I can confirm that cryptomus.com is shady at best and that they think that having a company registration is enough to make them a legitimate business. In reality cryptomus.com is likely a frontend to a business from Russia and the overzealous AML "verifications" are likely in hope that this would help them stay safe from authorities. On top of that they also demonstrate total ignorance of how Bitcoin works.
We discovered cryptomus.com because we had a trade with a Russian exchange, the exchange could not complete the trade and eventually told us that the Bitcoin transaction we made was in fact made to a Bitcoin address in the custody of cryptomus.com and so that cryptomus.com blocked access to the funds with the claim that the transaction is "ransom". That is, they are basically accusing us of having coerced a victim into making that transaction.
We asked them to provide details to back up that nonsense, ..nothing. We told them to send back the funds to one of the input addresses, (this cancels the argument that we have ransomed someone), .. nothing.
Then they made further ridiculous demands such as: "screenshot of the withdrawal of the platform from which you have sent the funds to us", "through which platform did the funds come to you?", "through which contact person did you communicate with the sender of funds?".
Those morons apparently completely ignore the fact that you can make a transaction without a third party and/or a crappy centralized platform. On top of that, all those "evidences" could easily be forged. So we told them that there is nothing like that, instead we provided them cryptographic evidences that we made this transaction by signing messages with the private keys of the input addresses, an actual real proof. All of that in vain.
We've made a report to Canada's financial monitor, but this is going to take time. The person we were supposed to send money to has faced considerable damages and it was decided that we would proceed to the KYC nonsense to get the funds back faster. Before registering we read their "AML policy" where it is written that they do not do business with entities of several countries, including the Russian Federation and Ukraine, yet they definitely do business with these countries since they force users to register an account and provide their documents. In fact their business seems to mostly rely on Russian citizens and Russian exchanges, nothing surprising since cryptomus.com is very likely a Russian business. Well, the KYC "verification" passed anyway, and still no refund.
EDIT : They have now refunded the transaction after a successful campaign of disclosure. The transaction suddenly magically became refundable.
The cryptomus.com clowns also came up with other claims like: "Our AML partner requests this information". When we asked them to tell who their "partner" is, they could only come up with "
enforcement@cryptomus.com". In fact, they won't tell this information because, they are in reality likely using Bitcoin forensic scam services which make them believe they can detect whether a Bitcoin transaction is a fraud or not. The Bitcoin forensic scammers are mostly Russians and have been very good at marketing their service to Russian exchanges; yet this serve as another evidence that cryptomus.com is just a masked Russian business. Other evidences of that include the grammar mistakes that are typical to Russian speakers and that are present all over cryptomus.com' website.
They also seem to buy reviews on sites like TrustPilot. On other websites the reviews are way more mixed, in fact they seem to have removed their ads on websites such as bestchange, where reviews are quite mixed and where many users report similar situations.