Illicit Crypto Flows Estimated at $154–$158 Billion in 2025

Illicit cryptocurrency addresses received an estimated $154 to $158 billion in 2025, a near 162% year-over-year increase, with stablecoins accounting for about 84% of that volume. Sanctions-related flows rose and nation-state-aligned actors, notably DPRK-linked groups, stole roughly $2 billion including a single exploit that cost an exchange about $1.5 billion. Criminal operations combined credential theft and compromised infrastructure with transaction signing and withdrawal authorization, then used mixers, cross-chain swaps, OTC desks, money brokers, and weak-control jurisdictions to launder proceeds while repeatedly reusing the same liquidity hubs, stablecoin pairs, and counterparties. Physical coercion and in-person intimidation of traders and executives increased and incidents were sometimes timed to price movements. Investigators and analytics providers pooled signals, improved attribution and tracing, and law enforcement reported record seizures in 2025 through faster tracing and legal actions to freeze assets. Entity risk scores became dynamic as addresses flipped to high risk when new attribution data appeared. Guidance for exchanges and custodians includes hardening key and withdrawal controls with multi-party signing, staged approvals, velocity limits, emergency rotation plans, continuous monitoring of stablecoin corridors, stress testing of hot wallet scenarios, and rehearsed playbooks with prearranged law enforcement contacts. Guidance for funds and enterprise treasuries includes segmenting wallets by function and risk, using hardware-backed signing, granting just-in-time access, screening counterparties and flows against sanctions lists with real-time alerts, prearranging emergency contacts, and practicing on-chain incident response playbooks. Guidance for individuals and developers includes training for phishing and social engineering, preferring hardware wallets and multisig, minimizing hot wallet balances, using allow lists, spend limits, time locks, session isolation, and independent verification of transfer requests. Entity-aware analytics, graph enrichment, dynamic watchlists, fast preplanned holds, legal orders, and participation in shared intelligence programs were associated with improved recovery and seizure outcomes. Three measurable signals to track through 2026 are the velocity of sanction-related flows across stablecoin corridors, the operational tempo of DPRK-linked intrusion campaigns, and the ratio of value recovered through seizures versus value stolen. 

Source: https://web3businessnews.com/crypto/secure-digital-assets-crypto-crime/

Hosted on Acast. See acast.com/privacy for more information.