← back to the index
VT-015 Crypto exchange · Poland 2019

Coinroom — A Text Message Was the Only Notice. Then the Money Was Gone.

trading-exchangeat-largeico-era
Platform
Coinroom
Est. Losses
$4M+ (est.)
Users Affected
Several thousand
Status
At-Large

Summary

Coinroom, one of Poland's most active retail cryptocurrency exchanges, executed an exit scam on April 2, 2019, notifying users via a brief email that the platform was terminating all contracts and that customers had approximately 24 hours to withdraw their holdings. Customers who did not act — or who tried and found their withdrawals blocked — lost deposits ranging from PLN 300 ($79) to PLN 60,000 ($15,660). Seconds after the deadline passed, the exchange's website went dark, its phone lines went silent, and all social media accounts were deleted. The company's director, Tomasz Zbigniew Wiewior, disappeared. Polish prosecutors opened a criminal investigation, but as of available reporting, no arrest or conviction of Wiewior has been publicly confirmed.

The exchange had been registered in 2016 and began operating its trading platform in 2017, offering Polish retail users a straightforward fiat-to-crypto on-ramp with PLN pairs for Bitcoin, Ethereum, and other major cryptocurrencies. It carried no regulatory oversight, operated without any mandatory capital reserve requirement, and maintained no deposit protection mechanism. Its user base was predominantly Polish, composed largely of retail investors making first or second cryptocurrency purchases, many of whom held balances equivalent to weeks or months of savings.

The April 2019 exit was not spontaneous. The sequence of preparation required — deleting social media profiles, disabling the website, shutting down telephone lines, and creating the infrastructure for Wiewior to leave the jurisdiction — constitutes coordinated pre-planning. Reporting from Polish financial publication Money.pl and others indicated that Wiewior was alleged to have established a company in Estonia prior to the closure, suggesting advance preparation for departure. No public charges have been filed against Wiewior in available reporting as of the time of this dossier, and no assets have been returned to depositors.

Timeline

2016
Coinroom registered
The company operating Coinroom is registered in Poland. Tomasz Zbigniew Wiewior is identified as the company's director.
2017
Exchange launches
Coinroom opens its trading platform at coinroom.com, offering PLN-denominated pairs for Bitcoin, Ethereum, Litecoin, and other cryptocurrencies. It markets itself as a user-friendly entry point for Polish retail investors new to cryptocurrency.
2018–early 2019
Platform grows
Coinroom accumulates several thousand registered users and becomes one of the better-known Polish exchanges, operating alongside BitBay and others. No public disclosures of financial difficulties are made.
April 2, 2019
Closure notice issued
Users receive an email from Coinroom announcing the termination of all contracts and instructing them to withdraw all holdings within 24 hours, or subsequently request withdrawals via email to the support team. No explanation for the closure is provided in the notice.
April 3, 2019
Withdrawal confirmations sent, funds not received
Some users report receiving withdrawal confirmation emails from Coinroom without the corresponding funds arriving. At least one user documents receiving a withdrawal confirmation for 2.005 BTC that was never processed.
April 5, 2019
Platform goes dark
The Coinroom website ceases to function. All social media accounts — Twitter, Facebook, and others — are deleted. Telephone lines are disconnected. The company becomes unreachable through all previously available channels.
Mid-April 2019
Wiewior provides a deadline, then disappears
Reports indicate the company director had told some users that stuck deposits would be resolved by April 19. That date passes with no communication and no funds transferred. Users attempting to contact Wiewior find all contact information non-functional.
Late April – May 2019
Reports filed with prosecutors
Victims file reports with the Polish prosecutor's office. Polish financial media, including Money.pl, reports that Wiewior is alleged to have formed a company in Estonia prior to the closure. The prosecutor's office in Warsaw announces a formal criminal investigation.
June 2019
Investigation confirmed
CoinDesk and Polish-language media confirm the ongoing criminal investigation. Victim groups organise and pool information to assist prosecutors in reconstructing the deposit and withdrawal history of the platform.
2019–2026
Wiewior at large
No arrest or extradition of Tomasz Zbigniew Wiewior is confirmed in publicly available English-language or Polish-language reporting as of the time of this dossier. The investigation remains formally open. Users have not received any reported restitution.

