TL;DR: Illicit cryptocurrency addresses received at least $154 billion in 2025, a 162% year-over-year increase driven largely by a 694% rise in value received by sanctioned entities, according to Chainalysis. The data shows crypto crime is becoming more professionalized, with sanctions evasion, laundering services, and nation-state activity now operating as a linked ecosystem rather than isolated events.
NHIMG editorial — based on content published by Chainalysis: The Chainalysis 2026 Crypto Crime Report
By the numbers:
- Illicit cryptocurrency addresses received at least $154 billion in 2025.
- This represents a 162% increase year-over-year (YoY).
- Stablecoins now account for 84% of all illicit transaction volume.
Questions worth separating out
Q: What breaks when illicit crypto activity is monitored only by wallet address?
A: Address-only monitoring misses the service relationships, routing patterns, and infrastructure reuse that let illicit actors keep moving value after one wallet is blocked.
Q: Why do stablecoins matter so much in crypto crime governance?
A: Stablecoins reduce friction because they combine fast transferability, low volatility, and broad utility, which helps illicit actors preserve value while moving across jurisdictions.
Q: What do security teams get wrong about sanctions evasion in crypto?
A: They often treat sanctions evasion as a single enforcement problem instead of a multi-party operating model.
Practitioner guidance
- Map high-risk on-chain counterparties Create a current inventory of wallets, services, and intermediaries that repeatedly touch sanctioned or illicit exposure.
- Separate asset monitoring from behaviour monitoring Track counterparty reuse, transfer timing, and service chaining alongside asset class so that stablecoin activity is assessed in context, not just by token type.
- Review third-party service dependencies Treat laundering, hosting, domain, and exchange integrations as governed dependencies with explicit ownership, review cadence, and offboarding criteria.
What's in the full report
Chainalysis' full 2026 Crypto Crime Report covers the operational detail this post intentionally leaves for the source:
- Year-by-year breakdowns of illicit volume by category, including sanctions, theft, ransomware, and laundering.
- The report's method notes for lower-bound estimation and how identified illicit addresses are counted.
- The full trend analysis behind nation-state activity, including DPRK, Russia's A7A5 token, and Iran-linked activity.
- Additional context on violent coercion, trafficking, and how off-chain evidence affects classification.
Crypto crime in 2025: what the sanctions and laundering data means?
Explore further
Crypto crime has become an identity and access governance problem as much as a financial crime problem. The report shows illicit actors increasingly rely on durable service relationships, delegated operational trust, and repeatable infrastructure. That means the control question is no longer only where money moved, but who had persistent access to the services that enabled movement. For practitioners, that shifts the governance lens toward lifecycle control over intermediaries and non-human service dependencies.
A question worth separating out:
Q: Who is accountable when illicit infrastructure services support sanctioned activity?
A: Accountability usually spans the service provider, the customer-facing platform, and the compliance function that failed to interrupt repeated high-risk access or transaction patterns. Frameworks such as NIST SP 800-53 Rev 5 Security and Privacy Controls and zero trust thinking both point to the need for clearer ownership, review, and boundary enforcement.
👉 Read our full editorial: Crypto crime’s 2025 record shows sanctions evasion is scaling