Lithuania · EU Context · 2026
Crypto Basics
& MiCA Licensing
by Arturas B.
Overview
Agenda
Part 1 · Slides 3–23
Crypto Basics
- Blockchain & cryptocurrency fundamentals
- Wallets, keys, seed phrases
- Custodial vs non-custodial
- Multisig & MPC
- Transactions, consensus, mining
- Asset types, DeFi, bridges
- Dark side: mixers, rug pulls, privacy coins
Part 2 · Slides 24–45
MiCA & Compliance
- What is MiCA — Lithuania context
- Licensing process & team requirements
- KYC onboarding — retail & corporate
- Custody, reconciliation, Art. 70
- Blockchain analytics & Travel Rule
- Transaction flows (deposit/exchange/withdrawal)
- Recommended chains & assets
Part 3 · Slide 46
Homework
- MetaMask → CEX onboarding → DEX trade → Cross-chain bridge
Part 1
Crypto Basics
Blockchain · Wallets · Assets · Consensus · Ecosystem
Basics · Blockchain Fundamentals
What is Cryptocurrency & Blockchain
Cryptocurrency
- Digital asset secured by cryptography. Exists purely as code.
- Ownership proven by controlling a private key — no private key = no asset
- No physical form — no serial number, no vault
Blockchain
- Distributed ledger replicated across thousands of nodes
- Each block contains transactions + hash of previous block → immutable chain
Block Explorers
- Public websites to browse every transaction, block, and address on the blockchain
- Great way to verify a payment, check confirmations, or inspect how a transaction was built
- Examples: blockchain.com (BTC) · etherscan.io (ETH) · bscscan.com (BSC)
EVM — Ethereum Virtual Machine
- The computing environment that runs smart contracts on Ethereum and compatible chains
- EVM-compatible chains (BSC, Polygon, Avalanche) share the same address format, tooling, and contract standards — one wallet works everywhere
Layer 1 vs Layer 2
- Layer 1 = the base blockchain (Bitcoin, Ethereum) — secure but slower and more expensive
- Layer 2 = built on top of L1, inherits its security but processes txs faster and cheaper (Arbitrum, Optimism, Polygon)
- Lightning Network = Bitcoin L2 — payment channels for instant, near-free BTC transfers. Used in El Salvador.
Decentralisation
- No central authority. No single server.
- No bank, government or company controls the network
Immutability
- Once confirmed and buried under subsequent blocks, a transaction cannot be altered or deleted
- No "undo", no chargebacks — ever
Think: Google Docs shared with 10,000 people simultaneously — no one owns the master copy
Proof of Work (PoW) vs Proof of Stake (PoS)
- PoW (Bitcoin) — miners compete to solve a cryptographic puzzle using computing power. Winner adds the block and earns the reward. Energy intensive by design — makes cheating expensive.
- PoS (Ethereum, Solana) — validators chosen based on how much crypto they have staked as collateral. No puzzle, far more energy efficient. Cheat = lose your stake.
- PoW = trust through energy. PoS = trust through economic stake.
Basics · Blockchain Fundamentals
Public & Private Keys / Wallets
Private Key — proof of ownership
- Mathematically generated random number
- Signs transactions to authorise them
- Never share. Lost = funds gone permanently.
Like a PIN code — secret, never share, proves it's you
Public Key — your address
- Derived mathematically from private key
- Share freely — others send funds here
- Cannot reverse-engineer private key from it
Like a Bank IBAN — share freely, others send money to it
Seed Phrase — 12 or 24 words
- Master backup that regenerates your private key
- Anyone with these words owns your assets
- Write on paper, store offline, never photograph
Like a password reminder question — master recovery, anyone with it owns everything
All valid words come from a public list of exactly 2,048 words. Yet a 12-word phrase has 2,048¹² ≈ 5 × 10³⁹ combinations — longer than the age of the universe to brute-force.
HD Wallets
- One seed phrase → master key → infinite child addresses
- Each tx can use a fresh address (UTXO chains)
- xpub — share with auditor to see all addresses (no spending rights)
- xpub hidden in MetaMask/Trust Wallet — only in Electrum, Ledger, Sparrow
Hot vs Cold Wallets
- Hot — internet-connected. Convenient, higher risk. MetaMask, Trust Wallet.
- Cold — air-gapped, offline. Hardware device (Ledger, Trezor). For long-term storage.
Irony: Bitcoin is hardest to verify ownership despite being the oldest — fresh address per tx, xpub hidden in most wallets
Basics · Wallets & Custody
Custodial vs Non-Custodial (SHW)
"Not your keys, not your coins"
| SHW — Self-Hosted Wallet (Non-Custodial) | CASP — Exchange (Custodial) |
|---|
| Key holder | You | CASP holds keys on your behalf |
| KYC | None required | Required |
| On-chain ownership | Yes — verifiable on blockchain | Ledger entry only — not on-chain |
| Risk | Lose key = funds gone permanently | CASP failure = your problem |
| Examples | MetaMask, Ledger, Trust Wallet | Coinbase, Kraken, Binance |
FTX 2022: CASP failed → client funds gone. Alameda used client deposits for proprietary trading. MiCA Art. 70 (Safekeeping of clients' crypto-assets and funds) exists exactly to prevent this.
Deposit Addresses — Deterministic (CREATE2) vs Simple
- EVM smart contract deposit address (CREATE2) — computed before deployment, unique per client. Contract deployed on first deposit. Gas cost per deployment (~$0.50–$5 depending on network congestion). Millions of clients = significant cost.
- Simple address — free to generate, no on-chain cost. But management is hard: harder to attribute incoming deposits to specific clients without off-chain tracking logic.
- Simple addresses also accumulate dust — tiny leftover amounts after txs, too small to sweep (gas > value). Multiplied across millions of addresses this becomes a real reconciliation headache.
- Most CASPs use a hybrid: deterministic addresses for EVM chains (auto-forward to hot wallet), simple addresses for BTC/Solana with strong off-chain attribution.
Use term "deterministic address" — not "ghost" or "counterfactual"
Basics · Wallets & Custody
Multisig & MPC — Multi-Party Authorisation
Bitcoin Multisig
- Native protocol level — P2SH, P2WSH scripts
- No smart contract (Bitcoin doesn't have them)
- Logic lives in UTXO locking script
- M-of-N: 2-of-3 keys must sign to spend
Ethereum/EVM Multisig — Gnosis Safe
- IS a smart contract — Gnosis Safe
- Contract holds funds + enforces M-of-N logic
- Every approval on-chain — fully auditable
- Example: 2-of-3 (CEO + CFO + Security, any 2)
MPC — Multi-Party Computation (Fireblocks, BitGo)
- No smart contract, no on-chain script
- Private key never created as a whole — mathematically split into shards at creation
- Shards never combine — signing via secure multi-party computation
- Looks like normal single-sig tx on-chain — nothing reveals multi-party control
- Policy engine: low-risk txs auto-signed, high-risk triggers human approval workflow
- Full audit trail, granular controls per tx type
- Preferred by institutional CASPs — no single point of failure, works across all chains
Basics · How Transactions Work
How a Transaction Gets Into the Blockchain
1
User Signs Transaction
You initiate a send. Wallet signs the tx with your private key — cryptographic proof you authorised it.
