Subscribe to the Non-Human & AI Identity Journal
Home Glossary Cyber Security Crypto-enabled Crime
Cyber Security

Crypto-enabled Crime

← Back to Glossary
By NHI Mgmt Group Updated July 11, 2026 Domain: Cyber Security

Crime that uses cryptocurrency as part of the offence, the laundering path, or both. The digital asset is usually not the primary crime itself. It is the mechanism that helps offenders move value quickly, obscure provenance, and complicate recovery and attribution.

Expanded Definition

Crypto-enabled crime is a broad umbrella term for offences in which cryptocurrency supports the criminal workflow, whether by facilitating payment, laundering proceeds, or bridging value across wallets, exchanges, and jurisdictions. It is not limited to direct crypto theft or fraud. The defining feature is that the digital asset layer helps offenders reduce friction, increase speed, and weaken traditional tracing methods. In practice, that can include ransom payment, mule-style laundering, scam proceeds conversion, sanctions evasion, or layered transfers designed to break the audit trail.

Definitions vary across vendors and law enforcement reporting, especially when the term is used to describe both predicate crime and laundering activity. For security teams, the practical boundary is whether cryptocurrency materially changes the detection, attribution, or recovery problem. Guidance such as the NIST Cybersecurity Framework 2.0 is useful here because it frames the need for governance, detection, and response without assuming a specific crime type. The most common misapplication is treating every crypto transaction as suspicious, which occurs when organisations ignore context such as customer profile, transaction pattern, and control evidence.

Examples and Use Cases

Implementing monitoring for crypto-enabled crime rigorously often introduces investigative friction, requiring organisations to weigh faster interdiction against false positives and privacy constraints.

  • Ransomware operators demand payment in cryptocurrency, then split funds across multiple wallets and services to complicate recovery and attribution.
  • Scam networks convert stolen fiat or card proceeds into crypto, move value through layering steps, and cash out through exchanges or peer-to-peer channels.
  • Fraudsters use crypto to pay overseas accomplices where traditional banking controls would slow or flag the transfer.
  • Illicit marketplaces rely on cryptocurrency as a settlement layer, then use mixers, bridges, or rapid wallet hops to obscure provenance.
  • Investigators apply blockchain analytics alongside sanctions screening and KYC signals to identify suspicious flow patterns, consistent with public-sector guidance from FinCEN and typologies discussed by INTERPOL.

Why It Matters for Security Teams

Crypto-enabled crime matters because it collapses the time available for response. Funds can move before a victim organisation finishes triage, which means incident response, fraud operations, legal review, and banking relationships must work in sync. The security impact is not only financial loss. It also includes identity exposure, account takeover, compromised credentials, and misuse of corporate or customer onboarding paths that let offenders move value under a legitimate-looking profile.

For teams that manage IAM, KYC, or NHI controls, the identity connection is direct: weak account assurance, poor wallet attribution, and missing beneficiary verification make laundering easier. For teams operating in regulated environments, crypto-enabled crime can trigger obligations around suspicious activity reporting, sanctions screening, and evidence retention. Organisational controls should therefore combine access governance, transaction monitoring, immutable logging, and escalation playbooks rather than treating crypto as a separate niche problem. The FATF recommendations are especially relevant where virtual assets intersect with AML controls and travel-rule expectations. Organisations typically encounter the full operational cost only after funds have moved across multiple hops, at which point crypto-enabled crime becomes impossible to address as a simple fraud case.

Standards & Framework Alignment

This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.

OWASP Non-Human Identity Top 10 address the attack surface, NIST CSF 2.0, NIST SP 800-63 and NIST AI RMF set the technical controls, and DORA define the regulatory obligations.

FrameworkControl / ReferenceRelevance
NIST CSF 2.0GV.OC, DE.CM, RS.RPDefines governance, monitoring, and response outcomes relevant to crypto-enabled crime.
NIST SP 800-63IAL2, AAL2Identity assurance levels help reduce account misuse that often underpins crypto-enabled crime.
OWASP Non-Human Identity Top 10NHI governance is relevant when automated wallets, bots, or service accounts move value.
NIST AI RMFGOVERNRisk governance applies where analytics or AI assist with detecting suspicious crypto activity.
DORAOperational resilience obligations matter when crypto-linked crime impacts financial service continuity.

Establish monitoring and response playbooks that detect unusual value movement and trigger rapid escalation.

NHIMG Editorial Note
Reviewed and updated by the NHIMG editorial team on July 11, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org