2025 Crypto Crime Shatters Records: Nation-States Steal Billions Amid Surging Illicit Activity

By Staff Reporter

Illicit cryptocurrency transactions skyrocketed to at least $154 billion in 2025, marking a 162% increase from 2024 and highlighting the deepening entanglement of nation-state actors with digital asset crime, according to the Chainalysis 2026 Crypto Crime Report.

Nation-States Drive Unprecedented Surge

The report reveals a dramatic escalation in activity by sanctioned entities, with funds flowing to these addresses surging 694% year-over-year. This growth propelled 2025 into record territory for crypto crime, even excluding sanctions-related inflows, as illicit categories across the board saw increases.

North Korea emerged as the most aggressive state actor, with hackers linked to the Democratic People’s Republic of Korea (DPRK) stealing a record $2.02 billion in cryptocurrency—a 51% rise from 2024 despite 74% fewer known attacks. This pushed their all-time theft total to $6.75 billion. The year’s standout incident was the February Bybit exploit, the largest digital heist in history at nearly $1.5 billion, accounting for a significant portion of losses alongside two other mega-hacks that represented 69% of total thefts.

DPRK operatives achieved these feats through sophisticated tactics, including embedding IT workers inside crypto services and executive impersonation, underscoring their evolution beyond typical cybercriminals.

Russia and Iran Leverage Crypto for Sanctions Evasion

Russia’s ruble-backed A7A5 token facilitated over $93 billion in sanction-evasion transactions, enabling cross-border payments and goods procurement amid Western sanctions. Meanwhile, Iran-linked networks, including proxies like Lebanese Hezbollah, Hamas, and the Houthis, laundered more than $2 billion through crypto for illicit oil sales, arms procurement, and terrorist financing.

This ‘Wave 3’ of crypto crime—following early niche cybercrime and professionalization phases—signals geopolitics moving on-chain, with governments tapping illicit infrastructure originally built for criminals.

Stablecoins and Chinese Networks Fuel Illicit Flows

Stablecoins dominated the surge, comprising 84% of the $154 billion in illicit volume due to their liquidity, stability, and cross-border utility, eclipsing volatile assets like Bitcoin. This shift has enabled a ‘shadow system’ of programmable dollars, amplifying risks in decentralized finance (DeFi).

Chinese money laundering networks (CMLNs) rose as central players, offering ‘laundering-as-a-service’ to fraud groups, North Korean hackers, sanctioned entities, and even terrorist financiers. Building on models like Huione Guarantee, these networks provide full-service criminal infrastructure.

Links to Physical Crime Intensify

Beyond digital theft, crypto’s ties to real-world violence grew alarmingly. Human trafficking rings and ‘physical coercion attacks’—where victims are forced to transfer assets under duress—spiked, often timed with market highs to maximize proceeds. Professional drug cartels are also experimenting with crypto for fentanyl precursor purchases from China-based suppliers, blending traditional laundering with digital assets.

Despite representing under 1% of total crypto volume, the absolute scale and professionalization of these threats demand heightened vigilance from regulators, law enforcement, and industry.

Implications for 2026 and Beyond

Chainalysis notes that figures are lower-bound estimates, with totals expected to rise as more illicit addresses are identified—as seen with 2024’s revised estimate jumping from $40.9 billion to $57.2 billion. North Korea’s efficiency with fewer but larger attacks suggests much activity remains undetected.

Experts warn of continued expansion in 2026, with nation-states deepening crypto reliance and illicit ecosystems maturing further. Blockchain intelligence tools offer enforcement advantages, particularly at fiat off-ramps where sanctioned actors are vulnerable.

The maturation of on-chain crime infrastructure—from hacking and laundering to sanctions evasion—poses evolving challenges. As crypto bridges innovation and anonymity, stakeholders must adapt to counter these geopolitical and criminal threats.

(Word count: 1028)