2
Tx Broadcasted to Network
Signed tx is sent out to the P2P network and lands in the mempool on every node.
3
Pending Transactions Pool (Mempool)
Tx waits in the mempool. Miners pick txs from here, prioritising by fee. Low fee = wait longer or never get picked during congestion.
4
Block is Formed
Miner selects txs from mempool, assembles a candidate block, and races to solve the PoW cryptographic puzzle.
5
Block Broadcasted Over Network
Winning miner broadcasts the solved block to all nodes simultaneously.
6
Validated by Majority — Consensus
Each node independently validates. Majority consensus is enough — one rejection doesn't block it.
Orphan blocks: Sometimes two miners solve the puzzle at nearly the same time — two valid blocks exist briefly. Nodes eventually pick one (longest chain wins). The other is discarded — an orphan block. In Bitcoin the orphan miner gets no reward. In Ethereum these are called uncle blocks and the miner receives a small partial reward.
7
Block Added to Blockchain
Block permanently appended. All nodes update their copy. Tx confirmed and immutable. Every block on top makes reversal harder.
Basics · How Transactions Work
BTC Transaction Example (UTXO)
How Bitcoin UTXOs Work
- Bitcoin has no "balance" — your wallet holds UTXOs (Unspent Transaction Outputs) — discrete chunks like banknotes
- To send BTC, wallet selects UTXOs that cover amount + fee. UTXOs are fully consumed — cannot be partially spent
- Tx has inputs (UTXOs spent) and outputs (recipient + change back to you)
- Change address — surplus returns to a fresh address in your own wallet
- Fee — implied: difference between total inputs and total outputs. Never stated explicitly.
- Advanced wallets (Electrum, Sparrow) let you pick UTXOs manually — matters for privacy and AML taint
Real Transaction Breakdown
| Amount | Note |
|---|
| Input | 0.00042275 BTC | One UTXO from sender |
| Output 1 | 0.00037439 BTC | Payment — recipient |
| Output 2 | 0.00003396 BTC | Change — back to sender |
| Fee | 0.00001440 BTC | Implied remainder |
Basics · How Transactions Work
EVM Transaction Example (USDC on BSC)
How EVM Transactions Differ from BTC
- EVM uses an account model — no UTXOs. Your address has a balance, like a bank account
- No change address — exact amount is sent, nothing returns to sender
- Token transfers (USDC) are smart contract calls — value field is 0. The actual amount lives in the contract input data
- Fee is always paid in the native chain token (BNB on BSC) — even when sending USDC
- Same address works across all EVM chains — ETH, BSC, Polygon, Avalanche
- Gas = fee for computation. Gas used × Gas price = total fee
Real Transaction Breakdown
| Value | Note |
|---|
| From | 0x1827…d901 | Sender wallet |
| To (contract) | 0x8ac7…580d | USDC contract on BSC |
| Recipient | 0x5c18…f5f2 | Token recipient |
| Amount | 1.6139 USDC | ERC-20 transfer |
| BNB value | 0 | No native BNB moved |
| Gas used | 41,771 | Of 62,901 limit |
| Gas price | 3 Gwei | BSC standard |
| Fee | 0.000125 BNB | ~$0.08 — paid by sender |
Basics · Networks & Infrastructure
Speed & Scalability
| Network | TPS | Txs per Block | Confirmation Time | Safe Confirmations |
|---|
| Bitcoin | ~7 | 1,000–3,000 | ~10 min / block | 6 blocks (~60 min) for large amounts; 1–3 for small |
| Ethereum L1 | ~30 | 100–300 | ~12 sec / block | 12–30 blocks (~2–6 min) |
| BNB Chain | ~300 | 200–500 | ~3 sec / block | 15–30 blocks (~45–90 sec) |
| Solana | 3,000–5,000 | N/A (slots) | ~400 ms / slot | 32 slots (~13 sec) for finality |
| Ethereum + L2 | 4,000–100,000+ | Varies | Seconds on L2 | Depends on L2 — optimistic rollups: 7-day challenge period |
| Visa (avg / peak) | ~24,000 / ~65,000 | N/A | ~2–3 sec (auth) | N/A — centralised, final settlement takes days |
Blockchain Trilemma — pick 2 of 3: Security · Decentralisation · Speed. Bitcoin chose security + decentralisation → slow. Solana chose speed → trade-offs on decentralisation.
Lightning Network (Bitcoin L2)
- Payment channels opened off-chain with one on-chain tx
- Unlimited txs between parties — instant, near-free
- Channel closed with one on-chain settlement
- Theoretically millions TPS. Used in El Salvador.
- Limitations: capital locked in channels, routing can fail, designed for micropayments
Basics · Networks & Infrastructure
Smart Contracts
What are they?
- Self-executing code stored on the blockchain
- Runs automatically when predefined conditions met
- No intermediary — trustless execution enforced by network
- Cannot be stopped once deployed (unless kill switch built in)
- Ethereum = dominant smart contract platform
- Others: Solana, BNB Chain, Avalanche, Cardano
Powers
- DeFi — lending, borrowing, trading without banks
- NFTs — ownership and transfer logic
- DAOs — governance and treasury management
- Token issuance — ERC-20, ERC-721
Risk — bugs are permanent vulnerabilities
- No bank to call. No customer support. No undo.
- Audits reduce risk but cannot eliminate it
- Complexity = larger attack surface
Famous hacks
- DAO 2016 — $60M. Led to Ethereum hard fork.
- Ronin Bridge 2022 — $625M. North Korean hackers.
- Wormhole 2022 — $320M
- Nomad 2022 — $190M
Smart contract audit ≠ guarantee. It's a peer review of code at a point in time. Protocol can be upgraded, conditions can change.
