Rise of Stablecoins as the Preferred Currency for Online Criminals
Cybercriminals are increasingly turning to stablecoins, particularly those pegged to the U.S. dollar, as their preferred medium for illicit transactions. This shift is driven by the predictability and convenience that stablecoins offer compared to more volatile cryptocurrencies like Bitcoin. According to Jacqueline Burns Koven, head of cyberthreat intelligence at Chainalysis, stablecoins now account for 63% of all illicit crypto transactions, marking a significant change from previous years when Bitcoin dominated the criminal landscape due to its liquidity. The surge in stablecoin usage is not limited to illegal activities; legitimate uses such as remittances, cross-border payments, and value storage have also contributed to a 77% year-over-year growth in 2024. However, the same features that make stablecoins attractive for legal purposes—liquidity, accessibility, and price stability—also appeal to cybercriminals seeking to scale theft and fraud operations. Law enforcement agencies are adapting their investigative techniques in response to this trend, moving from traditional post-fact subpoenas to real-time blockchain tracking to keep pace with the speed and cross-chain capabilities of stablecoin transactions. The design of stablecoins, which are typically backed by reserves or stabilization mechanisms, ensures that their value remains close to $1, providing criminals with confidence that their illicit gains will not be eroded by market volatility. This predictability is particularly valuable for large-scale operations, where even minor fluctuations in value could result in significant losses. The increased use of stablecoins in cybercrime has prompted greater collaboration between law enforcement, the private sector, and blockchain analytics firms. Investigators are leveraging advanced chain analysis tools to trace the flow of stablecoins across multiple platforms and identify patterns indicative of criminal activity. The transition to stablecoins has also highlighted the need for enhanced regulatory frameworks and compliance measures within the cryptocurrency ecosystem. Financial institutions and exchanges are under pressure to implement robust anti-money laundering (AML) and know-your-customer (KYC) protocols to detect and prevent the movement of illicit funds. The evolving threat landscape underscores the importance of continuous monitoring and intelligence sharing among stakeholders. As stablecoins become more entrenched in both legitimate and criminal financial systems, the challenges for law enforcement and cybersecurity professionals will continue to grow. The ability to track and interdict illicit stablecoin transactions in real time is now a critical component of modern cybercrime investigations. This development represents a fundamental shift in the tactics and tools used by both criminals and those tasked with stopping them. The rise of stablecoins as the currency of choice for online criminals is reshaping the dynamics of cyber-enabled financial crime and necessitating a coordinated, technology-driven response.
Timeline
Oct 7, 2025
ISMG reports stablecoins are becoming a preferred currency for online criminals
An Oct. 7, 2025 report by ISMG outlets GovInfoSecurity and BankInfoSecurity highlighted the growing use of stablecoins by cybercriminals. The provided references do not describe a specific discrete incident, victim, enforcement action, or dated development beyond publication of this reporting.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Criminal Use and Seizure of Cryptocurrency Assets
Illicit actors continue to hold and move significant amounts of cryptocurrency, with on-chain balances linked to criminal activity now exceeding $75 billion. According to blockchain analytics, nearly $15 billion is directly held by entities identified as illicit, with stolen funds representing the largest share of these holdings. Downstream wallets, which have received more than 10% of their inflows from illicit sources, collectively hold over $60 billion, indicating that the reach of criminal proceeds extends far beyond the original perpetrators. Darknet market administrators and vendors alone control over $40 billion in on-chain value, highlighting the scale of underground digital economies. Bitcoin remains the dominant cryptocurrency among illicit balances, accounting for 75% of the total, though stablecoins and ether have seen substantial growth in criminal usage. The concentration of these funds is typically high, with a small number of wallets holding the majority of assets. Illicit actors are adapting their laundering techniques, increasingly using more cashout addresses for shorter periods to evade detection. Direct transfers from illicit entities to exchanges have dropped significantly, from about 40% of quarterly value in 2021–2022 to just 15% in Q2 2025, reflecting changes in both enforcement and criminal tactics. Law enforcement agencies, particularly