National-Level Players Enter the Game: The 2025 Revelation of Cryptocurrency Crime Spiraling Out of Control

Original Author: Chainalysis

Original Compilation: Chopper, Foresight News

In 2025, we observed a significant increase in cryptocurrency-related activities at the national level, marking a new mature stage in the development of the illegal on-chain ecosystem. Over the past few years, the professionalization of the cryptocurrency crime sector has deepened; illegal organizations have now established large-scale on-chain infrastructure to support transnational criminal networks in procuring goods and services and laundering proceeds from crypto crimes. Against this backdrop, governments have also begun to enter this field, leveraging these mature professional service providers on one hand, while building their own customized infrastructure on the other to evade sanctions on a large scale. As governments connect to this cryptocurrency supply chain originally built for cybercriminals and organized crime groups, government agencies, compliance, and security teams now face severe challenges in terms of consumer rights protection and national security.

What are the specific on-chain manifestations of these trends and other industry changes? Next, we will analyze them by combining data and macro trends.

According to our monitoring data, the scale of funds flowing into illegal cryptocurrency addresses in 2025 reached at least $154 billion, a sharp increase of 162% year-on-year. This growth was primarily driven by a surge in fund inflows to sanctioned entities, which soared by 694% year-on-year. However, even excluding the growth from sanctioned entities, 2025 was still a record year for cryptocurrency crime, as the scale of the vast majority of illegal activities increased.

Nevertheless, the scale of these illegal transactions still pales in comparison to the overall cryptocurrency economy, as the main participants in the cryptocurrency market remain legitimate transactions. According to our estimates, although the proportion of illegal transactions in the total traceable cryptocurrency transaction volume in 2025 increased slightly compared to 2024, it remained below 1%.

As shown in the figure below, we also observed a continuous shift in the types of assets involved in cryptocurrency crimes.

Over the past few years, stablecoins have gradually become the dominant asset in illegal transactions, currently accounting for 84% of the total illegal transaction volume. This trend aligns with the overall development characteristics of the cryptocurrency ecosystem: with advantages such as convenient cross-border transfers, low volatility, and wide application scenarios, stablecoins continue to expand their share in the overall cryptocurrency transactions.

The following sections will delve into the core trends that defined the cryptocurrency crime landscape in 2025, which remain worthy of attention in the future.

National-Level Threats Drive Transaction Scale: North Korea Sets New Record in Theft, Russia's A7A5 Token Facilitates Large-Scale Sanction Evasion

In 2025, stolen funds remained a major threat to the cryptocurrency ecosystem, with hacking groups linked to North Korea alone stealing $2 billion. This figure was primarily driven by several highly destructive large-scale hacking incidents, the most notable of which was the attack on the Bybit exchange in February. The incident involved nearly $1.5 billion, making it the largest digital asset theft in the history of cryptocurrency. Although North Korean hackers have long been a major force threatening the cryptocurrency ecosystem, the past year set new records both in terms of the amount stolen and the sophistication of intrusion and money laundering methods.

Particularly noteworthy is that the scale of on-chain activities by governments reached unprecedented levels in 2025. Russia introduced relevant legislation in 2024 to promote the use of cryptocurrencies to evade sanctions, and this measure was officially implemented in February 2025. The country launched the ruble-backed token A7A5, which achieved a transaction volume of over $93.3 billion in less than a year since its launch.

Meanwhile, over the past few years, Iran's proxy networks have conducted money laundering, illegal oil transactions, and bulk commodity procurement for weapons through confirmed wallet addresses that have been placed on the sanctions list, with a cumulative transaction volume exceeding $2 billion. Despite multiple military strikes, Iran-supported terrorist groups such as Hezbollah, Hamas, and the Houthis continue to use cryptocurrencies on an unprecedented scale.

In 2025, Chinese money laundering networks emerged as a dominant force in the illegal on-chain ecosystem. These organizations operate with high precision, greatly driving the diversification and professionalization of cryptocurrency crimes, offering specialized criminal services including "money laundering services." Building on early illegal operation models such as "Huiyin Guarantee," these networks have established full-service criminal enterprises, covering areas such as fraud, scams, laundering proceeds from North Korean hacking thefts, sanction evasion, and terrorism financing.

Full-Stack Illegal Infrastructure Providers Fuel Malicious Network Activities

While governments are increasing their use of cryptocurrencies, traditional cybercrime activities remain rampant: ransomware operators, child sexual abuse and cybercrime platforms, malware distributors, scammers, and illegal trading markets still rely on extensive support networks to maintain operations. Illegal actors and governments are increasingly dependent on full-stack on-chain infrastructure providers, including domain registrars, secure and reliable hosting services, and other technical infrastructure that can be used to carry out malicious network activities.

These infrastructure providers have evolved into comprehensive infrastructure platforms capable of resisting platform takedowns, abuse complaints, and sanction enforcement. As the scale of these services continues to expand, they may become key drivers in expanding the scope of malicious network activities for economic crime and state-supported forces.

The Increasing Correlation Between Cryptocurrency and Violent Crime

In the perception of many, cryptocurrency crime is still confined to the virtual world. The masterminds are merely anonymous figures hiding behind keyboards, posing no real-world threat. However, in reality, the connection between on-chain activities and violent crime is deepening. Human trafficking groups are increasingly using cryptocurrencies for transactions; at the same time, disturbingly, the number of violent coercion attacks has risen significantly, with criminals using violent means to force victims to transfer crypto assets, and such assaults often occur during peak cryptocurrency price periods.

Looking ahead, collaboration between law enforcement agencies, regulatory bodies, and cryptocurrency companies will be key to addressing these complex, ever-changing, and interconnected threats. Although the proportion of illegal transactions in legitimate cryptocurrency transaction volume remains limited, maintaining the integrity and security of the cryptocurrency ecosystem has never been more important.