Basics · Networks & Infrastructure
Layer 1 vs Layer 2
| L1 — Base Blockchain | L2 — Built on Top |
|---|
| Security | Own consensus | Inherits L1 security |
| Speed | Slower | Faster |
| Cost | Higher gas fees | Lower fees |
| Examples | Bitcoin, Ethereum, Solana | Arbitrum, Optimism, Lightning |
Rollup Types (Ethereum L2)
- Optimistic rollups (Arbitrum, Optimism) — assume txs valid, fraud challenge period
- ZK rollups (zkSync, StarkNet) — cryptographic proof of validity, theoretically 100,000+ TPS
Why L2 matters for CASPs
- Lower gas = cheaper client withdrawals
- Faster settlement = better UX
- Same Ethereum security guarantees
- EVM-compatible = same tooling, same contract addresses
- Polygon, Arbitrum, Optimism all have Elliptic/Chainalysis coverage
Polygon is both L2/sidechain and has its own validator set. Debate over classification continues, but functionally: EVM-compatible, low fees, USDC supported.
Basics · Networks & Infrastructure
Top Blockchains
| Chain | Consensus | Key Feature |
|---|
| Bitcoin | PoW | Most secure, 21M supply, digital gold |
| Ethereum | PoS | Dominant DeFi/NFT, smart contracts |
| Solana | PoH + PoS | High speed, low cost |
| BNB Chain | PoSA | Binance-controlled, EVM-compatible |
| Avalanche | PoS | Fast finality, subnets |
| Polygon | PoS | ETH L2/sidechain, low fees |
| Cardano | PoS | Academic, peer-reviewed |
| XRP | Federated | Payments focus, fast settlement |
Top Cryptocurrencies by CMC (06.03)
| # | Name | Price | 24h% | 7d% | Market Cap | 24h Volume | Circ. Supply |
|---|
| 1 | BTC | $65,867 | −0.12% | +2.08% | $1.32T | $50.1B | 20.03M |
| 2 | ETH | $1,825 | −0.10% | +4.60% | $220B | $25.2B | 120.68M |
| 3 | USDT | $0.999 | 0.00% | +0.02% | $188B | $106.9B | 188.1B |
| 4 | BNB | $627 | −0.15% | +4.98% | $85B | $2.1B | 134.78M |
| 5 | USDC | $1.00 | 0.00% | 0.00% | $76B | $16.9B | 75.94B |
| 6 | XRP | $1.21 | −0.25% | +0.35% | $75B | $2.8B | 61.97B |
| 7 | SOL | $72.75 | −0.44% | +4.28% | $42B | $4.5B | 578.44M |
| 8 | TRX | $0.334 | −0.34% | +0.70% | $32B | $723M | 94.81B |
| 9 | HYPE | $73.88 | −0.74% | +4.17% | $19B | $1.4B | 253.62M |
| 10 | DOGE | $0.093 | −0.21% | +1.79% | $14B | $1.1B | 170.22B |
Basics · Networks & Infrastructure
Soft Fork vs Hard Fork
Soft Fork — backward compatible
- Old nodes still work, just don't enforce new rules
- No chain split if majority adopts
- Example: Bitcoin SegWit 2017 — changed how tx data is stored, increased effective block capacity
Hard Fork — non-backward compatible
- Old and new nodes become incompatible
- Community split → two separate chains
- Both chains share history up to the fork block
- Holders of original coin receive both
Famous Hard Forks
- Bitcoin → Bitcoin Cash (BCH) 2017
Block size disagreement: BTC kept 1MB, BCH increased to 8MB. Both exist independently today.
- Ethereum → Ethereum Classic (ETC) 2016
DAO hack rollback. Purists: "code is law" → kept original chain = ETC. Others followed rollback = ETH.
- Ethereum Merge 2022
PoW → PoS. Near-unanimous agreement, no split. Biggest protocol change in crypto history. Energy use dropped ~99.95%.
Basics · Assets & Tokens
Coin vs Token + Wrapped Assets + NFTs
| Coin | Token |
|---|
| Blockchain | Own native chain | Built on existing chain |
| Purpose | Native currency, gas fees | Utility, governance, ownership |
| Examples | BTC, ETH, SOL | USDC, UNI, LINK, AAVE |
| Standard | — | ERC-20 (ETH), BEP-20 (BNB), SPL (SOL) |
Analogy: Coin = country's official currency. Token = loyalty points issued by a business in that country.
Fungible vs Non-Fungible
- Fungible — every unit is identical and interchangeable. 1 BTC = any other 1 BTC. Same with USDC, ETH, ERC-20 tokens.
- Non-Fungible (NFT) — each token is unique. Token ID #1 ≠ Token ID #2, even from the same contract.
NFTs — Non-Fungible Tokens (ERC-721)
- Each token has a unique on-chain ID — ownership is verifiable and transferable
- Use cases: digital art, event tickets, game items, domain names, real-world asset tokenisation
- ERC-721 = one unique token. ERC-1155 = semi-fungible: multiple copies of same item ID (e.g. 1,000 identical swords in a game) — fungible within the same ID, non-fungible across IDs. Also supports fractional ownership of a single asset.
- The NFT points to metadata (image, file) — usually stored off-chain (IPFS). The blockchain records ownership, not the file itself.
- Outside MiCA scope entirely — no white paper or reserve requirements
Fractional Tokens
- ERC-20 tokens support up to 18 decimal places — you can hold 0.000000000000000001 ETH (1 Wei). All fungible tokens are inherently fractional.
- Fractional NFTs — lock an ERC-721 into a vault contract, issue ERC-20 shares representing % ownership. E.g. a $1M art NFT split into 1,000,000 shares at $1 each. Allows collective ownership of high-value assets.
- ERC-1155 semi-fungible tokens also serve this purpose within game/platform ecosystems — multiple identical copies of the same asset ID.
- Regulatory note: fractional NFTs with profit expectations may be classified as securities under MiCA or national law — grey area.
Wrapped Tokens
- Lock 1 BTC → mint 1 WBTC on Ethereum (1:1)
- Use Bitcoin value inside Ethereum DeFi
- Burn WBTC → unlock original BTC
- Examples: WBTC, WETH, wBNB
Risk: trust the custodian. If hacked/insolvent → WBTC worthless.
Basics · Assets & Tokens
Asset Types
Stablecoins
Fiat-backed: USDC, USDT — backed by real cash/treasuries
Algorithmic: UST/Luna — backed by nothing, collapsed 2022, $40B wiped. Effectively banned under MiCA.
Commodity-backed: gold-pegged tokens
NFTs — Non-Fungible Tokens
Unique, not interchangeable. Ownership on-chain. Examples: digital art, event tickets, gaming items.
Outside MiCA scope entirely.
Governance Tokens
Voting rights over protocol decisions.
Examples: UNI (Uniswap), AAVE, MKR (MakerDAO)
Utility Tokens
Access to a specific service or platform.
