National-Level Players Enter the Arena: The 2025 Revelation of Uncontrolled Crypto Crime
- Core Viewpoint: State actors are deeply involved, marking a new, mature phase for illegal crypto activities.
- Key Elements:
- Illicit fund inflows reached $154 billion in 2025, a sharp increase of 162% year-on-year.
- North Korean hackers stole $2 billion, while Russian A7A5 token transaction volume exceeded $93.3 billion.
- Stablecoins account for 84% of illegal transactions, with Chinese money laundering networks emerging as the dominant force.
- Market Impact: Poses severe challenges to compliance, security, and national security.
- Timeliness Note: Long-term impact.
Original Author: Chainalysis
Original Compilation: Chopper, Foresight News
In 2025, we observed a significant increase in state-level cryptocurrency-related activities, marking a new, mature stage in the development of the illicit on-chain ecosystem. Over the past few years, the field of crypto crime has become increasingly professionalized; illicit organizations have now built large-scale on-chain infrastructure to support transnational criminal networks in procuring goods and services and laundering proceeds from crypto crimes. Against this backdrop, national governments have also entered this arena. On one hand, they leverage these mature professional service providers, and on the other hand, they are building their own customized infrastructure to evade sanctions on a large scale. As governments plug into this illicit cryptocurrency supply chain originally built for cybercriminals and organized crime groups, government agencies, compliance, and security teams now face severe challenges in terms of consumer protection and national security.
How are these developments and other industry changes specifically manifested on-chain? Next, we will analyze them by combining data with macro trends.
According to our monitoring data, the volume of funds flowing into illicit cryptocurrency addresses reached at least $154 billion in 2025, a sharp increase of 162% year-over-year. This growth was primarily driven by a massive surge in funds flowing to sanctioned entities, whose inflows skyrocketed by 694% year-over-year. However, even excluding the growth from sanctioned entities, 2025 was still a record-breaking year for crypto crime, as the scale of the vast majority of illicit activity categories increased.
Nevertheless, the scale of these illicit transactions remains dwarfed by the overall cryptocurrency economy, where legitimate transactions still dominate. We estimate that while the share of illicit transactions in the total traceable cryptocurrency transaction volume rose slightly in 2025 compared to 2024, it remained below 1%.
As shown in the chart below, we also observe a continuing shift in the types of assets involved in crypto crime.
Over the past few years, stablecoins have gradually become the dominant asset for illicit transactions, currently accounting for 84% of the total illicit transaction volume. This trend aligns with the overall development characteristics of the cryptocurrency ecosystem: stablecoins continue to expand their share of total cryptocurrency transactions due to advantages such as ease of cross-border transfers, low volatility, and broad application scenarios.
The following sections will delve into several core trends that defined the crypto crime landscape in 2025, which remain worthy of close attention in the future.
State-Level Threats Drive Transaction Volume: North Korea Sets New Record for Theft, Russia's A7A5 Token Facilitates Large-Scale Sanctions Evasion
In 2025, stolen funds remained a major threat to the cryptocurrency ecosystem, with North Korea-linked hacker groups alone stealing $2 billion. This figure was driven by several highly disruptive large-scale hacks, the most notable being the attack on the Bybit exchange in February. The incident involved nearly $1.5 billion, making it the largest digital asset theft in cryptocurrency history. Although North Korean hackers have long been a primary threat to the cryptocurrency ecosystem, the past year set new records for both the amount stolen and the sophistication of their intrusion and money laundering methods.
Particularly noteworthy is that state-level on-chain activity reached unprecedented levels in 2025. Russia enacted legislation in 2024 to promote the use of cryptocurrencies for sanctions evasion, and this initiative was formally implemented in February 2025. The country launched the ruble-backed token A7A5, which surpassed $93.3 billion in transaction volume in less than a year since its launch.
Meanwhile, over the past few years, Iran's proxy networks have conducted over $2 billion in on-chain activities, including money laundering, illicit oil trading, and bulk weapons procurement, through identifiable wallet addresses already on sanctions lists. Despite multiple military strikes, Iran-backed terrorist groups such as Hezbollah, Hamas, and the Houthis continue to use cryptocurrencies on an unprecedented scale.
In 2025, Chinese money laundering networks emerged as a dominant force within the illicit on-chain ecosystem. These sophisticated organizations have significantly advanced the diversification and professionalization of crypto crime, offering specialized criminal services including "money laundering services." Building upon earlier illicit operational models like "Huibao," these networks have evolved into full-service criminal enterprises, covering areas such as fraud, scams, laundering proceeds from North Korean hacks, sanctions evasion, and terrorism financing.
Full-Stack Illicit Infrastructure Providers Fuel Malicious Cyber Activity
While governments increase their use of cryptocurrencies, traditional cybercrime remains rampant: ransomware operators, child sexual abuse and cybercrime platforms, malware distributors, scammers, and illicit marketplaces still rely on extensive support networks to operate. Both illicit actors and governments are increasingly dependent on on-chain infrastructure providers offering full-stack services, including domain registrars, secure and reliable hosting services, and other technical infrastructure that can be used for malicious cyber activities.
These infrastructure providers have evolved into comprehensive infrastructure platforms capable of resisting platform takedowns, abuse complaints, and sanctions enforcement. As these services continue to scale, they may become a key driver in expanding the scope of malicious cyber activities for both economic crime and state-backed actors.
Growing Links Between Cryptocurrency and Violent Crime
In the perception of many, crypto crime remains confined to the virtual world. The perpetrators are merely anonymous figures behind keyboards, posing no real-world threat. However, the link between on-chain activity and violent crime is deepening. Human trafficking rings are increasingly using cryptocurrencies for transactions; at the same time, there has been a significant and concerning rise in violent coercion attacks, where criminals use physical force to compel victims to transfer crypto assets, often timed to coincide with peaks in cryptocurrency prices.
Looking ahead, collaboration between law enforcement, regulators, and cryptocurrency companies will be key to addressing these complex, evolving, and interconnected threats. Although the share of illicit transactions within legitimate cryptocurrency volume remains limited, maintaining the integrity and security of the cryptocurrency ecosystem has never been more important.