The Coinroom Model: Retail Access, No Accountability

Coinroom's appeal to its users was functional simplicity. It offered Polish zloty pairs for Bitcoin and major altcoins at a time when domestic cryptocurrency access required navigating foreign exchange platforms with more complex verification and banking requirements. The platform's registration in 2016 and launch in 2017 placed it in the mainstream of the Polish retail crypto market, where it operated alongside BitBay — the country's dominant exchange — as an accessible secondary option.

The users who deposited into Coinroom were not speculative traders managing large portfolios. The documented deposit range — from PLN 300 at the lower end to PLN 60,000 at the upper — reflects a base of retail savers and investors making measured allocations. Several thousand users are reported to have held active balances at the time of closure. Many reported their deposits on Polish cryptocurrency forums, where the conversation shifted within hours of the April 2 email from questions about exchange reliability to a recognition that the platform had vanished.

Poland in April 2019 had no regulatory framework that required cryptocurrency exchanges to register with a financial authority, segregate customer funds, or maintain any auditable reserve. Coinroom operated in this environment without any external constraint on how it managed the deposits entrusted to it. There was no deposit insurance, no capital adequacy requirement, and no supervisory body with the mandate or mechanism to intervene. The KNF had no jurisdiction. The regulatory infrastructure that would have required exchanges to meet minimum standards did not apply to virtual asset service providers under Polish law at the time.

The Twenty-Four-Hour Window and Its Architecture

The closure notice Coinroom sent on April 2, 2019 contained a specific and deliberate element: a 24-hour withdrawal window. This is not a standard operational feature of exchange closures. A legitimate platform ceasing operations for commercial reasons would typically engage a wind-down process over days or weeks, coordinating with users to ensure fund retrieval and, in Poland, potentially engaging with creditor protection frameworks. A 24-hour window does the opposite: it creates urgency, limits the time available for users to respond, and ensures that a substantial fraction of the user base — those who did not see the email immediately, those who were at work or asleep, those whose deposits were in process — would miss the deadline.

The subsequent pattern confirmed the design. Withdrawal confirmations were issued for some requests while the corresponding funds were not transferred. This sequence — issuing confirmations without processing payments — created false evidence that withdrawals were being handled, potentially deterring immediate escalation to authorities by users who believed their request was in the queue. By April 5, when the website and all contact channels disappeared simultaneously, the practical window for any recovery action had effectively closed.

The reported allegation that Wiewior had formed an Estonian company before the closure is significant because it implies that the exit infrastructure — the legal entity that could receive transferred funds in another jurisdiction — was in place before the notice was sent. Exit scams of this type require advance corporate and banking preparation; they are not executed in the hours following a closure decision. The April 2 email was the final step in a sequence that had begun weeks or months earlier.

Several Thousand People, No Mechanism for Recovery

The victim population's balances present the characteristic profile of a retail exit scam. Users who deposited PLN 5,000 or PLN 10,000 were placing amounts equivalent to one or two months of average Polish income into an exchange they had no external basis to evaluate for financial integrity. There were no audited accounts, no proof-of-reserves publication, no independent assessment of holdings relative to liabilities. Users trusted a functioning website and a working withdrawal history.

The Money.pl estimate of "several thousand" victims and a total loss exceeding $4 million reflects the aggregate of individually modest deposits. Polish consumer groups and victim organisations filed collective actions and pooled documentation to assist prosecutors. The investigation's practical difficulty was that the operator had disappeared, platform servers were offline, and the corporate entity that received deposits was effectively a shell at closure. Tracing funds required cooperation with foreign jurisdictions, including Estonia.

