Crypto Crime Record Breakdown
Illicit cryptocurrency addresses received at least $154 billion in 2025, marking a 162% year-over-year increase primarily driven by a 694% surge in funds to sanctioned entities. This figure, from Chainalysis’ 2026 Crypto Crime Report, represents a lower-bound estimate and remains below 1% of total crypto volume, yet signals deepening geopolitical intersections with blockchain. Even excluding sanctioned actors, 2025 set records across scams, ransomware, and thefts, highlighting crypto’s maturation as a crime vector.
Nation-State Blockchain Adoption
Sanctioned states like North Korea, Russia, and Iran increasingly rely on blockchain for sanctions evasion, fueling the crime surge. North Korea’s Lazarus Group stole $2 billion in 2025, including the record $1.5 billion Bybit hack in February, funding weapons programs. Russia launched its ruble-backed A7A5 token in February 2025, processing over $93.3 billion in under a year to bypass Western financial rails. Iran funneled over $2 billion through proxy networks for oil sales, arms procurement, and laundering via confirmed sanctioned wallets.
Professionalized Crime Infrastructure
Chinese money laundering networks (CMLNs) dominated, offering laundering-as-a-service and infrastructure for hacks, scams, and state evasion, building on models like Huione Guarantee. Stablecoins comprised 84% of illicit volume due to their cross-border utility and stability, mirroring legitimate trends but amplifying risks. Full-stack providers, including bulletproof hosting and domain services, enabled ransomware, CSAM platforms, and malware at scale.
Other Illicit Trends
Ransomware, scams, and darknet markets persisted, with infrastructure providers professionalizing operations amid rising violent crime links like human trafficking and coercion attacks timed to price peaks. TRM Labs reported a similar $158 billion peak, driven by Russia-linked flows and stablecoins to high-risk services. Enforcement adaptations, like crypto-native sanctions and takedowns, pushed actors to riskier channels.
Regulatory and Enforcement Response
Authorities disrupted networks like Garantex successors, with Elliptic identifying five exchanges aiding Russian evasion. U.S. probes target Iranian crypto platforms, while global coordination froze millions via units like T3 FCU. Chainalysis stresses public-private collaboration to track nation-state integration into illicit supply chains. Despite growth, illicit share stays low, but national security stakes rise.