CyberHappenings logo
Home Browse Watchlists Experimental About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Record $158bn in Illicit Crypto Activity in 2025

First reported
Last updated
2 unique sources, 2 articles

Summary

Hide ▲

Illicit crypto wallets received an estimated $158bn in 2025, marking the highest level observed in five years. This represents a 145% increase from the previous year, driven by factors such as sanctions-evading activity, improved detection methods, large-scale hacks, and increased enforcement by stablecoin issuers. Despite the rise in absolute terms, illicit activity as a share of total blockchain flows declined to 1.2% in 2025, indicating a smaller proportion of new capital entering the crypto ecosystem being absorbed by bad actors. The increase in illicit activity was attributed to several factors, including a surge in sanctions-evading activity by countries like Venezuela, Iran, and Russia, improved identification of illegal crypto activity through the Beacon Network, and large-scale hacks such as the raid of Bybit by North Korean actors. Additionally, there was growth in blocklisted activity across multiple crime types, including sanctions evasion, terrorism financing, fraud, and hacking. Despite the significant increase in illicit activity, the proportion of illicit activity relative to total blockchain flows has decreased, suggesting that bad actors are absorbing a smaller share of new capital entering the crypto ecosystem.

Timeline

  1. 12.01.2026 12:15 2 articles · 19d ago

    Record $158bn in Illicit Crypto Activity in 2025

    Illicit crypto wallets received an estimated $158bn in 2025, marking the highest level observed in five years. This represents a 145% increase from the previous year, driven by factors such as sanctions-evading activity, improved detection methods, large-scale hacks, and increased enforcement by stablecoin issuers. Despite the rise in absolute terms, illicit activity as a share of total blockchain flows declined to 1.2% in 2025, indicating a smaller proportion of new capital entering the crypto ecosystem being absorbed by bad actors. The increase was attributed to a surge in sanctions-linked crypto activity, expanded use of cryptocurrency by nation-states, improved attribution and faster intelligence sharing, and increased hacking, scams, and ransomware activities.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Record $17bn in Crypto Losses Driven by Impersonation Fraud

Cryptocurrency-related fraud losses reached a record high of $17bn in 2025, driven by impersonation tactics and AI tooling. The increase in fraud is attributed to sophisticated Asian crime networks and the growing use of AI in scams. The value of individual scam payments surged by 253% year-on-year, with impersonation fraud growing by 1400% in volume and related payments increasing by over 600%. Law enforcement has made significant strides in combating these frauds, including the conviction of fraud kingpin Zhimin Qian and the seizure of $15bn in proceeds linked to scam activity. The industrialization of fraud is evident in the commercialization of sophisticated tools and the professionalization of distinct actors, including developers, data brokers, spammers, thieves, and administrators. These actors contribute to the growing threat posed by crypto fraud.

Open in new tab

Illicit Cryptocurrency Transactions Surge 160% in 2025

Illicit cryptocurrency transactions surged by over 160% in 2025, totaling at least $154 billion. This growth was primarily driven by sanctioned countries like Russia, Iran, and North Korea, which increasingly use digital currencies to evade financial blockades. Russia's ruble-backed A7A5 token, launched in 2025, contributed significantly to this surge, accounting for $93 billion in transactions. The rise in illicit crypto activity is also fueled by cybercrime, with stablecoins becoming the preferred medium for illicit transactions due to their stability and ease of transfer.

Open in new tab

North Korean Hackers Steal $2 Billion in Cryptocurrency in 2025

North Korean hackers have stolen approximately $2.02 billion in cryptocurrency in 2025, the highest annual total recorded. This theft is part of a broader campaign to fund nuclear weapons development. The largest single heist was the Bybit hack in February, which accounted for $1.5 billion. The tactics used by these hackers have evolved to include more sophisticated laundering techniques and a shift towards targeting individuals and exchange employees through social engineering. The 2025 total so far is triple last year’s figure and beats 2022’s record of $1.35bn, which came on the back of attacks against Ronin Network and Harmony Bridge. The total amount stolen by North Korean hackers since 2017 exceeds $6.75 billion. Other notable breaches include LND.fi, WOO X, Seedify, and BitoPro. The Lazarus Group stole an estimated $11 million from BitoPro. The actual stolen amount may be higher due to difficulties in attribution and unreported incidents. Recently, five individuals pleaded guilty to aiding North Korea's illicit revenue generation schemes, including remote IT worker fraud and cryptocurrency theft. The U.S. authorities seek the forfeiture of $15 million in cryptocurrency from heists carried out by the APT38 threat group, which is linked to the Lazarus hacking group.

Open in new tab

Interpol-led Operation HAECHI VI Seizes $439 Million in Global Cybercrime Crackdown

Interpol and 40 countries' law enforcement agencies seized $439 million in cash and cryptocurrency during Operation HAECHI VI, a five-month operation targeting cyber-enabled financial crimes. The operation, conducted between April and August 2025, involved a wide range of criminal activities, including voice phishing, investment fraud, e-commerce fraud, online sextortion, business email compromise, romance scams, and money laundering. The operation resulted in the seizure of 400 cryptocurrency wallets, blocking of 68,000 bank accounts, and the arrest of 45 suspects in Portugal. Additionally, Thai police seized $6.6 million transferred by a Japanese corporation into accounts controlled by a transnational organized crime group. This operation is part of a series of global efforts to combat cyber-enabled financial crimes, with previous operations HAECHI V and HAECHI IV also resulting in significant seizures and arrests.

Open in new tab

Large-scale Africa-wide cybercrime crackdown arrests over 1,200 suspects

Operation Serengeti 2.0, an INTERPOL-led international operation, resulted in the arrest of 1,209 cybercriminals across Africa. The operation targeted cross-border cybercrime gangs involved in ransomware, online scams, and business email compromise (BEC). The operation, conducted from June to August 2025, involved law enforcement from 18 African countries and the UK. Authorities seized $97.4 million and dismantled 11,432 malicious infrastructures linked to attacks on 88,000 victims worldwide. Following this, Operation Sentinel, conducted between October 27 and November 27, 2025, led to the arrest of 574 individuals and the recovery of $3 million linked to business email compromise, extortion, and ransomware incidents. The operation took down more than 6,000 malicious links and decrypted six distinct ransomware variants. The cybercrime cases investigated are connected to more than $21 million in financial losses. The operations were supported by data from private sector partners, including Cybercrime Atlas, Fortinet, Group-IB, Kaspersky, The Shadowserver Foundation, Team Cymru, Trend Micro, TRM Labs, and Uppsala Security. Cybercrime now accounts for 30% of all reported crime in Western and Eastern Africa and is increasing rapidly elsewhere on the continent. Interpol's 2025 Africa Cyberthreat Assessment Report noted that two-thirds of African member countries claim cyber-related offenses now account for a 'medium-to-high' (i.e., 10-30% or 30%+) share of all crimes. Interpol director of cybercrime, Neal Jetton, warned that the scale and sophistication of cyber-attacks across Africa are accelerating, especially against critical sectors like finance and energy.

Open in new tab