Your Money Is Not Your Money

$172,000, No Explanation

In January 2022, three long-time PayPal users filed a federal class action in California. Their accounts had been frozen for 180 days. Then their balances — $27,000, $43,000, and $172,000 — were permanently seized. No specific reason was given. The complaint described PayPal's Acceptable Use Policy as a quasi-law enforcement tool with seizure-like effects but none of the procedural protections that would apply if the government had obtained a freezing order.

This wasn't a regulatory crackdown. It was a terms-of-service violation.

In December 2025, Hawai'i settled a consumer protection lawsuit against PayPal for $6 million over Venmo account freezes. The state alleged that Venmo routinely froze accounts for up to six months based on automated determinations, with no human review and no appeals process. The freeze disclosures were buried in a 20,000-word user agreement. The state called the practice "draconian."

Three weeks later, the Consumer Financial Protection Bureau issued a 75-page consent order against Block, Inc. — the company behind Cash App. The finding: when Block froze or closed accounts, customers received only a generic statement that they had violated the terms of service. The appeals process delivered boilerplate responses. No specifics. No remediation path. No explanation.

Three platforms. Three enforcement actions. One pattern.

PayPal, Venmo, and Cash App are consumer payment apps. The places where ordinary people keep their money. But what happens when the amounts get larger and the intermediary isn't a fintech company — it's the infrastructure itself?

When Stripe Becomes Judge and Jury

For twelve years, Stripe processed card transactions for Flipcause, a U.S. donation platform that served nonprofits. Then, in late 2025, Mastercard warned Stripe that Flipcause wasn't properly registered as a payment facilitator — a technical compliance violation that could trigger fines of up to $190,000.

Stripe's response: freeze the account. Hold less than $1 million in funds belonging to charities. Place a reserve until at least February 2026.

The charities had done nothing wrong. They weren't accused of fraud, money laundering, or sanctions violations. They were downstream victims of a compliance dispute between a processor and a card network. On December 22, 2025, Flipcause asked a federal bankruptcy judge to compel Stripe to release the funds. Stripe objected, explaining it had already been fined $137,500 by Mastercard and faced up to $6 million in additional exposure.

Flipcause went bankrupt. The charities waited.

This isn't an isolated case. Legal analyses document a consistent pattern: Stripe tells merchants their funds will be held for "up to 120 days." At the end of that period, a generic email arrives — additional review needed, no concrete release date. Arbitration and Better Business Bureau complaints describe holds lasting 180 days or more, sometimes with zero chargebacks on record. The merchant's only crime was being labeled "high risk" by an algorithm.

Stripe isn't malicious. Mastercard isn't either. They are responding rationally to a system that punishes under-compliance with billion-dollar fines and punishes over-compliance with nothing.

To understand why, follow the money.

The $3.2 Billion Incentive

In 2024, financial institutions paid more than $3.2 billion in AML-related fines globally. TD Bank alone was hit with a $3 billion penalty. Starling Bank: $29 million. Crypto firms, fintechs, and traditional banks — all targeted for failures to monitor transactions, inadequate suspicious-activity reporting, and processing payments for sanctioned entities.

Now consider the incentive structure.

If you're a compliance officer at a bank or payment processor, the downside of missing a suspicious transaction is existential: multi-billion-dollar fines, criminal charges, charter revocation. The downside of freezing an innocent customer's account is... a complaint. Maybe a lawsuit, years later. Maybe nothing at all.

Rational compliance teams optimize for one-sided risk. They freeze first and investigate later — or never.

Even the U.S. Treasury acknowledges this is a systemic problem. Its de-risking strategy report warns that indiscriminate account closures harm nonprofits, money-services businesses, and cross-border remittance providers. It recommends that regulators consider the harms of over-blocking, not just the risks of under-blocking.

The recommendation has existed for years. The incentive structure hasn't changed.

This dynamic isn't new. In 2013, the U.S. Department of Justice launched Operation Choke Point — using subpoenas and regulatory pressure to push banks into cutting off entire categories of legal businesses deemed "high risk." Payday lenders, pawn shops, firearms dealers. Not because individual merchants were guilty of anything, but because their industries were classified as reputational risks. The American Bankers Association argued the program asked banks to "choke off" customers who were "simply doing something government officials don't like."

The DOJ formally terminated Operation Choke Point in 2017. The FDIC rescinded its list of high-risk merchants. But the dynamic — regulators emphasizing AML and reputational risk, institutions responding by de-risking entire customer segments — never stopped. It just lost its name.

Crypto was supposed to fix this. No intermediaries. No gatekeepers. No one standing between you and your money.