Example: Filecoin (FIL) for decentralised storage
Inflationary vs Deflationary
Bitcoin: fixed 21M supply → deflationary
Ethereum post-Merge: semi-deflationary (burn mechanism)
Most altcoins: unlimited supply → inflationary
MiCA Classification Preview
ART: non-fiat pegs (gold)
EMT: single fiat pegs (USDC, EURC)
Other: BTC, ETH, SOL, UNI…
→ Covered in depth in Part 2
Basics · Markets & Ecosystem
CEX vs DEX
CEX — Centralised Exchange
- Company operates the exchange
- KYC required
- Custodial — they hold your keys
- Regulated — MiCA, AML obligations
- Examples: Coinbase, Kraken, Binance
DEX — Decentralised Exchange
- Smart contracts — no company operating it
- No KYC — permissionless, pseudonymous
- Non-custodial — you keep your keys
- Not regulated under MiCA (no operator)
- Examples: Uniswap, PancakeSwap, dYdX
⚠️ DEX routing = not viable for regulated CASPs. No counterparty identity. Travel Rule collapses — cannot collect sender/beneficiary info. Unknown liquidity providers. AML model breaks entirely. Never route client funds through DEX as a licensed CASP.
Basics · Markets & Ecosystem
DeFi, CeDeFi & DAO
DeFi — Decentralised Finance
Financial services without banks — lending, borrowing, trading via smart contracts. No KYC. Permissionless.
Protocols: Aave, Compound, Uniswap, MakerDAO
Risk: smart contract bugs, no recourse, no deposit protection
CeDeFi — Centralised DeFi
Centralised entity offering DeFi-like products. Examples: Binance Earn, old Nexo, BlockFi (collapsed).
Regulatory grey area under MiCA. Often involves rehypothecation risk.
DAO — Decentralised Autonomous Org
Governed by token holders via on-chain smart contracts. No CEO, no board — votes executed automatically.
Examples: MakerDAO, Uniswap DAO
Legal status undefined under MiCA.
CASPs cannot participate in DeFi protocols on behalf of clients without specific MiCA authorisation. Staking via centralised validators is ok; DeFi protocol staking (Lido, Rocket Pool) is a grey area most CASPs avoid early stage.
Basics · Markets & Ecosystem
Bridges — Cross-Chain Asset Movement
How it works (lock & mint)
- Lock 1 BTC on Bitcoin chain → smart contract holds it
- Mint 1 WBTC on Ethereum — 1:1 representation
- Use WBTC in Ethereum DeFi
- Burn WBTC → unlock original BTC
- Examples: Stargate, Polygon Bridge, Arbitrum Bridge
Regulatory angle: bridges used for chain-jumping to evade AML. Under increasing regulatory scrutiny. Cross-chain analytics = known weakness in Elliptic/Chainalysis.
⚠️ Bridges are extremely high risk
- Smart contract complexity = large attack surface
- Hold enormous locked value — prime targets
Famous bridge hacks
- Ronin Bridge 2022 — $625M stolen. Axie Infinity. North Korean hackers.
- Wormhole 2022 — $320M stolen
- Nomad 2022 — $190M. Copy-paste exploit.
- Multichain 2023 — $130M. CEO arrested in China.
Basics · Mining & Security
Dark Side — Risks, Scams & Obfuscation
Mixers / Tumblers
Pool crypto from multiple users, return equivalent from different addresses — breaks transaction trail.
Tornado Cash (ETH): OFAC sanctioned 2022. Any touch = auto-reject at regulated CASPs.
Privacy Coins
XMR (Monero) — fully private by default. ZEC (Zcash) — shielded txs untraceable. Also: DASH, GRIN, BEAM.
Elliptic/Chainalysis cannot screen what they cannot see. AML incompatible.
Chain Jumping
BTC → XMR (untraceable) → ETH on fresh address. Via non-KYC DEXs or cross-chain bridges. Cross-chain analytics = known weakness.
Rug Pulls & Honeypots
Rug pull: hidden drain function, team disappears with funds.
Honeypot: can buy but contract blocks selling.
Rule: contract address = identity. Name/ticker means nothing.
Fake Tokens
Same name "USDC", worthless contract. USDC has different verified address on every chain. Only official contract address matters. CASPs: hardcoded whitelist required.
CASP Response
Mixer-linked funds → hard reject.
Privacy coin deposit → reject.
Suspicious pattern → EDD + STR.
Serious cases → relationship exited.
Basics · Mining & Security
Bitcoin Hashrate Distribution (2026)
Bitcoin-specific — not overall crypto hashrate
What is a Hash? A hash is a long fixed-length code (e.g. 0000000000000000000abc123...) — one-way mathematical fingerprint. To win a block, miners guess a number (nonce) that produces a hash starting with enough zeros. Pure brute-force, trillions of attempts per second per machine. Hashrate = guesses per second. Higher = harder to attack. — Latest hardware (2026): Bitmain Antminer S21 XP = 270 TH/s (270,000,000,000,000 hashes/sec) at 3,645W. S21 Pro = 234 TH/s at 3,510W. The entire Bitcoin network combined: ~800 EH/s = 800,000,000,000,000,000,000 hashes/sec.
Global Distribution (2026)
- 🇺🇸 USA ~40%+ — dominant post-China ban. Texas & Kentucky hubs, cheap energy.
- 🇷🇺 Russia ~10–15%
- 🇰🇿 Kazakhstan ~10%
- 🇨🇦 Canada ~5–7%
- 🇨🇳 China — was 65%+ → banned mining 2021 → near zero now
Solo vs Pool Mining
- Solo: keep full reward (3.125 BTC). Probability near zero. Economically unviable.
- Pools: combine hashrate, split reward proportionally. 1–3% fee. Dominant today.
Largest National BTC Treasury Reserves
Source: bitcointreasuries.net · June 2026 · BTC ~$66,339
| # | Country | BTC | USD | % of 21M |
|---|
| 1 | 🇺🇸 USA | 328,372 | $21.8B | 1.564% |
| 2 | 🇨🇳 China | 190,000 | $12.6B | 0.905% |
| 3 | 🇬🇧 UK | 61,245 | $4.1B | 0.292% |
| 4 | 🇺🇦 Ukraine | 46,351 | $3.1B | 0.221% |
| 5 | 🇸🇻 El Salvador | 7,670 | $509M | 0.037% |
| 6 | 🇦🇪 UAE | 6,420 | $426M | 0.031% |
| 7 | 🇧🇹 Bhutan | 4,973 | $330M | 0.024% |
| 8 | 🇰🇿 Kazakhstan | 3,544 | $235M | 0.017% |
| 9 | 🇰🇵 North Korea | 803 | $53M | 0.004% |
| 10 | 🇻🇪 Venezuela | 240 | $16M | 0.001% |
Notable seizures behind these numbers:
🇺🇸 USA: Silk Road (Ross Ulbricht's darknet drug marketplace, ~174k BTC seized 2013–2021) · Bitfinex hack 2016 (Lichtenstein & Morgan laundered 119k stolen BTC, DOJ seized ~94k in 2022 — largest financial seizure in DOJ history) · James Zhong (stole 50k BTC from Silk Road in 2012, surrendered 2021)
🇨🇳 China: PlusToken Ponzi scheme 2019 — ~190k BTC seized from operators. Held, never officially sold.
