs to a nested service. But this defense is not sustainable
They know. Or they should.
Nested accounts frequently show anomalous trading behavior, such as:
Unusual transaction volumes inconsistent with a retail client,
Rapid in-and-out movement of assets,
Interaction with wallets flagged in fraud or money laundering investigations.
In many cases, exchanges have even provided custom APIs, high-volume trading access, or special settlement terms to these clients — clear signs that they understand who they are dealing with
Under existing AML and supervisory frameworks, including FATF guidelines and European AMLD provisions, regulated exchanges have a legal obligation to conduct enhanced due diligence on:
High-risk customers,
Omnibus accounts,
Structures that intentionally obscure beneficial ownership.
As we argue in EFRI’s claim against Payvision B.V., financial institutions — whether in fiat or crypto are liable, If they know, or should know, that their infrastructure is being used to launder criminal proceeds,
in our opinion
“The special social role of regulated payment providers imposes an extended duty of care — not only to direct customers, but also to third parties who are foreseeably harmed by systemic failures in oversight.”
This applies equally to crypto exchanges that tolerate nested accounts while advertising themselves as secure, compliant platforms.
Legal Perspective: From Structural Breaches to Civil Liability
In the Payvision appeal, we argue that liability arises not from a single failed check, but from a systemic and long-term failure to enforce basic regulatory controls. When a financial institution repeatedly ignores red flags, or even profits from high-risk accounts despite public warnings, penalty fees, and compliance alerts, it can no longer claim neutrality.
The same argument holds for regulated exchanges facilitating nested services:
If they accept accounts that act as access points for anonymous third parties,
Ignore abnormal transaction patterns,
Fail to freeze assets when faced with credible blockchain evidence or court orders,
…then they become civilly liable for the damages caused
Conclusion: No More Hiding
Nested services are not an edge case. They are a structural weakness in the global crypto infrastructure. They serve one primary purpose: to obscure the identity of actors and the origin of funds.
But they do not act alone.
It is the regulated exchanges — the platforms that hold licenses, promise compliance, and collect fees — that enable their operation. Without their active participation or deliberate inaction, nested services would not exist.
We call on regulators, courts, and law enforcement across Europe to:
Prohibit cooperation with nested services unless full KYC/AML transparency is ensured.
Clarify the legal framework for freezing assets in shared or nested wallets.
Hold operators of nested services and regulated crypto exchanges allowing them to operate civilly liable if their operations systematically facilitate fraud or money laundering.
EFRI will continue to advocate for a victim-centred approach in financial regulation – one where legal duties are enforced not only in form, but in substance. Shadow structures like nested services must be dismantled if we are serious about protecting retail investors in the digital economy.
