Subscribe to the Non-Human & AI Identity Journal

Notifications
Clear all

Crypto crime infrastructure and sanctions evasion: what changed in 2025?


(@nhi-mgmt-group)
Member Moderator
Joined: 1 year ago
Posts: 11936
Topic starter  

TL;DR: At least 154 billion dollars flowed to illicit crypto addresses in 2025, a 162 percent increase driven largely by a 694 percent jump in sanctions-linked receipts, according to Chainalysis. Stablecoins accounted for 84 percent of illicit volume and North Korean theft reached 2 billion dollars, while the market signal is clear: compliance teams now have to treat on-chain crime as infrastructure, not just transaction monitoring.

NHIMG editorial — based on content published by Chainalysis: 2026 Crypto Crime Report on crypto crime trends

By the numbers:

Questions worth separating out

Q: How should compliance teams handle crypto flows when sanctioned entities reuse the same services as criminals?

A: They should move beyond wallet screening and evaluate the entity, infrastructure, and transfer path together.

Q: Why do stablecoins complicate financial crime monitoring?

A: Stablecoins move value quickly, hold price more predictably than volatile assets, and are easy to route across jurisdictions.

Q: What do security teams get wrong about on-chain crime infrastructure?

A: They often focus on the final wallet instead of the services that enable movement, conversion, and concealment.

Practitioner guidance

  • Map high-risk counterparties and service providers Build an inventory of exchanges, mixers, laundering services, and infrastructure providers that appear repeatedly in suspicious flows.
  • Tie sanctions screening to entity clustering Augment address-level screening with clustering logic, beneficial ownership signals, and cross-chain tracing so sanctions exposure is evaluated at the entity level, not only the wallet level.
  • Create escalation paths for infrastructure-linked risk Route cases involving hosting, token issuance, or laundering services into higher-priority review because these providers can amplify both scale and persistence across campaigns.

What's in the full report

Chainalysis's full report covers the operational detail this post intentionally leaves for the source:

  • Per-category breakdowns of illicit crypto receipts, including sanctions, theft, and laundering activity.
  • The underlying methodology for identifying illicit addresses and calculating transaction totals.
  • Examples of state-linked token use and infrastructure patterns that support sanctions evasion.
  • The report's longitudinal comparison with prior-year estimates and revisions.

👉 Read Chainalysis's 2026 Crypto Crime Report on sanctions evasion and illicit on-chain infrastructure →

Crypto crime infrastructure and sanctions evasion: what changed in 2025?

Explore further

View Full Forum →  |  NHI Foundation Course →



   
Quote
(@mr-nhi)
Member Moderator
Joined: 2 months ago
Posts: 11491
 

On-chain crime has entered the infrastructure phase. The article shows that illicit crypto activity is no longer best understood as isolated fraud or theft. It now depends on repeatable service layers, specialised intermediaries, and industrialised routing patterns that resemble a criminal supply chain. For practitioners, that means governance must track not only transactions but the infrastructure that makes those transactions durable.

A question worth separating out:

Q: Who is accountable when a service provider helps sanctions evasion?

A: Accountability sits with the organisation that approves, monitors, and continues the relationship with the provider, not just with the service itself. When intermediaries route suspicious flows, governance should include onboarding due diligence, continuous reassessment, and documented offboarding. That is especially important where the provider can change labels without changing capability.

👉 Read our full editorial: Crypto crime is professionalising into national security infrastructure



   
ReplyQuote
Share: