On April 25, 2024, the FBI Internet Crime Complaint Center (IC3) published a public advisory telling U.S. users to avoid crypto money-transmitting services that do not collect KYC information. The publication landed less than a day after the Samourai arrests, which made the timing look intentional: enforcement headlines were immediately followed by broad public guidance that treated many privacy tools as risk signals.
The practical effect went beyond the U.S. very quickly. Exchanges, payment processors, and banks in multiple regions circulated the memo internally and started citing “FBI guidance” in compliance conversations with customers. If you understand exactly what the PSA says, and what it does not say, you can answer those inquiries with documented facts instead of reacting under pressure.
What the Advisory Actually Said
The advisory compressed several distinct ideas into one message for media, victims, and financial institutions. It framed “unregistered” services as high-risk channels, emphasized ransomware narratives, and warned that funds sent through such tools might be difficult to recover. It also encouraged institutions to escalate reporting when customers touch privacy-preserving infrastructure, which in practice gave compliance teams extra justification for account reviews.
Important point: the PSA is not legislation. It did not rewrite the underlying legal distinction between custodial intermediaries and non-custodial software. FinCEN’s 2019 framework still treats pure self-custody tools differently from services that take possession of funds. Even so, many compliance desks now use the PSA the same way they use OFAC advisories: as a policy signal that supports stricter screening decisions.
Context: Samourai Arrests and Treasury Pressure
The warning’s timing was no coincidence. One day before its publication, DOJ unsealed the Samourai Wallet indictment, and Treasury had just expanded its sanctions campaign against mixers. By releasing the PSA immediately after those headlines, the FBI gave banks a document to cite when freezing or reporting any customer who touched the Samourai ecosystem. It also reinforced the messaging outlined in our crackdown timeline: even non-custodial tools could be labelled “unregistered money transmitters” if investigators dislike the user base.
Behind the scenes, law enforcement agencies had been lobbying for broader cooperation with travel-rule vendors and data-sharing platforms. The PSA essentially deputised banks to extend that scrutiny to any transaction leaving or entering a privacy wallet, even when the user was moving their own coins. That combination of public warning and private pressure explains why neobanks, OTC desks, and fintech card programs suddenly started emailing customers about “FBI guidance” in May 2024.
How Developers and Users Responded
Wallet teams knew the best defence was sunlight. Many released transparency updates explaining their architecture, published reproducible builds, and reiterated that they cannot reverse or freeze user funds. Coordinator operators set up onion mirrors, added warrant canaries, and documented uptime to show they were not shuttered alongside Samourai. Advocacy groups launched webinar series comparing the PSA with existing law, pointing users toward resources like the privacy tools directory, Monero alternatives guide, and long-form explainers on collaborative transactions.
Users mirrored that energy by sharing open letters with their banks, referencing FinCEN’s 2019 guidance that explicitly exempts non-custodial tools, and reminding policymakers that software code is protected speech. Education campaigns resembled the crisis playbooks developed after Bestmixer and ChipMixer: communicate fast, emphasize decentralisation, and draw a bright line between software suppliers and custodial intermediaries.
Impact on Exchanges and Mixers
In the following weeks, many platforms tightened filters around CoinJoin, Whirlpool, and e-cash-linked activity. Some processors quoted the memo directly in customer notices, and some neobanks revised terms to reserve broader account-closure rights for transactions they now classify as high-risk. That pressure also pushed some projects to geofence markets or add optional compliance-friendly proof features for users who needed to answer exchange questions.
For users, the operational response is documentation and route planning. Keep clean notes, preserve TXIDs and wallet context, and pre-check risk exposure before sending funds into regulated venues with tools like the BitMixList AML Checker. Use layered workflows instead of one dependency, and keep a concise lawful-use explanation ready if compliance asks. The more prepared you are, the less likely a policy memo turns into a prolonged freeze.
Action Plan for Operators and Power Users
Operators should inventory every point where they interact with customers—newsletter providers, web hosts, code-signing services, exchange partners—and assume each counterpart has seen the PSA. Draft canned responses citing FinCEN guidance, highlight your open-source repos, and consider publishing annual transparency reports. If you run liquidity infrastructure, audit what metadata you store and purge anything that could be misinterpreted as “customer account data.”
Power users can reduce friction by compartmentalising UTXOs, avoiding cross-contamination between doxxed wallets and mixes, and pre-writing explanations for their compliance departments. Use the AML Checker to document that coins were clean before entering a mixer, store screenshots of transaction IDs, and fall back to private liquidity venues or peer-to-peer desks when legacy banks overreact. The PSA may reappear every time another mixer case hits the news, so keeping your own dossier of facts, links, and proofs-of-funds is the best insurance.
References
- FBI IC3 Public Service Announcement PSA240425
- DOJ press release on Samourai Wallet arrests
- Treasury statement expanding mixer sanctions
- CoinDesk coverage of the FBI warning
- FinCEN 2019 guidance on custodial vs. non-custodial wallets
Author
NotATether
Bitcoin privacy researcher and maintainer of BitMixList. Focused on mixer history, enforcement timelines, and practical privacy workflows for users operating in high-friction jurisdictions.
