**Crypto Crime Hits Record Levels as State Actors Move Billions**
2025 marked a significant shift in the world of cryptocurrency crime, with illicit activity reaching unprecedented levels. Research from Chainalysis reveals that nation-state involvement has increased, signaling a new era in how on-chain crime operates.
The data shows that crypto-related crime has become more organized over recent years, with illicit groups running large-scale on-chain infrastructure to support cross-border criminal networks, procure services, and launder funds. This same infrastructure is being used by state actors, both through established professional service providers and custom-built systems designed to evade sanctions.
Illicit Transaction Value Reaches a Record
The report notes that wallets identified as being associated with illicit activity received at least $154 billion in cryptocurrency during 2025. This figure represents a staggering 162% increase from 2024 and is the highest annual total recorded in this research.
It's essential to note that this estimate reflects transactions tied to wallets identified at the time of analysis, and the actual figure may be higher as additional illicit addresses are discovered. Illicit activity accounted for less than one percent of total cryptocurrency transaction volume during the year, highlighting the relative security of most crypto transactions.
Stablecoins Dominance in Illicit Activity
The report states that stablecoins were used in 84% of illicit transaction volume in 2025, making them the most commonly used asset in illicit on-chain activity. This is likely due to their widespread use in cross-border transactions and frequent appearance in illicit cryptocurrency activity.
North Korean-Linked Hacking Groups Steal Billions
The largest single incident involved the exploit of the Bybit exchange, which resulted in losses of nearly $1.5 billion. This event is identified as one of the largest on-chain thefts recorded. Russian-linked activity also appeared in the data, with a ruble-backed stablecoin known as A7A5 processing over $93 billion in on-chain transactions within its first year.
These transactions were associated with sanctions evasion and financial flows involving restricted entities. Iranian-aligned networks were also linked to criminal use of cryptocurrency, with wallets connected to sanctioned Iranian entities processing over $2 billion in cryptocurrency. The activity was tied to oil sales, procurement, and related transactions.
Chinese Money Laundering Networks Expand Role
Chinese money laundering networks played an expanded role during 2025 by providing services that support the movement and conversion of illicit funds. These services appeared in connection with multiple forms of illicit activity, including fraud schemes, scam operations, activity linked to state-associated hacking groups, and transactions involving sanctioned entities and designated organizations.
Crypto Crime Moves Beyond the Screen
The report highlights growing connections between on-chain activity and violent crime. Human trafficking operations have turned to cryptocurrency, and physical coercion attacks have become more common, with criminals using violence to force victims to transfer assets. In some cases, attackers timed these assaults to coincide with periods of elevated crypto prices.
While nation-state activity generated headlines, conventional cybercriminal operations persisted through 2025. The ecosystem still contained ransomware operators, malware distribution networks, fraud rings, and darknet marketplaces that moved funds across jurisdictions.
These cybercriminals rely on a complex web of infrastructure, including domain registration services and hosting platforms that resist takedowns and enforcement. As the crypto space continues to evolve, it's essential for law enforcement and regulatory bodies to adapt and stay ahead of these emerging threats.