in the United States, are responding by establishing strategic reserves and stockpiles of seized digital assets, and have already confiscated over $12.6 billion in illicit funds with the help of blockchain analytics firms. The timing of enforcement actions varies, with market-based illicit services tending to operate longer before being disrupted. Once illicit entities stop receiving funds, the speed at which they empty their wallets depends on the type of cryptocurrency held. Meanwhile, specific high-profile incidents continue to occur, such as the $21 million theft from SBI Crypto, a subsidiary of Japan's SBI Group. In this case, hackers stole a variety of cryptocurrencies, including bitcoin, ethereum, litecoin, dogecoin, and bitcoin cash, and laundered the proceeds through Tornado Cash, a mixing service favored by cybercriminals. Investigators noted that the tactics and laundering patterns in the SBI Crypto heist closely resembled those used by North Korean hacking groups, suggesting a possible link to Pyongyang's ongoing campaign to finance illicit activities through digital asset theft. The SBI Crypto incident is part of a broader trend, with North Korean threat actors reportedly stealing a record $2 billion in cryptocurrency so far this year. These developments underscore the persistent threat posed by sophisticated cybercriminals and nation-state actors in the cryptocurrency ecosystem, as well as the evolving strategies of both criminals and law enforcement in the battle over digital assets. The growing landscape of seizable crypto assets presents both a challenge and an opportunity for authorities seeking to disrupt illicit financial flows. As criminals refine their methods, the need for advanced analytics and coordinated international enforcement becomes increasingly critical. The ongoing arms race between cybercriminals and law enforcement is likely to shape the future of digital asset security and regulation.
1 months ago
Record Surge in Crypto Crime and Nation-State Sanctions Evasion via Blockchain
Illicit cryptocurrency activity reached unprecedented levels in 2025, with at least $154 billion in crypto flowing to addresses linked to criminal activity, according to Chainalysis. This surge was primarily driven by a dramatic increase in transactions involving sanctioned entities, which saw a 694% year-over-year rise. Nation-states have become increasingly involved, leveraging both established criminal infrastructure and developing their own on-chain systems to evade sanctions at scale. The professionalization of the illicit crypto ecosystem now enables transnational criminal networks and governments to launder funds and procure goods and services more efficiently, raising the stakes for both consumer protection and national security. Concurrently, global fraud has evolved into a strategic tool for both organized crime and hostile states, integrating advanced technical tactics such as bot farms, malware, and cryptocurrencies. Governments and private sector organizations are responding by forming international task forces to address the industrialization of fraud, which now rivals the GDP of major economies. North Korea and other pariah states are specifically cited for weaponizing cyber-enabled fraud networks to circumvent sanctions and generate revenue, further blurring the lines between traditional financial crime and cyberwarfare. The convergence of nation-state actors and criminal syndicates in the crypto space underscores the urgent need for coordinated global action to counter these threats.
1 months ago
Criminal Use of Cryptocurrency and Digital Forensics in Cybercrime Investigations
Cybercriminals increasingly leverage cryptocurrencies for illicit activities such as ransomware payments, data theft extortion, sale of network access, and the resale of credentials and exploits. The pseudonymity, global reach, speed, and irreversibility of cryptocurrency transactions make them attractive for threat actors, requiring defenders to blend advanced technical skills with traditional investigative techniques. Security professionals are advised to understand both the technical mechanisms of cryptocurrency and the investigative approaches needed to trace and counter these criminal activities, as highlighted in specialized training sessions and threat intelligence research. To effectively investigate and respond to cybercrime involving cryptocurrencies and other digital evidence, organizations rely on a suite of digital forensics tools. These tools, such as Cellebrite for mobile device analysis and Magnet Axiom for comprehensive computer forensics, enable incident response teams to uncover, analyze, and interpret digital evidence, track attacker movement, and understand adversary tactics, techniques, and procedures. Modern enhancements, including cloud-based collaboration and AI-powered analysis, further support investigators in reducing case review time and detecting sophisticated modifications, such as AI-altered images.
1 months ago