The Five Factors

01
Unregulated exchange as unaccountable custodian
Coinroom operated as a custodian of user cryptocurrency deposits with no regulatory requirement to demonstrate the existence of those deposits, maintain reserve ratios, or segregate customer funds from operational funds. In an unregulated environment, the exchange's representations about user balances are backed by nothing beyond the operator's continued willingness to process withdrawals. When that willingness ends, so does user access.
02
Deliberate closure architecture
The 24-hour withdrawal window, simultaneous deletion of all contact channels, issuance of withdrawal confirmations without payment processing, and alleged pre-establishment of a foreign corporate entity collectively indicate a planned rather than spontaneous exit. Exit scam architecture is not a failure mode of otherwise legitimate exchanges; it is a deliberate design choice made in advance. Its presence distinguishes fraud from commercial insolvency.
03
Anonymity asymmetry in platform identity
Despite being registered in Poland under Wiewior's name, Coinroom's operators maintained a level of obscurity about the platform's actual financial structure, ownership of wallets, and operational entity that left users with no meaningful ability to evaluate their counterparty. Users knew the brand; they did not know the balance sheet, the wallet controls, or the corporate structure through which their deposits were held.
04
Jurisdictional arbitrage via post-closure relocation
The alleged establishment of a company in Estonia before the Polish exit created a potential legal refuge: Polish prosecutors investigating a Polish entity would face significantly greater complexity in recovering assets transferred to a foreign corporate structure. The European Union's internal market principles do provide enforcement cooperation mechanisms, but these are slower and more resource-intensive than domestic proceedings. Advance foreign incorporation is a documented tactic for making stolen funds harder to recover.
05
Retail deposit profile reduces collective legal capacity
Users with deposits of PLN 300 to PLN 60,000 individually face the economic reality that the cost of private legal action in a cross-border fraud investigation may exceed the value of the claim. This asymmetry between the per-user loss and the cost of pursuit is a structural feature that exit scams targeting retail depositors exploit. Collective actions and prosecutorial aggregation are the only mechanisms that make the claim sizes economically viable to pursue.

Aftermath

Tomasz Zbigniew Wiewior remained at large as of available reporting at the time of this dossier. No confirmed arrest, extradition request, or conviction has been documented in English-language or Polish-language reporting available to this research. The Polish prosecutor's office maintained an active investigation, but the practical difficulty of tracing assets through a foreign entity while the operator remains outside reach constrained its progress.

Coinroom was one of two significant Polish cryptocurrency exchange frauds in 2019 — Bitmarket.pl (VT-013) closed four months later. Together they accelerated Polish implementation of the EU's Fifth Anti-Money Laundering Directive requirements for virtual asset service providers, establishing a registration and compliance framework that became operational in 2021. No user funds have been publicly reported as recovered.

Lessons

  1. A cryptocurrency exchange that provides no audited proof of reserves and operates without regulatory oversight has no externally verifiable obligation to hold the funds it represents to users as available; the functioning withdrawal history of a platform is evidence only that withdrawals were processed, not that sufficient reserves exist to cover all withdrawals simultaneously.
  2. A closure notice with an artificially compressed deadline — hours rather than days or weeks — is structurally incompatible with a good-faith wind-down and should be treated as a warning of deliberate asset diversion rather than commercial difficulty.
  3. The pre-closure establishment of a foreign corporate entity by an exchange operator is evidence of advance exit planning; regulators in receiving jurisdictions should treat newly incorporated entities from operators of failing platforms as potential vehicles for asset concealment.
  4. Exchange depositors should maintain independent records of all deposit transactions, withdrawal confirmations, and correspondence with platform operators, since these records become critical evidence when investigators attempt to reconstruct a collapsed platform's financial history.
  5. Retail deposit amounts that are individually below the threshold for private legal action in cross-border cases require collective victim organisation and prosecutorial aggregation to be actionable; victim communities that organise quickly and share documentation maximise the practical investigative resources available to prosecutors.

References