🇬🇧 UK: Jian Wen case 2024 — £3B in BTC (60k+) linked to Chinese fraud, seized after years of tracing.
🇩🇪 Germany: Movie2k piracy site — 50k BTC voluntarily surrendered by admin. Bundeskriminalamt sold entire holding in mid-2024, crashing market briefly.
🇧🇹 Bhutan: Not seized — Druk Holding (state enterprise) has mined BTC using Himalayan hydropower since ~2020. Strategic sovereign mining program.
Basics · Mining & Security
51% Attack
What is it?
- Control 50%+ of network hashrate/validators
- Can double-spend — spend same coin twice
- Can reverse recent transactions
- Can block other miners/validators from earning rewards
Bitcoin — theoretical
- Cost = billions of dollars of hardware + energy
- Economically irrational — destroys your own investment
- Attack would crater BTC price immediately
Top Bitcoin Mining Pools
- Foundry USA — largest, US-based
- AntPool — Bitmain, Chinese origins
- F2Pool, ViaBTC, Binance Pool
⚠️ Top 3–4 pools control 50%+ combined hashrate — theoretically could coordinate. No evidence of this, but the incentive structure allows it.
Small chains — very real threat
- Ethereum Classic (ETC) — attacked multiple times
- Bitcoin Gold — attacked
- Vertcoin — attacked
- Any low-hashrate PoW chain is vulnerable
- Rental attack services exist — rent hashrate per hour
Part 2
MiCA & Compliance
Licensing · KYC · Custody · Travel Rule · AML · Lithuania
MiCA
What is MiCA?
Markets in Crypto-Assets Regulation
- EU Regulation 2023/1114
- Stablecoins: in force June 2024
- Full force: 30 December 2024
- Scope: all 27 EU member states
- Replaces patchwork of national crypto laws
- Regulators: NCAs + ESMA & EBA oversight
Lithuania Specific
- Bank of Lithuania (Lietuvos bankas) — NCA, prudential + conduct
- FNTT — AML supervisor, STR recipient
- Pre-MiCA: simple FNTT registration, minimal capital, weeks to complete → attracted hundreds of shell companies
- MiCA: full authorisation, substance requirements, real governance
- Grandfathering: old FNTT-registered CASPs had transition until mid-2026
- Minimum 3 local staff for substance
What MiCA covers
- Authorisation of crypto-asset service providers (CASPs)
- White paper requirements for asset issuers
- Capital requirements and governance
- Custody and segregation of client assets
- Market abuse and insider trading
- Consumer protection and disclosures
What MiCA does NOT cover
- NFTs — outside scope entirely
- DeFi protocols — no operator = outside scope
- DAOs — legal status undefined
- CBDCs (central bank digital currencies)
MiCA
MiCA Asset Classification
Bridge between crypto basics and regulation
| Category | Definition | Examples | Regime |
|---|
ART
Asset-Referenced Token | Any non-fiat peg — basket of currencies or single commodity | Gold-backed token, multi-currency basket | Strictest — reserve mandatory, NCA authorisation |
EMT
E-Money Token | 1:1 single fiat currency peg | USDC, EURC, EURI | Must be issued by credit/e-money institution. 1:1 reserve. |
| Other | No peg, no classification as ART/EMT | BTC, ETH, SOL, ADA, UNI, AAVE, Filecoin | Lightest — no reserve, lighter white paper |
ART note: single commodity peg (e.g. gold) = ART, not EMT. EMT must be single fiat only. NFTs = outside MiCA scope entirely. CASP services = separate licensing category on top of asset classification.
MiCA
Stablecoins & MiCA Compliance
MiCA Authorised EMTs (late 2026)
- USDC — Circle, French ACPR July 2024, USD-pegged
- EURC — Circle, EUR-pegged
- EURI — Banking Circle, EUR-pegged
- EURCV — Société Générale Forge, EUR-pegged
- Various smaller EUR EMTs (Membrane Finance, Quantoz)
List is short and EUR-dominated. USDC is the only major USD stablecoin with MiCA status.
USDT (Tether) — NOT MiCA compliant
- BVI-based, no EMT authorisation
- Reserves historically questioned
- Delisted: Binance EU, Coinbase EU, Kraken EU — Q1 2026
- EU clients cannot use USDT
No ARTs authorised (yet)
- Requirements too stringent
- Demand low — market hasn't developed
Algorithmic stablecoins: effectively banned under MiCA. UST/Luna 2022 = $40B wiped in 72 hours. Exactly what MiCA was designed to prevent.
MiCA
MiCA vs Travel Rule
Two separate frameworks — both apply to licensed CASPs
| MiCA — Licensing & Market Conduct | Travel Rule / TFR — Transaction Data |
|---|
| What | Who can operate in EU crypto market? | How must you handle transaction data? |
| Source | EU Regulation 2023/1114 | FATF Recommendation 16 → EU Transfer of Funds Regulation |
| Question | Can you operate at all? | For each tx ≥ €1,000 — did you pass the right data? |
| Regulator (LT) | Bank of Lithuania (prudential) + FNTT (AML) | FNTT |
| Threshold | — | ≥ €1,000 between CASPs |
Connection: MiCA licence = prerequisite to CASP status. Once licensed, TFR automatically applies on top. You need both. They are not alternatives.
MiCA
MiCA Licensing Process — Lithuania
1
Prepare — 3–6 months
Business plan, programme of operations, governance framework, white paper for each asset, AML/KYC policies, IT security assessment, fit & proper documentation for all key persons.
2
Submit to Bank of Lithuania — Day 0
File complete application package. Lithuanian or English accepted. Two regulators: Bank of Lithuania (prudential) + FNTT (AML).
3
Completeness Check — 25 working days
Bank of Lithuania confirms application is complete. May request additional documents. Clock stops during info requests.
4
Full Assessment — up to 40 working days
Review: fit & proper for all key persons, AML framework adequacy, capital requirements, governance, IT security, white papers.
