*This article has been automatically translated. Please refer to the original article for accurate content.
The year 2025 saw a notable increase in state-sponsored activity in the cryptocurrency space, marking a new stage in the maturity of the illicit on-chain ecosystem. Over the past few years, the cryptocurrency crime landscape has become increasingly professionalized, with fraudulent organizations now operating large-scale on-chain infrastructure through which international criminal networks procure goods and services and launder illicitly obtained cryptocurrencies. This has led to state actors entering the space, either by using the same professional service providers or by building their own infrastructure to evade sanctions. The addition of state actors to the illicit cryptocurrency supply chain built for cybercriminals and organized crime groups presents government agencies and compliance and security teams with unprecedented risks to both consumer protection and national security.
How do these and other trends manifest on-chain? Let's take a look at the data and overall trends.
Our data shows that illicit cryptocurrency addresses received at least $154 billion in 2025. This represents a 162% increase over the previous year, driven primarily by a dramatic 694% increase in the amount received by sanctioned entities. Even if the amount received by sanctioned entities remained the same as the previous year, activity increased across nearly every illicit category, making 2025 a record year for cryptocurrency crime. It is important to note that this figure is a lower bound based on currently identified illicit addresses. [1]
These illicit transaction volumes remain small compared to the overall cryptocurrency economy (which is primarily legitimate). The share of illicit transactions in total cryptocurrency transaction volumes has increased slightly since 2024, but remains below 1%.[2]
We are also seeing a continuing shift in the types of assets used in cryptocurrency crimes, as shown in the chart below.
Stablecoins have dominated illicit trading for the past few years, currently accounting for 84% of all illicit transaction volumes. This coincides with a growing trend across the cryptocurrency ecosystem, where stablecoins are increasingly being used due to their practical advantages (ease of cross-border transfers, low volatility, and wide range of uses).
Below, we take a closer look at four key trends that will define crypto crime in 2025 and remain worthy of attention.
Record-breaking volume driven by nation-state threats: North Korea's largest-ever theft, Russia's A7A5 token massive sanctions evasion
Stolen funds remain a major threat to the ecosystem in 2025, with North Korean-linked hackers alone stealing $2 billion . In particular, the attack on Bybit in February was the largest digital heist in cryptocurrency history, with approximately $1.5 billion stolen. North Korean hackers have long been a serious threat, but last year was the worst ever in terms of both the amount of damage and the sophistication of their methods.
More importantly, 2025 saw unprecedented on-chain activity by nation states. Russia enacted sanctions evasion legislation in 2024 , launched its ruble-backed token A7A5 in February 2025, and recorded over $93.3 billion in transactions in less than a year.
Meanwhile, Iranian proxy networks have continued to launder over $2 billion through sanctioned wallets, illicit oil trade, and weapons and commodity procurement on-chain over the past few years. Iranian-backed terrorist organizations such as Lebanon's Hezbollah, Hamas , and the Houthis are also leveraging cryptocurrencies on an unprecedented scale.
The rise of Chinese money laundering networks
In 2025, Chinese Money Laundering Networks (CMLNs) became dominant in the illicit on-chain ecosystem. These sophisticated organizations built on legacy structures such as Huione Guarantee to offer a wide range of specialized services, including laundering-as-a-service, and developed into full-service criminal enterprises , assisting with a wide range of activities, from fraud and scams to North Korean hacking funding, sanctions evasion, and terrorist financing.
Full-stack rogue infrastructure providers drive cybercrime
While nation-states are increasingly using crypto assets, traditional cybercrime (ransomware, child sexual abuse content (CSAM) platforms, malware, fraud, and illegal marketplaces) remains active. Malicious actors and nation-states are increasingly relying on infrastructure providers that offer full-stack services, including domain registrars, bulletproof hosting, and other technical infrastructure.
These infrastructure providers have evolved from niche hosting resellers to integrated infrastructure platforms that can withstand takedowns, abuse reports, and sanctions enforcement, and will continue to support the expansion of financially motivated criminal and nation-state actors.
The growing intersection of cryptocurrencies and violent crime
While many people think of cryptocurrency crime as something that "contains in the virtual world," the reality is that on-chain activity is increasingly intertwined with violent crime. Cases of human trafficking using cryptocurrencies are on the rise, and violent physical threats to force the transfer of assets are occurring at the same time as cryptocurrency prices are soaring, making this particularly serious.
Cooperation between law enforcement, regulators, and cryptocurrency businesses will be essential to address these evolving and converging threats. While the overall proportion of fraudulent activity is small compared to legitimate use, vigilance is needed more than ever to ensure the health and security of the cryptocurrency ecosystem.
[1] These totals are expected to increase over the next year as we identify more illicit addresses. For reference, when we released our Cryptocurrency Crime Trends Report last year, we predicted illicit transactions in 2024 at $40.9 billion. Our latest estimate, released one year later, has significantly revised that figure to $57.2 billion. Much of this is due to the expansion of various illicit actor organizations offering on-chain infrastructure and money laundering services. Our tally typically excludes proceeds from traditional crimes (e.g., drug trafficking) that use cryptocurrencies as payment or laundering agents. While these transactions are indistinguishable from legitimate transactions in on-chain data, law enforcement can combine them with off-chain information for investigation. When confirmed, we count them as illicit.
[2] Calculation methodology for the share of fraudulent transaction volume: The numerator is the total inflow (excluding internal transfers) of all crypto assets tracked by us to known services, and the numerator is the fraudulent receipts.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient's use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claims attributable to errors, omissions, or other inaccuracies of any part of such material.
The post Cryptocurrency Crime Hits New High in 2025 as State-Sponsored Sanctions Evasion Takes Place on a Massive scale on-chain appeared first on Chainalysis .
