North Korea, Russia, and Stablecoins Fuel $154B Illicit Crypto Surge: Chainalysis

Chainalysis reported illicit crypto surged 162% in 2025, led by sanctioned entities, North Korean hacks, Russian tokens, and laundering networks.

Illicit cryptocurrency activity surged to record levels in 2025, as criminal-linked addresses received at least $154 billion over the year.

According to blockchain analytics firm Chainalysis, this is a 162% increase compared with 2024 and reflects sharp growth across nearly all major categories of crypto-related crime.

Sanctions Evasion Accelerates

In a report shared with CryptoPotato, Chainalysis revealed that the increase was driven primarily by a 694% year-over-year jump in value received by sanctioned entities, though it acknowledged that even without this factor, 2025 would still have been the largest year on record for illicit crypto activity as expansion in scams, hacking, money laundering, and other offenses continues.

Despite the sharp rise in absolute terms, illicit transactions continued to represent a small fraction of overall crypto activity. The estimated illicit share of attributed transaction volume remained below 1%, only slightly higher than the previous year and still dwarfed by legitimate on-chain use.

Meanwhile, stablecoins now account for 84% of all illicit transaction volume, owing to ease of transfer, lower volatility, and practical utility for cross-border payments.

Among the most significant developments in 2025 was the expanding role of nation-state actors, particularly North Korea. DPRK-affiliated hackers stole almost $2 billion in cryptocurrency over the year, as a result of a series of large-scale breaches, including the February Bybit exploit, which Chainalysis identified as the largest crypto theft on record at nearly $1.5 billion.

The firm said North Korean cyber operations reached new levels of sophistication in both intrusion techniques and laundering strategies, which made 2025 the most damaging year yet from DPRK-linked activity.

You may also like:

Nation-state on-chain behavior also expanded through Russia’s launch of the ruble-backed A7A5 token in February 2025, following legislation passed the previous year to facilitate crypto-based sanctions evasion. The token processed more than $93.3 billion in transactions within its first year of operation.

At the same time, Iranian proxy networks moved more than $2 billion on-chain through sanctioned wallets to support activities including money laundering, illicit oil sales, and procurement of arms and commodities. Additionally, Iran-aligned terror groups such as Hezbollah, Hamas, and the Houthis used cryptocurrency at volumes not previously seen.

Laundering Networks, Illicit Infrastructure, Violence

Beyond state-linked actors, Chainalysis identified Chinese money laundering networks as an increasingly dominant force. The firm described them as sophisticated, professionalized operations offering laundering-as-a-service and full-spectrum criminal support to scams, fraud rings, North Korean hackers, sanctions evaders, and terrorist financiers.

Another trend that defined crypto crime last year is the growing importance of “full-stack” illicit infrastructure providers, which enable ransomware groups, malware distributors, illicit marketplaces, and state-aligned actors to operate at scale. This includes bulletproof hosting services, domain registrars, and technical platforms designed to resist takedowns.

The report also documented a rising intersection between crypto activity and violent crime. This has been attributed to the increased use of crypto by human trafficking operations and a surge in physical coercion attacks in which victims are violently forced to transfer digital assets, often during periods of elevated crypto prices.