5
Decision — authorisation or refusal
Authorisation granted → EU passport: can operate in all 27 EU member states without separate local licences.
Realistic end-to-end: 6–12 months. Depends on application quality and regulator queue.
MiCA
Minimum CASP Team — Lithuania / MiCA
| Role | Min | Notes |
|---|
| CEO + Co-Director | 2 | Four eyes principle. Both fit & proper. At least one Lithuania-based. Clean criminal record, relevant experience. |
| MLRO | 1 | Mandatory. Independent. AML expertise. FNTT relationship. Files STRs. Cannot be combined with CEO in small CASPs. |
| Compliance Officer | 1 | MiCA/BoL obligations. Separate from MLRO ideally. Can be combined in early stage with strong justification. |
| Crypto Developer | 1 | Critical — cannot fully outsource. Deposit contracts, sweep logic, node integration, Fireblocks/Elliptic APIs. Regulator will question technical competence. |
| KYC Analyst | 1 | Can be part-time or outsourced at early stage |
| IT / Security | 1 | Can be outsourced to qualified firm |
| Accountant | 1 | Can be outsourced to licensed firm |
Realistic minimum: 5–6 people with some functions outsourced. Lithuania requires minimum 3 local staff for substance.
MiCA
KYC Onboarding — Retail (Private Person)
1
Identity Verification
ID document (passport, national ID) + liveness check (selfie/video). Tools: Sumsub, Jumio, Onfido.
2
Address Verification
Utility bill or bank statement < 3 months old. Name + address must match ID.
3
Sanctions + PEP Screening
Screen against OFAC, EU, UN lists. Check for Politically Exposed Persons. Tools: ComplyAdvantage, Refinitiv, Dow Jones.
4
Source of Funds
Declaration above thresholds. Higher risk = more documentation (payslips, tax returns).
5
Ongoing Monitoring
Periodic re-screening + transaction monitoring throughout relationship.
⚡ Smart re-screening policy
- Don't auto re-screen all clients periodically — wasteful
- Re-screen when triggered: new tx after inactivity, client update, risk profile change
- Inactive clients (1–2yr no tx) = do nothing until they return
- Tx-level screening (Elliptic) covers ongoing risk anyway
- Consider forced offboarding for long-term inactive clients
Risk-based approach. Low-risk = lighter touch. High-risk = enhanced due diligence (EDD): video call, additional documents, senior approval.
MiCA
KYC Onboarding — Corporate
1
Company Documents
Certificate of incorporation, articles of association, proof of registered address, board resolution authorising account opening.
2
UBO Mapping — 25%+ threshold
Anyone owning 25%+ must be individually KYC'd. Trace through holding companies to actual humans. Doc + photo sufficient (not full liveness unless high risk).
3
Directors & Signatories
Full liveness check — same as retail KYC. Fit & proper assessment for key persons.
4
Sanctions + PEP — All Persons
ComplyAdvantage screening on all identified UBOs, directors, and authorised signatories.
5
Source of Wealth / Funds
How was the business established? Source of operating capital? Audited accounts if available.
!
High Risk → Enhanced
Video call with UBOs, notarised/apostilled docs, AML policy reviewed, senior approval required.
Takes days/weeks vs minutes for retail. Larger revenue opportunity but significantly higher compliance burden.
Typical corporate KYC timeline
- Simple company, clean UBOs: 2–5 days
- Complex structure (holding co, multiple UBOs): 1–3 weeks
- High risk / sanctions-adjacent jurisdiction: weeks + EDD
Onboarding fee
- Typical: €500–€2,000+ for corporate onboarding
- Reflects real compliance cost
- Non-refundable in most frameworks
MiCA
Pooled vs Segregated Custody + Wallet Architecture
Pooled (Omnibus) — standard model
- All client funds in shared hot + cold wallets
- CASP internal ledger: "of 500 BTC in cold wallet, 0.5 = User A"
- Client pool never mixed with CASP own funds (MiCA Art. 70)
- Hot wallet: online, daily withdrawals, 1–3 days liquidity
- Cold wallet: air-gapped, majority of funds, multisig/MPC
Segregated — premium/institutional
- Dedicated on-chain address per client
- CASP manages keys only
- Client can verify balance on-chain
- Rare, expensive: Coinbase Custody, BitGo, Anchorage
Recommended Wallet Architecture
Client Deposit → Deterministic Address
↓ auto-forward on receipt
Hot Wallet (MPC / Fireblocks)
↓ sweep when above threshold
[Warm Wallet — optional]
↓
Cold Wallet (multisig / MPC)
↑ rebalance: M-of-N manual signing
MiCA requires disclosure of which model is used. FTX mixed client funds with Alameda → criminal fraud.
MiCA
CASP Cannot Use Client Assets
MiCA Article 70 — 100% backed at all times
Strictly PROHIBITED
- Proprietary trading with client funds
- Lending client assets to third parties
- Using client assets as collateral
- Rehypothecation in any form
- Investing client assets (even "safe" instruments)
MiCA REQUIRES
- Full segregation from CASP own funds
- 100% client claims covered at all times
- Regular reconciliation — ledger must match wallets
- Unlike banks: no fractional reserve — 100% always
FTX — textbook violation
- Alameda Research used FTX client deposits for proprietary trading
- Ledger said clients owned assets
- In reality: funds were gone, traded, lost
- Resulted in: criminal fraud charges, $8B client losses, Sam Bankman-Fried imprisoned
Only Exception: Staking
- Explicit client opt-in required
- Full risk disclosure
- Rewards passed to client
- CASP takes transparent fee only
- Centralised validator = clean. DeFi staking = grey area.
MiCA
Reconciliation & Capital Buffer
Core Rule
- Client liabilities (ledger) must always equal actual on-chain wallet assets. 1:1. Always.
Daily Reconciliation Process
- Automated cross-check: internal ledger vs actual blockchain balances
- Back-office pulls data via node/block explorer APIs
- Any mismatch → investigate and resolve immediately
- Bank of Lithuania can request reports at any time
- External auditors verify periodically
Capital Buffer
- MiCA minimum: €125k–€150k own funds
- Buffer to absorb operational discrepancies
- Larger AUM = proportionally more expected
- If shortfall found: CASP tops up from own funds. Client never takes the hit.
