Subscribe to the Non-Human & AI Identity Journal

Crypto-enabled Crime

Crime that uses cryptocurrency as part of the offence, the laundering path, or both. The digital asset is usually not the primary crime itself. It is the mechanism that helps offenders move value quickly, obscure provenance, and complicate recovery and attribution.

Expanded Definition

Crypto-enabled crime is a broad umbrella term for offences in which cryptocurrency supports the criminal workflow, whether by facilitating payment, laundering proceeds, or bridging value across wallets, exchanges, and jurisdictions. It is not limited to direct crypto theft or fraud. The defining feature is that the digital asset layer helps offenders reduce friction, increase speed, and weaken traditional tracing methods. In practice, that can include ransom payment, mule-style laundering, scam proceeds conversion, sanctions evasion, or layered transfers designed to break the audit trail.

Definitions vary across vendors and law enforcement reporting, especially when the term is used to describe both predicate crime and laundering activity. For security teams, the practical boundary is whether cryptocurrency materially changes the detection, attribution, or recovery problem. Guidance such as the NIST Cybersecurity Framework 2.0 is useful here because it frames the need for governance, detection, and response without assuming a specific crime type. The most common misapplication is treating every crypto transaction as suspicious, which occurs when organisations ignore context such as customer profile, transaction pattern, and control evidence.

Examples and Use Cases

Implementing monitoring for crypto-enabled crime rigorously often introduces investigative friction, requiring organisations to weigh faster interdiction against false positives and privacy constraints.

  • Ransomware operators demand payment in cryptocurrency, then split funds across multiple wallets and services to complicate recovery and attribution.
  • Scam networks convert stolen fiat or card proceeds into crypto, move value through layering steps, and cash out through exchanges or peer-to-peer channels.
  • Fraudsters use crypto to pay overseas accomplices where traditional banking controls would slow or flag the transfer.
  • Illicit marketplaces rely on cryptocurrency as a settlement layer, then use mixers, bridges, or rapid wallet hops to obscure provenance.
  • Investigators apply blockchain analytics alongside sanctions screening and KYC signals to identify suspicious flow patterns, consistent with public-sector guidance from FinCEN and typologies discussed by INTERPOL.

Why It Matters for Security Teams

Crypto-enabled crime matters because it collapses the time available for response. Funds can move before a victim organisation finishes triage, which means incident response, fraud operations, legal review, and banking relationships must work in sync. The security impact is not only financial loss. It also includes identity exposure, account takeover, compromised credentials, and misuse of corporate or customer onboarding paths that let offenders move value under a legitimate-looking profile.

For teams that manage IAM, KYC, or NHI controls, the identity connection is direct: weak account assurance, poor wallet attribution, and missing beneficiary verification make laundering easier. For teams operating in regulated environments, crypto-enabled crime can trigger obligations around suspicious activity reporting, sanctions screening, and evidence retention. Organisational controls should therefore combine access governance, transaction monitoring, immutable logging, and escalation playbooks rather than treating crypto as a separate niche problem. The FATF recommendations are especially relevant where virtual assets intersect with AML controls and travel-rule expectations. Organisations typically encounter the full operational cost only after funds have moved across multiple hops, at which point crypto-enabled crime becomes impossible to address as a simple fraud case.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack surface, NIST CSF 2.0, NIST SP 800-63 and NIST AI RMF set the technical controls, and DORA define the regulatory obligations.

Framework Control / Reference Relevance
NIST CSF 2.0 GV.OC, DE.CM, RS.RP Defines governance, monitoring, and response outcomes relevant to crypto-enabled crime.
NIST SP 800-63 IAL2, AAL2 Identity assurance levels help reduce account misuse that often underpins crypto-enabled crime.
OWASP Non-Human Identity Top 10 NHI governance is relevant when automated wallets, bots, or service accounts move value.
NIST AI RMF GOVERN Risk governance applies where analytics or AI assist with detecting suspicious crypto activity.
DORA Operational resilience obligations matter when crypto-linked crime impacts financial service continuity.

Establish monitoring and response playbooks that detect unusual value movement and trigger rapid escalation.