Criminal Use and Seizure of Cryptocurrency Assets
Illicit actors continue to hold and move significant amounts of cryptocurrency, with on-chain balances linked to criminal activity now exceeding $75 billion. According to blockchain analytics, nearly $15 billion is directly held by entities identified as illicit, with stolen funds representing the largest share of these holdings. Downstream wallets, which have received more than 10% of their inflows from illicit sources, collectively hold over $60 billion, indicating that the reach of criminal proceeds extends far beyond the original perpetrators. Darknet market administrators and vendors alone control over $40 billion in on-chain value, highlighting the scale of underground digital economies. Bitcoin remains the dominant cryptocurrency among illicit balances, accounting for 75% of the total, though stablecoins and ether have seen substantial growth in criminal usage. The concentration of these funds is typically high, with a small number of wallets holding the majority of assets. Illicit actors are adapting their laundering techniques, increasingly using more cashout addresses for shorter periods to evade detection. Direct transfers from illicit entities to exchanges have dropped significantly, from about 40% of quarterly value in 2021–2022 to just 15% in Q2 2025, reflecting changes in both enforcement and criminal tactics. Law enforcement agencies, particularly in the United States, are responding by establishing strategic reserves and stockpiles of seized digital assets, and have already confiscated over $12.6 billion in illicit funds with the help of blockchain analytics firms. The timing of enforcement actions varies, with market-based illicit services tending to operate longer before being disrupted. Once illicit entities stop receiving funds, the speed at which they empty their wallets depends on the type of cryptocurrency held. Meanwhile, specific high-profile incidents continue to occur, such as the $21 million theft from SBI Crypto, a subsidiary of Japan's SBI Group. In this case, hackers stole a variety of cryptocurrencies, including bitcoin, ethereum, litecoin, dogecoin, and bitcoin cash, and laundered the proceeds through Tornado Cash, a mixing service favored by cybercriminals. Investigators noted that the tactics and laundering patterns in the SBI Crypto heist closely resembled those used by North Korean hacking groups, suggesting a possible link to Pyongyang's ongoing campaign to finance illicit activities through digital asset theft. The SBI Crypto incident is part of a broader trend, with North Korean threat actors reportedly stealing a record $2 billion in cryptocurrency so far this year. These developments underscore the persistent threat posed by sophisticated cybercriminals and nation-state actors in the cryptocurrency ecosystem, as well as the evolving strategies of both criminals and law enforcement in the battle over digital assets. The growing landscape of seizable crypto assets presents both a challenge and an opportunity for authorities seeking to disrupt illicit financial flows. As criminals refine their methods, the need for advanced analytics and coordinated international enforcement becomes increasingly critical. The ongoing arms race between cybercriminals and law enforcement is likely to shape the future of digital asset security and regulation.
Timeline
Oct 9, 2025
Chainalysis reports over $75 billion in seizable criminal-linked crypto
Chainalysis reported that on-chain balances linked to criminal activity exceeded $75 billion, highlighting the expanding pool of crypto assets potentially subject to seizure. The finding reflected the growing landscape of illicitly connected digital asset holdings.
Oct 9, 2025
Abracadabra exploit drains $1.8 million from DeFi platform
DeFi lending platform Abracadabra lost about $1.8 million due to a smart contract vulnerability. The platform said user funds were reportedly not affected.
Oct 9, 2025
Shibarium bridge exploit causes $4 million loss
Shibarium was hit by a bridge exploit that led to approximately $4 million in losses. In response, the team rotated validator keys, migrated contracts, and said it planned reimbursements for affected users.
Oct 9, 2025
SBI Crypto loses $21 million in suspected North Korean heist
SBI Crypto, a subsidiary of Japan's SBI Group, suffered a theft of roughly $21 million. Reporting indicated evidence suggesting North Korean involvement in the attack.
Oct 9, 2025
Bybit hack steals $1.46 billion in cryptocurrency
A major cryptocurrency theft targeting Bybit resulted in losses of about $1.46 billion. The incident was cited as one of the heists attributed to North Korean actors in 2025.
