
Crypto and Digital Assets Criminal Defense
Specialized criminal defense in offenses committed with cryptocurrencies, NFTs and digital assets: fraud, money laundering, MiCA Regulation and blockchain tracing.
Last updated:
Criminal defense in crypto assets requires combining mastery of the classical Criminal Code —fraud, money laundering, tax offense, terrorist financing— with technical understanding of how blockchain networks function and of the new European regulatory framework (MiCA Regulation EU 2023/1114). The criminal lawyer assuming a crypto case must articulate a multidisciplinary defense: legal, technical (blockchain expert) and financial (fund tracing).
Recurring Criminal Typology
Criminal proceedings involving crypto assets concentrate on five major types: (1) Crypto frauds —fraudulent ICOs, rug pulls, pyramid schemes (Art. 248)—; (2) Money laundering through mixers, cross-chain bridges or conversion to fiat (Art. 301); (3) Tax offense for not declaring capital gains or using Form 721 (Art. 305); (4) Terrorist financing with privacy coins (Art. 576); and (5) Corporate and director offenses when the company holds or invests in crypto without authorization.
MiCA Regulation (EU 2023/1114)
The MiCA Regulation (EU 2023/1114), fully applicable since 30 December 2024, creates a harmonized European regime for CASPs (Crypto Asset Service Providers). Non-compliance by an EU company may generate, in addition to administrative sanctions from the CNMV, criminal liability of the legal entity and its directors. A revision of this framework (informally referred to as "MiCA II") is under discussion but has not yet been approved.
Phases of Defense in a Crypto Case
An effective defense unfolds in phases: (1) Evidence preservation —forensic capture of wallets, transactions and devices before they are altered—; (2) Typicity analysis —determining whether the facts fit a criminal type or are market contingency—; (3) Technical counter-expertise —challenging the prosecution's on-chain tracing—; (4) Patrimonial and tax strategy —reconstructing the lawful origin of funds and, where appropriate, regularizing—; and (5) Reparation —restitution or consignment that activates mitigating factors—. Each phase demands coordination between the criminal lawyer, the blockchain expert and the tax adviser.
International Dimension of the Crypto Case
Most crypto-asset proceedings have a cross-border component: exchanges based abroad, wallets without physical location, and investigated parties or victims in different countries. Spanish jurisdiction is competent when the victim resides here or the result occurred on national territory. Obtaining evidence and freezing funds outside the EU is channeled through the European Investigation Order (EIO), letters rogatory, the Budapest Convention on cybercrime and the cooperation of Europol and Eurojust.
Defrauded with Cryptocurrency? Steps to Claim
If you have been the victim of a crypto-asset fraud —a fake investment platform, a manager who disappears with the funds, wallet phishing—, the order in which you act conditions the chances of recovery. The essential steps are:
- Preserve evidence immediately: transaction hashes, source and destination wallet addresses, screenshots of the platform and the conversations, bank transfer receipts and the entire recruitment process (ads, profiles, emails).
- Criminal complaint (denuncia) or formal accusation (querella): the complaint before the National Police, the Guardia Civil or the court opens the investigation; the querella, more complete, allows proposing investigative measures from the outset (identification of wallet holders, requests to exchanges, tracing expert evidence).
- Freezing funds at exchanges: when on-chain tracing locates the funds at a crypto-asset service provider, the court is asked to order their freezing and the production of the holder's KYC file. With CASPs authorized by the CNMV or another EU authority the request is direct; if the exchange is outside the EU, it is channeled through the European Investigation Order, the Budapest Convention or letters rogatory.
- Joining the proceedings as private prosecution (acusación particular): it allows driving the investigation, proposing blockchain expert evidence and claiming civil liability (restitution of the crypto assets or equivalent compensation) within the same criminal proceedings.
Time is the critical factor: the sooner the destination exchange is identified, the better the chances of freezing the funds before they are dispersed through mixers or bridges into non-cooperative jurisdictions.