What causes mismatches
- Fat finger errors in manual operations
- Gas fee accounting errors
- Hot/cold transfer timing differences
- Hack or theft
- Worst case: unauthorised use of client assets
Crypto Dust Management
- Dust = tiny fractional amounts left after txs, too small to spend (gas > value)
- EVM smart contract forwarding minimises dust at deposit stage
- Reassign dusty unused addresses to new clients
- Automated sweep during low gas windows
- UTXO consolidation (Bitcoin) during low-fee periods
- Write off below minimum threshold as operational cost
MiCA
CASP Public Disclosure Obligations
MiCA Art. 66(3) + Art. 77 — publicly accessible without registration required
1
Supported Assets + White Papers
List of all supported crypto-assets with hyperlinks to white papers per asset. White paper must exist before asset admitted to trading.
2
Pricing Methodology
How exchange rates are determined. Firm prices or methodology description. Must be clear to retail clients.
3
Transaction Volumes & Prices
Historical trading data accessible to public. Promotes market transparency.
4
Fees, Conflicts of Interest, Custody Arrangements
Complete fee schedule. Any conflicts between CASP and client interests. Which custody model used (pooled/segregated).
5
Complaint Handling Procedures
How clients can file complaints. Expected response times. Escalation to Bank of Lithuania.
MiCA
Blockchain Analytics & Transaction Screening
Main Providers
- Elliptic — CASP-focused, tx risk scoring, address screening
- Chainalysis — tx tracing, government-grade intelligence
- TRM Labs — real-time blockchain risk monitoring
Two separate checks
- Sanctions — OFAC/EU published specific wallet addresses. Hard block — separate from risk score. No discretion. Freeze immediately.
- Risk score — 0–100 based on exposure to darknet, mixers, ransomware, stolen funds, high-risk exchanges
Typical Thresholds (CASP defines own)
- 70%+ → block automatically
- 40–70% → manual review
- Below 40% → pass
UTXO Contamination Ratio (Bitcoin)
- BTC tx composed of UTXOs, each with own history
- Some UTXOs may be partially tainted
- 0–5% indirect exposure → proceed
- 5–15% → manual review
- 15%+ → reject/freeze
- Direct exposure (any %) → hard block always
Address laundering problem: User proves ownership of one clean address. Has 50 HD wallet addresses. Dirty funds routed through unregistered addresses → clean address → deposit. Partially mitigated by multi-hop analytics.
MiCA
Travel Rule & VASP Discovery
Requirement: transfers ≥ €1,000 between CASPs
- Must pass: sender name + account ID + wallet address
- Must pass: beneficiary name + wallet address + amount
VASP Discovery Problem
- Wallet address alone tells you nothing — CASP or SHW?
- Option 1: Travel Rule network (Notabene, Sygna, TRP, VerifyVASP) — only if both CASPs on same/interoperable network
- Option 2: Elliptic/Chainalysis address-to-entity mapping
- Option 3: Bilateral agreements — doesn't scale
- If discovery fails → treat as SHW
Choose Travel Rule provider by coverage of high-volume exchanges — not by number of registered CASPs. Notabene and Sygna cover most realistic transaction volume.
⚠️ Pre-Transaction TR is Largely Theoretical
- Blockchain doesn't require permission
- Funds arrive whether CASP likes it or not
- In practice: funds land → CASP freezes pending TR data
- Post-transaction is the real world
If TR data never arrives
- Risk-based decision by compliance officer
- Document decision thoroughly
- Consider: amount, counterparty risk, history with that CASP
- Repeated failures from same CASP → escalate / exit relationship
MiCA
FNTT Reporting Obligations — Lithuania
1
STR — Suspicious Transaction Report
Suspend transaction first — before filing. File via goAML system within 3 hours of detecting suspicion. No tipping off the client — ever. If FNTT no response → tx can proceed by default.
2
CTR — Cash Transaction Report
Cash transactions €15,000+. Crypto equivalent: large fiat on-ramp/off-ramp. Filed within standard reporting window.
3
Sanctions Freeze
Immediate freeze — no delay. Hard block before any investigation. Report to FNTT. Do not unfreeze without explicit FNTT approval.
4
Periodic Transaction Volume Statistics
Regular aggregate reporting of transaction volumes, asset types, jurisdiction breakdown.
5
Ownership / Management Changes
Any change in UBO, directors, or key management must be reported to Bank of Lithuania. New fit & proper assessment may be required.
Records kept: 10 years. Lithuania: minimum 3 local staff for CASP substance.
MiCA
Transaction Flow — Deposit from SHW
1
User Broadcasts Tx
User sends from SHW to CASP deposit address. Tx broadcast to network, pending in mempool. Status: Detected
2
Confirmations + Screening Begins
Confirmations reached → Elliptic/Chainalysis risk score on source address + UTXO contamination (BTC) + Sanctions hard check + KYC cross-ref + STR threshold check. Status: Processing
3a
Clean → Auto-Approve
Ledger credited, funds swept to hot/cold wallet. Status: Completed
3b
Medium Risk → Manual Review
Compliance officer reviews. May request additional documentation from client. Status: Action Required
3c
High Risk / STR → Freeze
High risk: reject, return to source (screen return address). STR: freeze, file FNTT within 3hrs, no tipping off, status stays Processing. Rejected: return tx to source address.
Edge
Unregistered Address
Ownership proof required first: cryptographic signature (EVM) or micro-deposit (BTC) or self-declaration. UTXO chains: fresh proof per new address.
MiCA
Transaction Flow — Deposit from CASP
1
VASP Discovery + TR Data
Sending CASP attempts VASP discovery via Notabene/Sygna/Chainalysis. Prepares Travel Rule data package: sender + beneficiary info. ⚠️ Pre-tx TR theoretical — funds may arrive before data.
2
CASP Detects Tx → Screening
Confirmations reached → Elliptic risk score + Sanctions hard check + VASP identity verification + TR data completeness check. Status: Processing
3a
TR Received + Clean → Approve
All checks passed. Ledger credited, swept to hot/cold. Status: Completed
3b
TR Missing / Incomplete
Freeze funds. Contact sending CASP. If never arrives → risk-based compliance decision, document thoroughly.
3c
Sanctions / STR
Sanctions: hard block, freeze, FNTT immediately. STR: freeze, file within 3 hours, no tipping off.
Edge
VASP Undetected → Fallback SHW
If sending CASP not identified → treat as SHW flow. Client proves ownership via screenshots/signature. Status: Action Required → Completed
MiCA
Transaction Flow — Internal Exchange
1
Order Submitted
Client requests swap (e.g. 1 BTC → ETH). CASP validates sufficient ledger balance. Order type: market (instant) or limit (target price).
2
Liquidity Sourcing
Option A: Internal order matching — pure ledger swap, cheapest. Option B: CASP own inventory — needs MiCA "dealing on own account" authorisation. Option C: External LP/market maker API (B2C2, Cumberland, Wintermute).
