Virtual Asset Service Providers (VASPs)—such as crypto exchanges, custodians, and wallet providers—play a frontline role in the fight against financial crime in the digital asset space. But to be effective, they can’t operate in isolation. Collaborating with law enforcement is essential not only for protecting users and recovering stolen funds, but for strengthening the broader crypto ecosystem.
This article outlines six practical ways VASPs can support investigations—from sharing suspicious addresses and offering bounties, to joining industry associations, building investigative capacity, and using advanced analytics to turn blockchain data into actionable intelligence.
Here are six ways that VASPs can collaborate with law enforcement in order to support investigations.
VASPs are often required to comply with official blacklists, such as those maintained by the U.S. Office of Foreign Assets Control, which identify wallet addresses linked to sanctioned individuals or criminal enterprises. But information sharing doesn’t have to be limited to top-down directives. VASPs can also take a proactive role in flagging suspicious activity and alerting their peers across the ecosystem.
For example, after the $54 million CoinEx hack in September 2022, the company published a list of suspicious addresses across multiple blockchains and called on other VASPs to freeze related funds. Similarly, following the $1.5 billion Bybit hack in February 2025, Bybit not only disclosed the addresses involved but also released an API to make it easier for exchanges and crypto platforms to take corrective action. These efforts enable the wider industry to avoid transacting with illicit funds—and, when necessary, to assist law enforcement in asset recovery.
When VASPs fall victim to crimes like hacks or exploits, they can’t solely rely on the goodwill of independent investigators or expect law enforcement to act swiftly on limited resources. What VASPs do have—often more than law enforcement—is access to capital.
Offering a bounty for information that leads to the identification of perpetrators or the recovery of assets can be a powerful incentive that supports ongoing investigations. In an unprecedented move, Bybit also offered a $140 million bounty following its hack. Combined with the release of its suspicious address API, this initiative helped accelerate response efforts across the industry and contributed to the recovery of more than $42 million in stolen funds.
A recurring challenge is that VASPs and law enforcement often don’t engage with one another until a crime has already occurred.
According to Merkle Science CEO Mriganka Pattnaik, this reactive approach stems from mutual hesitation. During ACCESS US 2025, Pattnaik explained that many VASPs hesitate to engage regulators proactively, concerned it might attract regulatory scrutiny. Meanwhile, law enforcement agencies are eager to better understand emerging technologies like DeFi, but are often unable to initiate contact unless a clear instance of illicit activity has already occurred.
Instead of waiting for specific crimes to occur before engaging with regulators, Pattnaik recommends that VASPs proactively share best practices through industry associations, citing the Digital Chamber of Commerce as a strong example. These platforms allow for early, collaborative conversations that benefit both sides.
They enable “public sector companies and private sector companies [to] come together in a room and discuss topics informally,” he said, referring to discussions that might include typologies, transaction patterns, attack vectors, and other emerging risks.
VASPs don’t have to limit their expertise to behind-the-scenes industry associations. Those comfortable with a more public role can also contribute by sharing thought leadership through panels, webinars, and public forums—helping law enforcement, policymakers, and fellow industry players better understand the complexities of the crypto space.
For instance, Merkle Science regularly hosts webinars featuring top leaders in compliance and cybersecurity from leading VASPs. In a December 2024 webinar on Crypto Regulatory Trends, Sanctions, and Emerging Risks, panelists included Manfred Bekeris, Chief Compliance Officer at Paxful, and Alex Côté, Global Head of Transaction Monitoring at Binance.
Their insights provided valuable context for law enforcement. For example, Côté emphasized the need for a more advanced, behavior-driven approach to identifying potentially criminal activity.
“It's not 2020 anymore—we're in a more advanced space now. You need to use additional parameters to risk score your transactions that aren't just exposure-based,” he said during the webinar.
He elaborated that effective transaction monitoring now requires assessing customer behavior and risk profiles, not just wallet connections. By feeding these behavioral insights into the monitoring process, VASPs can make smarter, faster decisions—whether that means rejecting a transaction, flagging it for investigation, or allowing it to proceed.
When crimes like hacks occur, VASPs shouldn’t leave the entire investigation to law enforcement—they must become active partners. Since most VASPs are built for exchange operations, not crime-solving, they need to invest in internal capability-building.
Offered through Merkle Science’s Institute, our Crypto Investigator Certification helps close this gap by equipping in-house teams with the tools to conduct on-chain investigations. The course covers crypto-crime typologies, OSINT techniques, blockchain data interpretation, and cross-chain transaction tracing. With this shared investigative language, VASP analysts can better collaborate with law enforcement—speeding up response time, improving evidence quality, and increasing the chances of asset recovery.
While VASPs can share a list of suspicious addresses, that alone doesn’t tell the full story. To truly assist law enforcement, in-house investigators must use blockchain analytics tools to visualize the laundering trail—showing how stolen assets move through mixers, cross-chain bridges, and ultimately to an identifiable exit node.
This final step is crucial, as it turns blockchain data into actionable evidence. By tracing funds to an off-ramp—such as a centralized exchange—investigators can link pseudonymous addresses to real-world identities through KYC records, enabling asset recovery and supporting criminal indictments and prosecutions.
Collaboration with law enforcement isn’t a one-time task—it demands a comprehensive, end-to-end approach. VASPs need more than reactive responses; they need a foundation that builds investigative readiness, enables effective intelligence sharing, and supports rapid action when threats arise.
Merkle Science delivers that foundation through the Institute for certification and training, Compass for rule-based transaction monitoring, and Tracker, a powerful investigative tool that transforms blockchain data into actionable, shareable insights. Combined with thought leadership and industry engagement, these solutions empower VASPs to move from basic compliance to active contribution—helping safeguard users, recover stolen assets, and bring criminals to justice.
Reach out to Merkle Science today.