MiCA: End of the Transitional Period on 1 July 2026
The Spanish transitional period of the MiCA Regulation ends on 1 July 2026. From that date, only providers (CASP) authorized by the CNMV or by another European Union authority may provide crypto-asset services on the Spanish market. The CNMV also publishes a list of non-authorized entities, and the Spanish Tax Agency (AEAT) released its administrative criteria on crypto assets in April 2026.
This milestone has three criminally relevant consequences. For the investor, contracting with an unauthorized platform after that date is a first-order red flag and, in fraud proceedings, it strengthens the proof of deception where the platform pretended to be regulated. For companies in the sector, continuing to operate without authorization exposes them to administrative sanctions and, where deception of clients or concealment of the situation concurs, may lead to criminal liability of the legal entity and its directors. For the defense, having operated through an authorized CASP, with complete KYC and documented traceability, makes it easier to establish the lawful origin of the funds and the user's good faith.
Amounts and Aggravating Factors: How the Penalty Changes
In crypto-asset fraud, the defrauded amount determines the penalty leap. The basic type (Articles 248 and 249 CP; computer fraud under Article 249.1.a) CP punishes the non-consented transfer of assets through computer manipulation) carries imprisonment of six months to three years. If the amount does not exceed 400 euros, the penalty is a fine of one to three months, although, after Organic Law 1/2026, three or more prior enforceable convictions for offenses of the same nature allow imposing the penalty of the basic type.
Article 250.1 CP raises the penalty to imprisonment of one to six years plus a fine of six to twelve months when, among other circumstances, the value of the fraud exceeds 50,000 euros or affects a large number of people —the usual scenario in pyramid schemes and fraudulent ICOs—, is of special gravity given the extent of the harm, or is committed abusing personal relationships or exploiting the perpetrator's business or professional credibility (the fake investment adviser pattern). Article 250.2 CP provides for imprisonment of four to eight years plus a fine of twelve to twenty-four months when the value of the fraud exceeds 250,000 euros or certain aggravating circumstances are combined. In crypto, fixing the amount requires valuation expert evidence: given the volatility of these assets, the date at which the defrauded amount is valued (the moment of the act of disposition or a later one) is frequently the subject of technical and legal debate.
Statute of Limitations and Deadlines
Under Article 131 CP, basic fraud (maximum penalty of three years' imprisonment) becomes time-barred after five years; the aggravated forms of Article 250 CP (maximum penalties of six and eight years) become time-barred after ten years, as does money laundering under Article 301 CP. The clock starts on the day the offense is committed and, in continuing offenses —usual in crypto frauds with successive contributions by the investor—, from the last infringement (Article 132 CP).
Filing a complaint or querella against a specific person suspends the limitation period for up to six months; definitive interruption requires a reasoned judicial decision attributing presumed participation to the suspect. In practice, the real risk is usually not limitation but the volatility of the evidence: exchange KYC records and logs are kept for limited periods, funds move within hours and the domains of fraudulent platforms disappear. That is why we work to ensure that the first investigative measures —data preservation requests and fund freezing— are requested as early as possible.
Criminal classification of the conduct: which Criminal Code article each act maps to
There is no standalone "cryptocurrency offence". A crypto-asset is merely the vehicle for, or the object of, conduct that the Spanish Criminal Code already punishes, so the defence's first task is to contest the legal classification: which offence is genuinely in play and, with it, what penalty and what limitation period actually apply. Raising funds by promising non-existent returns or a fictitious project is ordinary fraud under Article 248, punishable by six months to three years' imprisonment; where the amount exceeds 400 euros the conduct is not minor, and the petty fraud of Article 248.3 (up to 400 euros, a fine of one to three months) is reserved for trivial sums.
Where the deception operates through a computer manipulation that triggers a non-consented transfer of assets —key phishing, swapping of wallet addresses, automated draining of a contract— the applicable offence is computer fraud under Article 249.1.a, carrying the same penalty of six months to three years. Aggravating factors —special gravity owing to the value defrauded, a multiplicity of victims, abuse of personal relationships or business credibility— raise the matter to aggravated fraud under Article 250.1, with one to six years, while the hyper-aggravated cases of Article 250.2 reach four to eight years. The old numbering should be ruled out from the outset: computer fraud is today 249.1.a, not 248.2.
