Disclaimer: Information found on CryptoreNews is those of writers quoted. It does not represent the opinions of CryptoreNews on whether to sell, buy or hold any investments. You are advised to conduct your own research before making any investment decisions. Use provided information at your own risk.
CryptoreNews covers fintech, blockchain and Bitcoin bringing you the latest crypto news and analyses on the future of money.
According to a report by TRM, the illicit use of cryptocurrency has surged following a period of consistent decrease.
Although the increasingly professional malicious actors’ cryptocurrency surged to $158 billion in 2025, it still represents a diminishing portion of the total digital assets activity.
Ari Redbord, Global Head of Policy at TRM Labs, mentioned that the 1.2% of crypto volume deemed illicit is his primary concern. (CoinDesk)
Key points to note:
Related Posts
- A recent report from TRM Labs indicates that illicit activities have risen again after a period of decline, although the proportion of total digital assets volume they constitute continues to diminish.
- The perpetrators are far more advanced — encompassing state-sponsored sanction evasion systems and international networks that launder the proceeds from crypto thefts.
In this article
ETH$2,988.15◢2.30%
According to a report by TRM Labs analyzing data from 2025, criminal entities accumulated $158 billion in digital assets last year, marking a notable rise in the value of illicit activity after years of decline.
STORY CONTINUES BELOWStay updated with the latest stories.Subscribe to the State of Crypto Newsletter today. View all newslettersSign me up
Nevertheless, the increase in the total still signifies a persistent decline in the fraction of overall crypto activity associated with malicious actors (1.2% of volume), the report stated, and the individuals behind it are becoming increasingly professionalized state-supported operations backed by elaborate infrastructure.
"We observed approximately four trillion dollars in stablecoin activity in 2025, which illustrates how rapidly the legitimate ecosystem is expanding," stated Ari Redbord, global head of policy for TRM. "Despite that growth, illicit activities still constituted only about 1.2% of total volume. Nonetheless, that 1.2% is critical and occupies most of my thoughts — ransomware attacks on hospitals, seniors losing their life savings to scams, and state actors like North Korea utilizing crypto to finance weapon programs."
The report arrives as the usage of crypto for illicit finance is a key topic being discussed by U.S. lawmakers who are developing legislation for the crypto market structure. Democrats have pushed for more robust protections against criminal activities than were included in earlier versions of the bill being evaluated in two Senate committees. To date, the two parties have yet to reach an agreement on a version that satisfies both sides, despite a hearing still scheduled for Thursday in the Senate Agriculture Committee. If that hearing proceeds, illicit finance will remain a prominent issue.
A significant surge in crypto activity related to sanctions was "largely driven by flows linked to Russia," according to TRM, which reported that $72 billion transacted through the ruble-backed stablecoin A7A5 and that the wallet cluster identified as A7 may be associated with over $39 billion in evasion of Russian sanctions.
"While networks associated with Russia predominantly fueled sanctions-related crypto volume, the more significant transformation was the establishment of crypto rail systems by other sanctioned entities," the report noted, highlighting activities in Venezuela and China.
Regarding crypto hacking, incidents in this area resulted in nearly $3 billion in losses in 2025, surpassing the dollar amount of the previous year, although around half of this figure resulted from a single attack on Bybit in February. While hacks and exploits totaled 150 thefts for the year, the impact was heavily concentrated on a few larger incidents.
"Advanced actors, particularly those associated with North Korea (DPRK), are no longer merely exploiting vulnerabilities in code — they are undermining the operational foundations of crypto asset services and the ecosystems surrounding them," the report stated. Infrastructure attacks accounted for the majority of the losses.
North Korean hacking operations are utilizing "Chinese laundromats" to transfer stolen assets into the hands of subcontracted money launderers who employ chain-hopping and fragmentation to complicate tracking, as per TRM. "This professionalization complicates recovery, as the quicker stolen assets can be funneled through layered intermediaries, the shorter the window for interdiction," the report concluded.