3
Best Execution + Rate Markup
MiCA best execution obligation applies. Exchange rate markup applied — this is the main retail margin. Rate locked, client notified.
4
AML Monitoring
Ongoing monitoring: layering, structuring, rapid cycling, large trades vs risk profile. No on-chain tx — pure ledger update.
5
Ledger Updated
Pure internal ledger update — nothing happens on-chain. Fast, no gas fees. Status: Completed
⚠️ DEX routing = not viable. AML collapses — no counterparty identity, Travel Rule impossible, unknown LPs. Never route through DEX as regulated CASP.
MiCA
Transaction Flow — Withdrawal to SHW
1
Request + Whitelist Check
Client requests withdrawal. Is destination address pre-registered/whitelisted? If yes → proceed. If no → ownership proof required first. Status: Action Required (if new address)
1a
Ownership Proof (new address)
EVM: cryptographic signature via MetaMask — one-time. Bitcoin (UTXO): fresh proof required for each new address — xpub hidden, HD wallets complicate verification.
2
Screening
Elliptic risk score on destination address + Sanctions hard check + KYC cross-reference + STR amount threshold. Status: Processing
3a
Clean → Approve + Broadcast
Ledger debited. Hot wallet broadcasts on-chain tx. If hot wallet below threshold → admin alert + M-of-N multisig rebalance request. Status: Completed once confirmed on-chain.
3b
Mixer-Linked Address → Hard Reject
Hard reject. Enhanced due diligence. Possible client offboarding. STR if warranted. Funds stay on ledger.
MiCA
Transaction Flow — Withdrawal to CASP
1
VASP Discovery
Attempt to identify if destination is a known CASP: Notabene/Sygna directory, Chainalysis address mapping, bilateral agreement. If unidentified → treat as SHW flow.
2
Travel Rule Data Prepared + Transmitted
If CASP identified → prepare TR package: sender name + account + wallet, beneficiary name + wallet, amount. Transmit via Notabene/Sygna. Await acknowledgment.
3
Screening
Elliptic risk on destination + Sanctions hard check + KYC cross-ref + STR threshold. Status: Processing
4a
TR Sent + Clean → Approve
Ledger debited. Hot wallet broadcasts. Status: Completed. Hot wallet alert if below threshold.
4b
Receiving CASP Returns Funds
Screen returning funds same as inbound deposit. Re-credit ledger. Document reason for return.
4c
Sanctions / STR
Sanctions: hard block, freeze, FNTT. STR: freeze, file 3hrs, no tipping off.
MiCA
Key Service Providers Reference
| Category | Provider | Key Service |
|---|
| KYC / Liveness | Sumsub | Automated ID + liveness, global coverage, most popular |
| KYC / Liveness | Jumio | Document verification + biometric check |
| KYC / Liveness | Onfido | AI-powered ID verification |
| Sanctions + PEP | ComplyAdvantage | Real-time sanctions, PEP, adverse media screening |
| Sanctions + PEP | Refinitiv (LSEG) | Institutional-grade screening database |
| Blockchain Analytics | Elliptic | Tx risk scoring, address screening, CASP-focused |
| Blockchain Analytics | Chainalysis | Tx tracing, government-grade intelligence |
| Travel Rule | Notabene | VASP discovery + Travel Rule messaging (recommended) |
| Travel Rule | Sygna Bridge | Travel Rule protocol |
| Custody / MPC | Fireblocks | MPC wallet infrastructure + policy engine |
| Custody / MPC | BitGo | Institutional multisig + MPC |
| Multisig (EVM) | Gnosis Safe | Smart contract multisig, DAO standard |
Travel Rule: choose by coverage of high-volume exchanges, not number of registered CASPs. Notabene + Sygna cover most realistic transaction volume.
MiCA
Recommended Chains & Assets
Supported Chains
| Chain | Type | Why |
|---|
| Bitcoin | L1 PoW | Must-have. Store of value, most requested |
| Ethereum | L1 PoS | Must-have. USDC native, smart contracts |
| BNB Chain | L1 EVM | Low fees, high retail volume, EVM-compatible |
| Polygon | L2 EVM | Very low fees, USDC supported |
| Solana | L1 PoH | High speed, low cost, growing institutional use |
Supported Assets per Chain
| Asset | Chain(s) | Notes |
|---|
| BTC | Bitcoin | Native coin |
| ETH | Ethereum | Native coin |
| USDC | ETH / Polygon / SOL | MiCA EMT 3-chain coverage |
| EURC | Ethereum | MiCA EMT EUR-denominated |
| USDT | BNB Chain only | Non-EU only |
| BNB | BNB Chain | Native coin |
| SOL | Solana | Native coin |
| MATIC/POL | Polygon | Native coin |
Excluded: XRP (regulatory risk), ADA/DOT (complexity vs demand), all privacy coins (AML incompatible), algorithmic stablecoins (MiCA banned), USDT on ETH/Polygon (EU non-compliant)
MiCA
CASP Revenue Model
Transaction-Based
Trading/exchange fees — % of volume, maker/taker
Deposit/withdrawal fees — flat or %
Exchange rate markup — biggest retail margin
Gas/network fee markup
Account-Based
Onboarding fee — mainly corporate
Monthly/annual maintenance — corporate/institutional
Inactivity fees
API access fees
Custody-Based
Custody fee — % of AUM annually
Segregated custody premium
Staking service cut — % of client rewards (opt-in only, MiCA compliant)
Corporate / B2B
KYC onboarding fee €500–€2,000+
White label / B2B licensing
OTC desk fee
Institutional custody
Fiat Conversion
EUR ↔ crypto conversion spread
SEPA / SWIFT processing fees
FX markup on non-EUR pairs
Key insight
Exchange rate markup + trading fees = where real retail margin sits. Custody and staking become important at scale.
Part 3
Homework
Live demo — do it together
Exercises
Homework
01 — MetaMask Setup
Install MetaMask browser extension
Add BSC network manually (chain ID 56)
Save seed phrase securely — paper, offline
Note your public address
02 — CEX Onboarding
Open account on Binance or Kraken
Complete full KYC process
Deposit €10 via SEPA bank transfer
Buy USDC → withdraw to your MetaMask
03 — DEX Trade
Connect MetaMask to PancakeSwap
Swap USDC → BNB
Observe: no KYC, slippage, gas fee
Note: this is what regulated CASPs cannot do
04 — Bridge Cross-Chain
Bridge BNB (BSC) → Polygon via Stargate or Polygon Bridge
Observe: 2 separate txs, fees on both sides, waiting time
Think about: chain-hop AML risk, cross-chain analytics gaps