Other protected interests frequently overlay these property offences. Channelling proceeds of crime into the legitimate economy through exchanges, mixers or chains of wallets is money laundering under Article 301, carrying six months to six years; the negligent variant of Article 301.3 is punished with six months to two years. Concealing trading or mining gains from the tax authorities, once the defrauded-quota threshold is crossed, is a tax offence under Article 305 (one to five years), aggravated under Article 305 bis (two to six years) where, among other circumstances, the defrauded quota exceeds 600,000 euros or opaque structures are used. If the operation runs through a company, the corporate criminal liability of Article 31 bis may also be engaged, enforceable independently of the directors' liability and modulated by an effective compliance programme.
Blockchain forensic evidence and how a court weighs it
Blockchain traceability is both the prosecution's main strength and the terrain on which a crypto case is most often won or lost. The distributed ledger is public and immutable, yet a hash, an address or an on-chain movement does not by itself identify a natural person: it proves that an asset moved between addresses, not who controlled the private keys at that moment. The defence must rigorously separate the technical datum —incontrovertible— from the inference of authorship —contestable— because the gap between the two is precisely where reasonable doubt usually lies.
The forensic expert report that links addresses to a suspect rests on clustering heuristics, service attribution and pattern analysis, often supported by tools from private blockchain-intelligence firms. It is right to scrutinise the reliability of the method used, the chain of custody of the wallet and device images, the integrity of the on-chain captures and whether the expert has documented the margin of error of the attributions. Mixing techniques, cross-chain bridges, privacy networks and shared custodians introduce breaks in traceability that a prosecution report does not always acknowledge.
Criminal proceedings are governed by the presumption of innocence, and the burden of proof lies with the prosecution, so a court cannot convict on a merely probabilistic, unverified attribution. Established doctrine requires expert evidence to be subjected to effective cross-examination at trial, with the expert in attendance, and the attribution of key control to be supported by external corroborating elements —seized devices, credentials, communications, exchange KYC data— and not by chain analysis alone. A sound technical counter-report exposing the methodological limits of the official analysis is frequently the decisive piece of the defence strategy.
Asset recovery, confiscation and routes to terminate the proceedings
The financial dimension of a crypto case does not end with a custodial penalty. From the outset of the investigation the court may order the freezing and seizure of wallets, keys and exchange balances as a precautionary measure, and a conviction entails confiscation of the instruments and proceeds of the offence (Articles 127 and following of the Criminal Code), including extended confiscation and confiscation of third-party assets where their unlawful origin is established. A diligent defence monitors the proportionality of those measures, the correct identification of the affected assets and the position of good-faith third parties whose funds may have been caught in the freeze.
For the victim, the priority is usually recovery of what was lost. Criminal prosecution allows the civil claim to be brought within the proceedings themselves to obtain restitution or compensation, and to request, at an early stage, securing measures over the assets located before they disperse through fresh transaction chains or move to non-cooperative jurisdictions. Speed is decisive: once funds pass through mixing services or are fragmented, both traceability and effective recovery become considerably harder.
It is worth distinguishing when a dispute belongs to the criminal sphere and when it should be channelled through the civil or administrative route. Not every breach of contract, loss from volatility or quarrel with a platform amounts to an offence: absent sufficient deception or fraudulent intent, the matter belongs to the civil courts, and breaches of the MiCA framework or of anti-money-laundering rules may give rise to administrative liability with no criminal reach. Finally, within the criminal proceedings, the routes to termination must be weighed: a well-negotiated plea agreement can substantially reduce the sentence, repairing the harm and regularising the tax position operate as notably effective mitigating factors, and custodial sentences of no more than two years may have their enforcement suspended where the statutory requirements are met.