Oct 9, 2025
North Korean-linked crypto thefts reach about $2 billion in 2025
By October 2025, North Korean threat actors were assessed to have stolen approximately $2 billion in cryptocurrency during the year, nearly triple their 2024 total. Elliptic attributed 30 crypto heists in 2025 to North Korean groups, underscoring the scale of the campaign.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Sources
Related Stories
Record Surge in Crypto Crime and Nation-State Sanctions Evasion via Blockchain
Illicit cryptocurrency activity reached unprecedented levels in 2025, with at least $154 billion in crypto flowing to addresses linked to criminal activity, according to Chainalysis. This surge was primarily driven by a dramatic increase in transactions involving sanctioned entities, which saw a 694% year-over-year rise. Nation-states have become increasingly involved, leveraging both established criminal infrastructure and developing their own on-chain systems to evade sanctions at scale. The professionalization of the illicit crypto ecosystem now enables transnational criminal networks and governments to launder funds and procure goods and services more efficiently, raising the stakes for both consumer protection and national security. Concurrently, global fraud has evolved into a strategic tool for both organized crime and hostile states, integrating advanced technical tactics such as bot farms, malware, and cryptocurrencies. Governments and private sector organizations are responding by forming international task forces to address the industrialization of fraud, which now rivals the GDP of major economies. North Korea and other pariah states are specifically cited for weaponizing cyber-enabled fraud networks to circumvent sanctions and generate revenue, further blurring the lines between traditional financial crime and cyberwarfare. The convergence of nation-state actors and criminal syndicates in the crypto space underscores the urgent need for coordinated global action to counter these threats.
1 months ago
Rise of Stablecoins as the Preferred Currency for Online Criminals
Cybercriminals are increasingly turning to stablecoins, particularly those pegged to the U.S. dollar, as their preferred medium for illicit transactions. This shift is driven by the predictability and convenience that stablecoins offer compared to more volatile cryptocurrencies like Bitcoin. According to Jacqueline Burns Koven, head of cyberthreat intelligence at Chainalysis, stablecoins now account for 63% of all illicit crypto transactions, marking a significant change from previous years when Bitcoin dominated the criminal landscape due to its liquidity. The surge in stablecoin usage is not limited to illegal activities; legitimate uses such as remittances, cross-border payments, and value storage have also contributed to a 77% year-over-year growth in 2024. However, the same features that make stablecoins attractive for legal purposes—liquidity, accessibility, and price stability—also appeal to cybercriminals seeking to scale theft and fraud operations. Law enforcement agencies are adapting their investigative techniques in response to this trend, moving from traditional post-fact subpoenas to real-time blockchain tracking to keep pace with the speed and cross-chain capabilities of stablecoin transactions. The design of stablecoins, which are typically backed by reserves or stabilization mechanisms, ensures that their value remains close to $1, providing criminals with confidence that their illicit gains will not be eroded by market volatility. This predictability is particularly valuable for large-scale operations, where even minor fluctuations in value could result in significant losses. The increased use of stablecoins in cybercrime has prompted greater collaboration between law enforcement, the private sector, and blockchain analytics firms. Investigators are leveraging advanced chain analysis tools to trace the flow of stablecoins across multiple platforms and identify patterns indicative of criminal activity. The transition to stablecoins has also highlighted the need for enhanced regulatory frameworks and compliance measures within the cryptocurrency ecosystem. Financial institutions and exchanges are under pressure to implement robust anti-money laundering (AML) and know-your-customer (KYC) protocols to detect and prevent the movement of illicit funds. The evolving threat landscape underscores the importance of continuous monitoring and intelligence sharing among stakeholders. As stablecoins become more entrenched in both legitimate and criminal financial systems, the challenges for law enforcement and cybersecurity professionals will continue to grow. The ability to track and interdict illicit stablecoin transactions in real time is now a critical component of modern cybercrime investigations. This development represents a fundamental shift in the tactics and tools used by both criminals and those tasked with stopping them. The rise of stablecoins as the currency of choice for online criminals is reshaping the dynamics of cyber-enabled financial crime and necessitating a coordinated, technology-driven response.
1 months ago
Major Cryptocurrency-Related Cybercrime Prosecutions and Asset Seizures
Law enforcement agencies in multiple countries have made significant progress in prosecuting individuals and groups involved in large-scale cryptocurrency-related cybercrimes. In the United States, a California man pleaded guilty to laundering at least $25 million as part of a group that stole $230 million in cryptocurrency through social engineering and account takeovers. The group, composed of young adults from several states and abroad, used various tactics to compromise victims' crypto accounts and launder the proceeds, with several members facing charges including wire fraud, racketeering, and money laundering. In the United Kingdom, prosecutors secured a civil recovery order to seize over £4.11 million ($5.39 million) in crypto assets from Joseph James O'Connor, who was convicted for his role in the 2020 Twitter mega-hack. O'Connor and his associates used SIM-swapping and social engineering to hijack high-profile Twitter accounts, soliciting Bitcoin from followers and amassing illicit gains. These actions demonstrate the increasing effectiveness of international law enforcement in tracing, prosecuting, and recovering assets from cybercriminals who exploit cryptocurrency for large-scale fraud and theft.
1 months ago