Right?

Tether Froze $3 Billion

Since December 2023, Tether has frozen more than $3 billion in USDT across roughly seven thousand addresses. In early 2026, it executed one of the largest stablecoin enforcement actions to date — approximately $182 million frozen across five Tron wallets in a single 24-hour window.

The unfreezing process requires full identity verification, detailed proof of funds' origin, and complete transaction histories. Resolution timelines range from several weeks to up to two years. Many of the targeted addresses are plausibly linked to fraud or sanctions violations. But tainted funds pass through innocent counterparties, whose assets get frozen based on chain-analysis heuristics — without user-level due process.

The pattern is identical to PayPal and Stripe. Different technology. Same architecture.

In Malta, the Arbiter for Financial Services ruled on a case against Foris DAX MT Ltd — the entity behind Crypto.com. A user's account had been blocked since June 2024, immobilizing balances in USDT, USDC, SUI, SOL, and SAND. No valid reason was provided. Foris relied on terms of use granting it "sole discretion" to freeze assets and refuse transactions, "subject to applicable law," without liability. The complainant's lawyer argued that without knowing the basis of the freeze, it was impossible to contest it.

A 2025 case study by Key2Law describes a client whose funds were withheld by a crypto exchange under the guise of an "ongoing AML review." The client cooperated fully. Submitted every document requested. The exchange — an offshore entity in a jurisdiction with a closed corporate registry — provided no updates and no timeline. For months. It took formal legal correspondence and regulatory pressure to get the funds released.

UK law firms now advertise specialized services for clients whose crypto accounts have been frozen: accounts marked "under review," withdrawals blocked after successful verification, repeated and shifting document demands, accounts closed while funds remain inaccessible. A cottage industry of lawyers exists because the problem is that common.

The problem didn't follow the technology. It followed the architecture. Every system with a central operator who can freeze funds... freezes funds. But courts have started to notice.

Courts Are Pushing Back (Slowly)

In 2024, the High Court of England and Wales considered the case of Kopp Ltd, a commercial customer of HSBC. The bank had suspended two of Kopp's accounts during a periodic "safeguard review" for AML compliance. Kopp alleged the review was carried out in an "unreasonable, arbitrary and haphazard" manner and claimed approximately $1.68 million in lost profits. HSBC tried to get the case dismissed, relying on an exclusion clause in its business banking terms. The court refused, holding that there was a triable issue as to whether the exclusion clause was unenforceable.

The line is clear: freeze with evidence, and courts will back you. Freeze on vibes, and you may be liable.

In Uganda, a man named Ainebyoona was arrested on theft charges in 2020. His bank — DFCU — froze his account under its AML policies. He was acquitted of all criminal charges in 2023. His account remained frozen. For three years after acquittal, the bank maintained the freeze based on its own internal suspicion, without reporting to the relevant authority as required by statute. In February 2026, the High Court of Uganda ordered the bank to unfreeze the account, ruling that banks cannot maintain freezes indefinitely without evidentiary follow-through.

Indian courts have gone further. The Madras High Court has required authorities to freeze only the disputed amount linked to an alleged offense — not the entire balance. The Rajasthan High Court held that freezing entire accounts without a clear nexus to an offense violates fundamental rights. The Supreme Court of India is now examining the need for a nationwide standard operating procedure to prevent indiscriminate freezes: mandatory notice, time-bound reviews, and clarity about whether a freeze is evidentiary or punitive.

Even the U.S. government has started responding. In August 2025, an executive order targeted "politicized or unlawful debanking," directing regulators to require that account-closure and denial decisions be grounded in documented, individualized risk assessments — not reputational judgments. Past exits justified on amorphous "reputational risk" grounds may now be scrutinized retroactively.

The political spectrum converges. Courts in the UK, Uganda, India, Ireland, and Malta. A U.S. executive order. Everyone agrees this has gone too far.

But legal remedies take years. The Ugandan plaintiff waited three years after acquittal. The PayPal class action is still ongoing. Courts can set limits after the damage is done. They can't change the architecture that causes it.

That requires a different kind of fix.

The Architecture Is the Problem

Every case in this article — PayPal, Stripe, HSBC, Tether, Crypto.com — is a symptom of the same structural design. Three design choices interact to produce the world we've documented:

Heavy regulatory penalties for AML failures. Miss a suspicious transaction and your institution faces billion-dollar fines, criminal prosecution, and charter revocation. The stick is enormous.

Delegation of AML to intermediaries who control fund access. Banks, payment processors, exchanges, and stablecoin issuers are the chokepoints. They decide who can transact and who can't.