Penalties & Consequences: Crypto and Digital Assets Criminal Defense
| Type / Scenario | Criminal Penalty |
|---|---|
| Aggravated fraud (Art. 250 CP) | Imprisonment 1-6 years + fine. Applicable when special gravity by value or number of victims concurs. |
| Money laundering (Art. 301 CP) | Imprisonment 6 months to 6 years + fine of the amount up to triple the value. |
| Crypto tax offense (Art. 305 CP) | If evaded quota >€120,000: imprisonment 1-5 years + fine up to six times. Multiplication per fiscal year. |
* Penalties shown are indicative. The actual penalty depends on case circumstances, applicable mitigating and aggravating factors.
Defense Strategy: Crypto and Digital Assets Criminal Defense
Criminal-Tax Bifurcation
Coordinate criminal defense with tax regularization (Form 721 + supplementary returns) to activate Art. 305.4 CP exemption.
Blockchain Counter-Expert
Engage an independent blockchain expert with judicial accreditation to challenge the prosecution's tracing.
Crypto Restitution Reparation
Restitution by transferring the crypto assets to the victim or consignment in a wallet under judicial control.
Crypto Fraud Defence: Scams, On-Chain Tracing, MiCA & Asset Seizure
Crypto-related criminal cases combine classical offences — fraud (Arts. 248-250 CP), money laundering (Art. 301 CP), tax fraud (Art. 305 CP) and criminal organisation (Art. 570 bis CP) — with the technical reality of blockchain: pseudonymous wallets, mixers, cross-chain bridges, stablecoins and DeFi protocols. There is no autonomous "crypto offence": prosecutors must fit the facts into an existing criminal type and prove the on-chain flow with admissible expert evidence. Defence therefore demands both criminal-law expertise and independent blockchain forensics.
Penalty Table: Crypto-Asset Offences
| Offence | Article | Description | Penalty |
|---|---|---|---|
| Basic crypto fraud | Arts. 248-249 | Deception inducing the transfer of crypto-assets (fake broker, fake platform) | 6 months – 3 years |
| Aggravated fraud | Art. 250 | Special gravity, multiplicity of victims or high amount | 1 – 6 years |
| Money laundering with crypto | Art. 301 | Concealing illicit origin via mixers, bridges or exchanges | 6 months – 6 years + fine |
| Crypto tax fraud | Art. 305 | Evaded quota over €120,000 per fiscal year (Form 721) | 1 – 5 years + fine |
| Computer damage / DeFi exploit | Art. 264 | Exploit damaging systems or data (smart-contract attack) | 6 months – 3 years |
| Criminal organisation | Art. 570 bis | Structured group running crypto fraud at scale | 2 – 8 years |
Key Defence Strategies
Independent Blockchain Counter-Expert
Chainalysis, Elliptic or TRM tracing graphs are interpretations, not certainties. An accredited own expert can challenge address clustering heuristics, mixer assumptions and the attribution of a wallet to a specific person.
Market Contingency vs. Deception
A loss is not a crime. Many crypto disputes are investment risk, protocol failure or contractual breach — civilly reproachable but criminally atypical. The defence isolates genuine deception (Art. 248) from ordinary market loss.
Good Faith & KYC Diligence
Documented KYC, lawful source of funds, Form 721 reporting and declared capital gains rebut the knowledge element of laundering and fraud. Willful blindness must be proven, not presumed.
Criminal-Tax Bifurcation
Voluntary tax regularisation can activate the Art. 305.4 CP exemption, while the administrative track (CNMV/SEPBLAC) is handled separately from the criminal process, where defences may diverge.
Key Case Law
The Supreme Court accepts that the appearance of a legitimate trading platform or broker can constitute the 'sufficient deception' of Art. 248: the victim's error is measured against the credibility of the staged operation, not against the abstract diligence of an expert investor.
On-chain tracing is valid evidence but subject to expert contradiction. Traceability of a flow to a wallet does not, by itself, prove the intent (dolo) of its holder; the prosecution must still establish knowledge and control.
Using undeclared crypto gains to make further investments may integrate self-laundering (Art. 301.1) in concurrence with tax fraud (Art. 305), creating double criminal exposure that the defence must dismantle element by element.
Why Choose Us?
Need a criminal defense lawyer for this type of offense? Here's how we work:
Do you need specialised legal assistance?
The judicial system is complex. We have the criminal-law specialisation and technical resources required to take on the defence.