Crypto Crime Reaches a Record $154 Billion in 2025 – Sanction‑Evasion by State Actors Leads the Surge
Blockchain analytics firm Chainalysis warns that the rapid growth of on‑chain illicit activity is being driven by nation‑states that are increasingly using cryptocurrency to bypass international financial restrictions.
Overview
The latest Chainalysis Crypto Crime 2026 report shows that illicit transactions on public blockchains hit an unprecedented $154 billion in 2025, eclipsing the previous high‑water mark set the year before. While cyber‑crime, fraud and money‑laundering still dominate the illegal crypto landscape, the fastest‑growing segment is sanctions evasion, which rose 694 % year‑over‑year.
Even after stripping out the sanctions‑related flows, the total illicit volume would still have set a record, underscoring a broad‑based increase across most categories of crypto crime. Despite the surge, illicit activity still accounts for under 1 % of all blockchain transactions, indicating that the vast majority of on‑chain activity remains legitimate.
State‑Aligned Crypto Operations
Russia’s Ruble‑Backed Token
Russia introduced a token dubbed A7A5, reportedly backed by the ruble. Within its first twelve months the token moved over $93 billion, serving as a conduit for Russian entities to sidestep sanctions and transfer value internationally.
North Korea’s Hack‑and‑Grab Campaigns
North Korean cyber‑units continued to be the most prolific state‑linked hackers, siphoning roughly $2 billion in cryptocurrency during 2025. The most notable incident was a $1.5 billion theft from the Bybit exchange, the largest digital‑asset heist on record.
Iran’s Crypto‑Enabled Trade Networks
Iranian actors leveraged crypto to finance oil sales, procure weapons and launder proceeds. Chainalysis tracked more than $2 billion flowing through wallets tied to sanctioned Iranian entities.
Takeaway: Governments in sanctioned jurisdictions are no longer peripheral players; they are actively constructing on‑chain financial ecosystems that rival traditional illicit networks in scale and sophistication.
Stablecoins as the Preferred Vehicle
Stablecoins now dominate illicit on‑chain value transfers, representing 84 % of the total illicit volume. Their price stability and ease of cross‑border movement make them attractive for both criminal enterprises and sanctioned states seeking to avoid the volatility of native crypto assets.
Takeaway: Regulators should prioritize monitoring stablecoin bridges, mixers and cross‑chain gateways, as they are the primary arteries of illicit financial flows.
The Rise of Chinese‑Language Money‑Laundering Networks (CMLNs)
A new cohort of laundering services operating primarily in Mandarin has emerged as a key hub in the global crypto‑crime supply chain. These “laundering‑as‑a‑service” outfits manage roughly 20 % of known illicit crypto laundering traffic, handling billions of dollars annually. Their operational model includes:
- Money‑mule networks and over‑the‑counter brokers.
- Gambling platforms that accept crypto.
- Discounted “Black U” stablecoin markets.
- Coordination through Telegram groups and marketplaces.
Takeaway: The linguistic and cultural focus of these networks adds an extra layer of complexity for law‑enforcement agencies that must navigate language barriers and decentralized communication channels.
Industrial‑Scale Scams
Fraud remains a major pillar of illicit crypto activity, with scammers extracting at least $14 billion in 2025—potentially up to $17 billion as additional addresses are identified. Impersonation scams exploded, growing over 1,400 % YoY, fueled by AI‑generated phishing kits, “phishing‑as‑a‑service” platforms, and ready‑made victim databases.
The ecosystem has become highly professionalized: separate vendors provide phishing scripts, credential‑harvesting tools, and downstream laundering services, enabling rapid scaling of attacks.
Takeaway: The convergence of AI, service‑provider markets and crypto liquidity is lowering the barrier to entry for sophisticated fraud operations.
A More Structured Illicit Landscape
Chainalysis’ findings paint a picture of a crypto‑crime ecosystem that is transitioning from ad‑hoc cyber‑criminals to organized, state‑aligned financial networks. Key characteristics include:
- Scale: State‑backed tokens and large‑scale hacks now move tens of billions of dollars on‑chain.
- Infrastructure: Dedicated laundering services, token issuers, and cross‑border payment channels resemble legitimate financial institutions.
- Transparency vs. Obfuscation: While blockchain’s public ledger enables tracing, the growing sophistication of mixers, cross‑chain bridges, and anonymizing protocols makes detection increasingly difficult.
Takeaway: Regulators and law‑enforcement must adapt to a threat model where geopolitical agendas, cyber‑crime, and decentralized finance intersect, demanding coordinated international responses and advanced analytic tools.
Key Takeaways
| Insight | Implication |
|---|---|
| Sanctions evasion surged 694 % YoY, now the fastest‑growing crypto‑crime category. | Focus on monitoring token issuances and cross‑border transfers linked to sanctioned jurisdictions. |
| Stablecoins represent 84 % of illicit volume. | Policy attention on stablecoin issuance, custodial controls, and cross‑chain interoperability. |
| State actors (Russia, North Korea, Iran) are building on‑chain financial infrastructures. | International cooperation is essential to trace and freeze state‑linked assets. |
| Chinese‑language laundering networks handle ~20 % of illicit flows. | Enforcement agencies need multilingual intelligence capabilities and outreach to Telegram‑based marketplaces. |
| Scams grew >1,400 % YoY, driven by AI and “phishing‑as‑a‑service”. | Public‑education campaigns and rapid detection of phishing kits are critical. |
| Overall illicit activity remains <1 % of total blockchain volume. | While still a minor slice, the absolute dollar amount is sizable and growing, justifying heightened scrutiny. |
Outlook
The record $154 billion in illicit on‑chain activity underscores a fundamental shift: cryptocurrency is no longer a peripheral tool for isolated criminal actors but a mainstream financial conduit for sanctioned states and organized crime. As governments and illicit groups continue to refine their on‑chain operations, the gap between legitimate DeFi ecosystems and illicit finance narrows.
Chainalysis cautions that the intertwining of geopolitics, cyber‑crime, and crypto finance elevates the stakes for regulators worldwide. Continued investment in blockchain forensics, cross‑jurisdictional data sharing, and targeted policy frameworks—especially around stablecoins and state‑linked tokens—will be vital to contain the next wave of crypto‑enabled crime.
Source: https://thedefiant.io/news/security/crypto-crime-hits-record-usd154-billion-as-sanctioned-states-turn-to-blockchain
