Crypto laundering
Cryptocurrency rails used globally to launder illicit proceeds, linking ransomware gangs, North Korean hackers, and Russian exchanges in a US$82 billion shadow financial system.
أضف إلى قائمة
لا قوائم بعد.
What it is
Crypto laundering is the use of cryptocurrency infrastructure to disguise the origin and control of criminal proceeds. The pattern mirrors fiat money laundering: placement (converting earnings into crypto via over-the-counter desks, unregulated exchanges, or ransomware payment demands), layering (obscuring the trail through mixers, cross-chain bridges, privacy coins such as Monero, or rapid wallet-to-wallet swaps), and integration (converting back to fiat via compliant exchanges or real-asset purchases). What distinguishes crypto laundering is that every transaction is recorded publicly on-chain, making it simultaneously traceable and, if layered skillfully, harder to freeze than a conventional bank transfer.
Stablecoins, principally Tether (USDT), have overtaken Bitcoin as the dominant vehicle. Chainalysis estimated stablecoins accounted for 84% of illicit on-chain volume in 2025, up from 63% in 2024, partly because large sums can move across chains without the price-volatility risk that disadvantages criminal holders.
History
The first major use case was Silk Road (2011-2013), where Bitcoin settled drug payments until the US Federal Bureau of Investigation shut the marketplace and arrested founder Ross Ulbricht in October 2013. The Russian-linked BTC-e exchange, which processed an estimated US$4 billion in criminal proceeds, was seized by US authorities in July 2017. A more sophisticated era began with the rise of decentralised finance: Tornado Cash, an Ethereum-based mixer, had processed an estimated US$7.6 billion before the US Treasury's Office of Foreign Assets Control sanctioned it in August 2022, the first time OFAC targeted a software protocol rather than a person or organisation. Dutch and US courts later convicted its developers on money-laundering charges. By 2022, Russia-linked exchange Garantex faced OFAC sanctions after facilitating ransomware and darknet-market proceeds; it rebranded as Grinex in 2025 before a further redesignation and collapse (see وزارة الخزانة الأمريكية تعيد إدراج Garantex وخليفتها Grinex مع انهيار مغسلة الأموال).
Current state
Chainalysis estimated total crypto crime at US$154 billion in 2025, with laundering flows accounting for roughly US$82 billion. Two actor groups dominate the scale. Chinese-language underground networks, including the Huione Guarantee marketplace (US$70 billion in cumulative transactions since 2021), laundered an estimated US$16 billion in 2025, about 20% of global illicit crypto volume. North Korea's Lazarus Group stole US$2 billion that year, nearly US$1.5 billion of it in the February 2025 Bybit hack, channelling proceeds through mixer services and over-the-counter brokers (see سرقات كوريا الشمالية للعملات المشفرة عبر مجموعة لازاروس تتجاوز ملياري دولار مع ملاحقة الخزانة الأمريكية لمُبيّضي أموال عمال تقنية المعلومات). Ransomware crews that reconsolidated around Qilin and affiliated groups in early 2026 continue to demand payment in Bitcoin or Monero and launder proceeds via specialist OTC desks (see برامج الفدية تعود إلى التمركز حول Qilin و'The Gentlemen' فيما يتصدر القطاع الصحي قائمة الضحايا). Law enforcement disrupted several malware-based on-ramp networks in June 2026, freezing €41 million in criminal crypto (see عملية إندغيم تقضي على منافذ برمجيات StealC وAmadey وSocGholish للفدية).
Relationships
Crypto laundering is the shared financial layer connecting otherwise distinct threat actors. Ransomware gangs depend on it to convert extortion payments into spendable fiat. Sanctions-constrained states, Russia and North Korea most visibly, use it to circumvent the SWIFT-based correspondent banking system and fund state programmes. The UNODC's October 2024 convergence report documents how Southeast Asian crime syndicates built purpose-built crypto exchanges alongside underground casinos to move fraud and trafficking proceeds across borders without bank accounts. Blockchain analytics firms, chiefly Chainalysis, Elliptic, and TRM Labs, now sit between law enforcement and regulated exchanges, flagging tainted addresses in near-real time; exchanges that ignore those flags face OFAC penalties and potential delisting.
What to watch
The Financial Action Task Force's June 2025 targeted update found 21% of member jurisdictions still fail to meet basic crypto AML/CFT requirements. The Travel Rule, which requires virtual-asset service providers to pass counterparty identifying data with each transaction, has been enacted by 73% of FATF members but effective enforcement lags significantly behind legislation. Three dynamics will determine the trajectory: whether stablecoin issuers, particularly Tether (incorporated in the British Virgin Islands), institutionalise freeze cooperation with global law enforcement at scale; whether zero-knowledge proof technology creates a new generation of assets that blockchain analytics cannot trace; and whether the Financial Stability Board's proposed global virtual-asset service provider licensing framework, under discussion as of mid-2026, establishes binding cross-border standards that close the jurisdictional gaps that laundering networks exploit.