What is crypto money
laundering?
Crypto money laundering involves concealing illegally
obtained funds by funneling them through cryptocurrency
transactions to obscure their origin. Criminals may operate
offchain but move funds onchain to facilitate laundering.
Traditionally, illicit money was moved using couriers or
informal networks like Hawala. However, with the rise of
digital assets, bad actors now exploit
blockchain technology to transfer large amounts of money. With
evolving techniques and increasing regulation, authorities continue
working to track and mitigate the misuse of cryptocurrencies for
money laundering.
Thanks to sophisticated technologies like cryptocurrencies,
criminals find moving large amounts of money simpler. As
cryptocurrency adoption has grown, so has illicit activity within
the space. In 2023, crypto
wallets linked to unlawful activities transferred $22.2
billion, while in 2022, this figure stood at $31.5
billion.

Stages of crypto money
laundering
Crypto money laundering follows a structured process
designed to hide the source of illicit funds. Criminals use
sophisticated methods to bypass regulatory oversight and Anti-Money
Laundering (AML) measures. The process unfolds in several
stages:
- Step 1 — Gathering funds: The first step
involves gathering funds obtained illegally, often from organized
crime or fraudulent activities. These illicit earnings need to be
moved discreetly to avoid detection by regulatory
authorities.
- Step 2 — Moving funds into the crypto
ecosystem: Criminals now move illicit funds into the
financial system by purchasing cryptocurrencies. The modus operandi
is to buy cryptocurrencies through multiple transactions across
crypto
exchanges, particularly those with weak AML compliance. To make
tracking more complex, they may convert funds into different
digital assets like Ether (ETH), Polkadot
(DOT) or
Tether’s USDt (USDT).
- Step 3 — Juggling of funds: At this
stage, the criminals hide the funds’ ownership. For this purpose,
they move their crypto assets through a series of transactions
across different platforms, exchanging one cryptocurrency for
another. Often, funds are transferred between offshore and onshore
accounts to further complicate tracing.
- Step 4 — Reintroducing cleaned money into the
system: The final step involves reintroducing the cleaned
money into the economy, which they do through a network of brokers
and dealers. They now invest the money in businesses, real estate
or luxury assets without raising suspicion.
Did you know? Taiwan’s Financial
Supervisory Commission has mandated that all local virtual asset
service providers (VASPs) must adhere to new AML regulations by
2025.
Various methods
criminals use to launder cryptocurrencies
Criminals employ several methods to launder illicitly
obtained digital assets. From non-compliant exchanges to online
gambling platforms, they use various techniques to conceal the
transaction trail.
Below is some brief information about the methods criminals
use.
Non-compliant centralized exchanges
Criminals use non-compliant centralized exchanges or
peer-to-peer (P2P) platforms to convert cryptocurrency to cash.
Before being converted into fiat, the cryptocurrency is processed
through intermediary services like mixers, bridges or decentralized
finance (DeFi) protocols to obscure its origins.
Despite compliance measures, centralized exchanges (CEXs)
handled almost half of these funds. In 2022, nearly $23.8 billion
in illicit cryptocurrency was exchanged, a 68% surge from
2021.
Decentralized exchanges (DEXs)
DEXs
operate on a decentralized, peer-to-peer basis, meaning
transactions occur directly between users using
smart contracts rather than through a CEX. These exchanges are
currently largely unregulated, which criminals use for
swapping cryptocurrencies and making investigations harder.
The absence of traditional
Know Your Customer (KYC) and AML procedures on many DEXs allows
for anonymous transactions.
Mixing services
Cryptocurrency mixers, also called tumblers, enhance anonymity
by pooling digital assets from numerous sources and redistributing
them to new addresses randomly. They obscure the funds’ origins
before they are sent to legitimate channels.
A well-known example of criminals using crypto mixers is Tornado
Cash, which was used to launder over $7 billion from 2019 until
2022. The developer of the mixer was arrested by Dutch
authorities.
Bridge protocols
Crosschain
bridges, designed to transfer assets between blockchains, are
exploited for money laundering. Criminals use these bridges to
obscure the origin of illicit funds by moving them across multiple
blockchains, making it harder for authorities to track
transactions.
By converting assets from transparent networks to
privacy-enhanced blockchains, criminals evade scrutiny and reduce
the risk of detection. The lack of uniform regulatory oversight
across different chains facilitates illicit activity.
Online gambling platforms
Cryptocurrency money launderers frequently exploit gambling
platforms. They deposit funds from both traceable and anonymous
sources, then either withdraw them directly or use collusive
betting to obscure the funds’ origin. This process effectively
