Zondacrypto Case: Poland's Largest Exchange Becomes Target of Federal Investigation with Hundreds of Victims, €82M Missing and 4,500 BTC Locked in Disappeared Founder's Wallet

On April 21, 2026, the Polish Prosecutor's Office officially announced an investigation against Zondacrypto, one of the largest crypto exchanges in Central and Eastern Europe. The preliminary accusations: fraud, money laundering, ties with Russian organized crime and Moscow security services. The identified victims already number in the several hundreds. The minimum declared loss is 350 million złoty — approximately €82.8 million — and, according to Prosecutor's Office spokesman Michał Binkiewicz, "this number is growing continuously".

As if the shortfall weren't enough, there is one detail that takes the story to another level: in a company wallet there are 4,500 bitcoins, something like €290 million — and no one can access them, because the private key belongs exclusively to the platform's original founder, Sylwester Suszek, missing without a trace since March 2022.

For those who followed our coverage of the crypto regulation crisis in Poland — President Karol Nawrocki vetoed for the second time, on February 12, the law that would enable the KNF to issue CASP licenses — the Zondacrypto case is the exact materialization of the scenario that the absence of a national framework allows. It's no coincidence. It's a consequence.

Who is Zondacrypto (and why it matters)

The platform began in 2014 as BitBay, founded by Polish entrepreneur Sylwester Suszek. Over seven years it became Poland's largest crypto exchange and one of the three largest in Central and Eastern Europe, with tens of thousands of active users and significant market share in all satellite countries from Germany to the east.

In 2021, the company was sold to an American investor, renamed to Zondacrypto and repositioned under new management — Przemysław Kral took over as CEO. Officially, a success story: local startup becomes pan-European platform, receives foreign capital, expands.

The critical detail went almost unnoticed at the time: Zondacrypto restructured itself to operate under a license issued in Estonia, not Poland. In the eyes of the law, technically, it ceased to be a company supervised by the Polish regulator (KNF) and started operating as a service provider under Estonian rules, with passporting to serve Polish customers.

The change was made under the justification of "European harmonization" and "regulatory efficiency". In practice, the immediate effect was different: if something went wrong, it would be up to Tallinn — not Warsaw — to investigate, sanction and protect consumers. And Estonia, for operational and geographic reasons, has very limited capacity to supervise a platform whose customers are almost all in another country.

The founder's disappearance: March 2022

In March 2022 — weeks after the Russian invasion of Ukraine and at a particularly sensitive moment for any company with exposure to Eastern Europe — Sylwester Suszek left a business meeting and simply disappeared. To this day, there is no record of his whereabouts. The initial missing persons investigation remains open, without closure.

From a corporate perspective, the effect of the disappearance was immediate and serious: Suszek was the sole holder of the private key to the company wallet that held 4,500 BTC. At April 2026 values, this represents €290 million — a fortune that, for strictly cryptographic reasons, is frozen until further notice. Current CEO Przemysław Kral told the press: "Suszek never handed over the key to the 4,500 bitcoins wallet to the new management".

It's the kind of statement that, in any traditional financial institution, would generate regulatory intervention within 24 hours. As Zondacrypto operated under an Estonian license, it served only as a footnote in a few specialized media outlets.

The April 2026 collapse

The escalation that led to the official investigation began in early April. On-chain analysts noticed accelerated decline in the platform's declared bitcoin reserves, combined with spikes in withdrawal requests. The pattern is classic — and instantly recognized by any crypto veteran: bank run in formation.

Between April 16 and 17, Polish media coverage intensified. Three supervisory board members — Veronika Togo, Guido Buehler and Georgi Džaniašvili — resigned en bloc, publicly citing "material inconsistencies" in the financial information presented by management. In corporate governance, when three supervisors resign simultaneously invoking "material inconsistencies", it's because they tried to resolve it internally and failed. It's practically the formal version of "get out while you can".

Zondacrypto's official response to the press was to maintain that the company "remains stable and solvent", and classified the wave of reports as a "politically motivated campaign". The defense was not enough to contain the Prosecutor's Office, which opened a formal investigation on April 21.

The political dimension — and Russian

If the case had stopped at "missing founder + bank run + foreign exchange", it would already be serious. But the Polish investigation took on, from day one, an explicit dimension of national security.

Prime Minister Donald Tusk publicly stated that Zondacrypto's success was "rooted not only in Russian money linked to one of Russia's most powerful mafia groups, but also in Russian security services". Interior Minister Tomasz Siemoniak went even further, alleging that funds moved through the platform financed Polish right-wing opposition initiatives, including:

• CPAC Poland, the local version of the main American conservative conference;
• Donations to the Polish Sovereignty Institute, linked to Zbigniew Ziobro — former Polish Justice Minister currently sheltered in Hungary following domestic charges.

On the other side, opposition leader Sławomir Mentzen argued that "the proposed regulation would not have prevented the occurrence" and accused the Tusk government of delays in acting — pointing out that the case has been taking shape for years. President Nawrocki, who vetoed the CASP law for the second time in February, did not comment on the specific Zondacrypto investigation.

It's important to note: allegations of Russian ties and political financing are accusations by political authorities, not yet proven in court. But the simple fact that they are on the Prosecutor's Office desk illustrates the gravity of what is being investigated. It's not "just" investor fraud.

How the regulatory loophole made it all possible

The Zondacrypto case is a perfect case study of why European crypto regulation is migrating to MiCA. Under the previous system — VASPs registered nationally in each country — there was an obvious regulatory arbitrage:

1. Poland tightens rules? The company moves headquarters to Estonia.
2. Estonia gets strict? Move to Lithuania, Cyprus, Malta.
3. Meanwhile, serve the same Polish customers as if nothing had changed.

