When you hold the customers private keys, you are responsible for its security.
If suspicious transactions were identified, it is because your system lacks security, as you are the only one responsible for its security (as the user cannot spend funds, only you can).
It is the same as a bank, a cloned credit card... it is always banks/credit card fault, never customer fault. So, if suspicious transactions happened, you are the only one to blame.
Imo, the biggest problem is the lack of transparency. Why don't you let users choose if they want you to control the private keys or not? Why don't you ask them if they want to make KYC (and transact more than X btc) or not? Holding their funds hostage just because a lot of btc showed up, or you decided to create a "new holding criteria" is trustworth.
We do not deny this liability and consider it out top mission.
You've probably heard of many security breaches revealed with advanced exchange and wallet platforms. Preventing such breaches is a continuous task to do.
Our service model is based on providing a secure cold storage technology so we do not share private keys with individual addresses.
We are not able to detect every single individual situation bearing the risk of fraud with 100% guarantee and therefore impose KYC based on these criteria.
The one claiming a full transparency from financial service is in the best position for likes, approves and "supporting the flag".
However, as a service provider we also encounter the necessity to properly address all requests from public authorities on certain transactions.
From the part of customer service, we strive to ensure the best possible speed of resolution of such cases that are inevitable in existing reality.
We know that thanks to our system we identified a lot of suspicious transactions, which prevented our customers from losing money. That's a mere practice.
In this case, how did you stop this customer from losing money?
By ensuring he is a rightful owner of these funds.