Contractual frameworks that give intermediaries broad discretion with minimal due-process obligations. Terms of service grant "sole discretion" to freeze, seize, and close accounts. Exclusion clauses attempt to eliminate liability for losses. Appeals processes deliver boilerplate responses.

This triangle is self-reinforcing. Higher fines make intermediaries more aggressive. More aggressive freezes produce more collateral damage. More collateral damage produces more litigation and regulatory attention. Which produces more fines and rules.

The system optimizes for the intermediary's risk. Not the user's rights.

Here's what matters for DeFi: crypto reproduced this architecture by accident.

Stablecoins need issuers. Issuers get regulated. Regulation requires compliance controls. Compliance controls require the ability to freeze funds. The on-chain freeze() function is the same problem in a different programming language. A $3 billion blacklist executed by a centralized issuer is functionally identical to a PayPal seizure — it just settles faster.

The technology changed. The architecture didn't. And as long as a single entity sits between users and their funds with the power to freeze, seize, or deny access — the cases documented here will keep happening. Across every jurisdiction. Across every technology stack.

So what does a system look like where compliance still happens — but no single entity can freeze your funds?

Compliance at the Edge

The argument isn't that compliance should disappear. Money laundering is real. Sanctions evasion is real. The systems that catch them serve a purpose.

The argument is that the architecture of compliance — who enforces it, where, and with what recourse — determines whether it protects people or harms them.

Every case in this article shares one structural feature: a central intermediary with the power to freeze funds and no meaningful obligation to explain why, respond to appeals, or limit the duration of the freeze. The user's only recourse is after-the-fact litigation in a system where the intermediary holds the money and the burden of proof.

What if you could invert that?

Instead of one entity deciding who can transact and blocking everyone else, imagine users proving they meet compliance requirements — without revealing their identity. A compliance provider maintains a curated set of approved participants: accounts that have passed sanctions screening, KYC checks, or whatever criteria apply. When a user transacts, they generate a cryptographic proof: "My account is in this approved set." The verifier learns that someone legitimate authorized the transaction. Not which someone.

This is called an Association Set Provider (ASP) model, drawn from research co-authored by Vitalik Buterin. The compliance verification happens at the user layer, not the intermediary layer. No single entity needs custody of your funds. No single entity can freeze them.

The distinction that matters: positive membership versus negative exclusion.

Most compliance today works by exclusion — blacklists, sanctions lists, risk flags. You're fine until someone decides you're not. And once you're flagged, the burden shifts to you to prove you're clean. If you're the Ugandan plaintiff, that process takes three years. If you're the PayPal user, it takes a class action.

Positive membership inverts this. You prove you belong to an approved set. If your status changes — a false positive is corrected, you complete additional verification, you're removed from a sanctions list — you re-prove against the updated set. Your funds aren't permanently tainted. No 180-day hold. No boilerplate denial letter. No three-year wait for a court order.

Think about what this means for the cases we've seen.

If the PayPal users held a non-freezable stablecoin with compliance proven at the user layer, there is no freeze() function to call. The funds are on-chain. The compliance proof is cryptographic. PayPal's internal risk system is irrelevant — because PayPal isn't in the loop.

If Flipcause's nonprofits received donations in a system without issuer-level control, Stripe's Mastercard dispute wouldn't have cut charities off from their own funds. The compliance relationship is between the user and the attestation provider, not between the user and the payment processor.

If the Maltese complainant's assets were in a protocol without centralized freeze powers, Crypto.com's "sole discretion" clause would be irrelevant. There would be no entity with discretion to exercise.

This doesn't eliminate compliance. It relocates it. From the intermediary — who has every incentive to over-freeze and no accountability for doing so — to the user, who proves compliance proactively using zero-knowledge cryptography.

Courts are slowly imposing proportionality, transparency, and due-process requirements on intermediaries. The architectural approach makes those requirements structural rather than aspirational. You can't arbitrarily freeze what you don't control.

What We're Building

We are building this architecture.

A non-freezable stablecoin. A privacy pool for any ERC20 token. A modular compliance framework based on the ASP model. All shipped as independent, reusable SDKs — described in detail in Why We're Building Privacy Infrastructure From Scratch.

It's early. We're actively developing, testing, and iterating. We don't have all the answers, and we're looking for the people who can help us find them — compliance thinkers who see the structural problems documented here and want to build the alternative. Protocol designers who understand that privacy and compliance are not opposites. Developers who believe the architecture of financial infrastructure should protect users, not just intermediaries.

Find us on GitHub, explore the documentation, or come talk to us on Telegram.