MiCA was explicitly designed to close this loophole. Under the new regime, which takes full effect on July 1, 2026, a CASP licensed in any Member State receives a "single passport" that allows operation across the entire bloc — but under uniform minimum standards for capital, governance, custody and consumer protection. The license issuer carries full supervisory responsibility, including for acts committed against consumers in other countries.

The problem, as we covered in a previous article, is that Poland is two months before the deadline without a functioning national framework. President Nawrocki vetoed the implementing law for the second time in February, paralyzing the KNF's ability to issue local CASP licenses. While the Polish Parliament doesn't resolve the impasse, the scene is almost cartoonish:

• Legitimate companies that wanted to stay in Poland were blocked from advancing;
• Companies like Zondacrypto, already sheltered in Estonia, continued operating;
• Polish consumers ended up in a regulatory no-man's-land, depending on the goodwill of foreign supervision for any type of protection.

The result is on the front page of Polish newspapers: the first major crypto blowup of the MiCA-in-transition era is with a foreign-domiciled platform serving local customers, with a disappeared founder, €290 million locked by cryptography and allegations of foreign intelligence financing.

The four warning signs that were there — and the market ignored

It's worth recapping what should have triggered alarms well before April 2026:

1. 2021 — change of jurisdiction: the restructuring to Estonia was not a scaling strategy; it was a flight. The market treated it as a technical detail.
2. 2022 — founder disappearance + single key: an exchange that depends on one man to access half its reserves is an exchange that, by any reasonable definition, is already compromised. The public didn't know because Estonia has no efficient mechanism for disclosing information to customers in another country.
3. 2024-2025 — absence of independent proof-of-reserves audit: in an era where even smaller platforms publish proof of reserves regularly, Zondacrypto never adopted the standard credibly. The silence was the message.
4. April 2026 — decline in reserves + increase in withdrawals: the classic pattern of insolvency, visible on-chain from the first days of the month.

None of these signs were secret. All were available to anyone who wanted to look. The combination of regulatory arbitrage + absence of effective local supervision + fragmented specialized media + users trusting the brand made it possible for the alarm to sound only when the company was already sinking.

A note on the 4,500 orphaned bitcoins

The fate of 4,500 BTC — currently valued at €290 million and potentially much more in the coming years — is one of the most surreal points in the story. There are few possible scenarios:

• Suszek is alive and holds the key: in that case, at any moment he can reappear to negotiate. On Russian soil, typically — where extradition to Poland is legally impossible.
• Suszek died with the key: the funds are permanently frozen. Classic crypto economics: a quarter of the company's solvency problem becomes unintentional burn forever.
• Suszek was kidnapped/forced to hand over the key: in that case the funds are already being moved by third parties and the official version is false.
• There never was a single key and the narrative is made up: most cynical hypothesis, but consistent with the fraud pattern.

Whatever the truth, the case is now federal. It will be the first major test, in Poland, of a Prosecutor's Office running a crypto-native investigation in international cooperation. The effectiveness of the European system for recovering blockchain assets is under scrutiny.

The ON3X reading

ON3X obtained its VASP registration in Poland before the grandfathering deadline, within the previous Polish legal framework, supervised by the national authority. Let's go straight to the points that the Zondacrypto case illuminates:

1. Registering in the right jurisdiction is not a formality — it's infrastructure for trust. When things go wrong, the user wants to know who investigates, who freezes accounts, who executes warrants, who cooperates with local Federal Police. License in the "European offshore country" may seem like administrative efficiency until the day the customer needs it.
2. Proof-of-reserves should be mandatory, not optional. Zondacrypto's prolonged absence of independent proof of reserves was one of the main warning signs. ON3X publishes reserve information at an appropriate pace and advocates, in regulatory forums, that the practice be standardized for all European CASPs.
3. Single-key dependency is serious governance failure. No serious crypto company in 2026 should have 100% of its reserves accessible by a single person. Multisig, MPC, separation of powers and business continuity protocols are basic requirements — not premium features.
4. The Polish regulatory vacuum is a systemic risk. Until Poland's Parliament resolves the presidential veto impasse, we'll see more Zondacrypto-type scenarios emerging. ON3X monitors next steps and maintains service continuity routes already ready via passporting, in partnership with jurisdictions with fully functional MiCA regimes.

For the Polish and European consumer, the recommendation is objective: demand from the platform you use the three pieces of information below:

• In which country it is regulated and the name of the supervisory authority;
• When was its last proof-of-reserves publication;
• How is the custody process — multisig, MPC, third-party custodian?

If the company doesn't answer these three questions in clear language, consider another provider. Because, uncomfortable as it may be to accept, it's too early in crypto's history to trust a brand without compliance backing.

What to watch in the coming weeks

The Zondacrypto case will dominate European crypto news for months to come. Some points especially merit attention:

• International cooperation: how will Estonia and Poland coordinate the investigation? There is precedent, but few cases of this magnitude;
• The saga of the 4,500 BTC key: any on-chain movement of the target wallet will be monitored by dozens of analysts — if the funds move, it's front-page news;
• Domestic political impact: the case has the potential to accelerate or further stall the Polish CASP law proceedings, depending on how the public narrative solidifies;
• Regional domino effect: other platforms with similar structure (registered in one jurisdiction, serving another) may see their reserves come under preventive pressure. Beware of contagion.

Behind the scandal headline, the core message is the same as the last decade of crypto: the absence of regulation was never freedom — it was exposure. Well-designed regulation is not an enemy of the sector; it's the condition without which the sector cannot grow beyond a niche. Cases like Zondacrypto, more than any technical discourse, are what convinces the next wave of users to demand — and accept paying for — platforms that get the basics of compliance right.