“legitimizes” the money.
The Financial Action Task Force (FATF), in its September 2020
report, identified gambling services as a money laundering risk,
specifically highlighting suspicious fund flows to and from these
platforms, especially when linked to known illicit sources.
Nested services
Nested services encompass a wide range of services that function
within one or more exchanges, using addresses provided by those
exchanges. Some platforms have lenient compliance standards for
nested services, creating opportunities for bad actors.
On the blockchain ledger, transactions involving nested services
appear as if they were conducted by the exchanges themselves rather
than by the nested services or individual users behind them.
Over-the-counter (OTC)
brokers: A commonly used nested service for money laundering
OTC brokers are the most prevalent nested service criminals
use for crypto money laundering because they allow them to conduct
large cryptocurrency transactions securely and efficiently with a
degree of anonymity.
Transactions may involve different cryptocurrencies, such as
Bitcoin (BTC) and ETH, or
facilitate conversions between crypto and fiat currencies, like BTC
and euros. While OTC brokers match buyers and sellers in exchange
for a commission, they do not participate in the negotiation
process. Once the terms are set, the broker oversees the transfer
of assets between parties.
To combat North Korean cybercrime, the US government has taken
strong action against the
Lazarus Group’s money laundering activities. In August 2020,
the US Department of Justice (DOJ) sought to seize 280
cryptocurrency addresses tied to $28.7 million in stolen funds
following an investigation into a $250-million exchange heist.
Further, in April 2023, the Office of Foreign Assets Control
(OFAC) sanctioned three individuals, including two OTC traders, for
aiding Lazarus Group in laundering illicit funds, highlighting the
group’s continued reliance on OTC brokers.
Did you know? Microsoft Threat Intelligence
identifies Sapphire Sleet, a North Korean hacking group, as a key
actor in crypto theft and corporate espionage.
The evolving landscape
of crypto money laundering, explained
The complex landscape of crypto money laundering involves a
dual infrastructure. While CEXs remain primary conduits for illicit
funds, shifts are evident. Crosschain bridges and gambling
platforms are witnessing increased usage, reflecting evolving
criminal tactics. Analysis of deposit address concentrations and
crime-specific patterns highlights vulnerabilities.
Crypto money laundering infrastructure
Broadly, crypto money laundering infrastructure can be
categorized into intermediary services and wallets. Intermediary
services include mixers, bridge protocols,
decentralized finance (DeFi) protocols and other such services.
On the other hand, fiat
off-ramping services include any service that can help one
convert crypto into fiat currency.
While centralized exchanges are more commonly used for this
purpose, criminals may also use P2P exchanges, gambling services
and
crypto ATMs. Crypto criminals use intermediary services to hide
the origin of funds by concealing the onchain link between the
source address and the current address.
Key channels used for crypto money laundering
Different financial services vary in their ability to combat
money laundering. Centralized exchanges, for example, possess more
control over transactions and have the authority to freeze assets
linked to illicit or suspicious sources. However, DeFi protocols
operate autonomously and do not hold user funds, making such
interventions impractical.
The transparency of blockchain technology enables analysts to
track funds passing through DeFi platforms, which is often more
difficult with centralized services. Centralized exchanges continue
to be the primary destination for assets originating from illicit
sources, with a relatively stable trend between 2019 and 2023.
There was a significant uptick in
ransomware proceeds being funneled to gambling platforms and an
increase in ransomware wallets sending funds to bridges.

Tracking illicit funds through deposit addresses
Deposit addresses, which function similarly to bank accounts on
centralized platforms, reveal how financial flows are concentrated.
In 2023, a total of 109 exchange deposit addresses each received
over $10 million in illicit crypto, collectively accounting for
$3.4 billion. Comparatively, in 2022, only 40 addresses surpassed
the $10 million mark, accumulating a combined total of just under
$2 billion.
The concentration of money laundering activity also varies by
crime type. For instance, ransomware operators and vendors of
illegal content exhibit a high degree of centralization. Seven key
deposit addresses accounted for 51% of all funds from exchanges
from illegal content vendors, while nine addresses handled 50.3% of
ransomware proceeds.

Criminals’ shift to crosschain and mixing services
Sophisticated criminals are increasingly turning to crosschain
bridges and mixing services to obfuscate their financial
transactions. Illicit crypto transfers through bridge protocols
surged to $743.8 million in 2023, more than doubling from the
$312.2 million recorded in 2022. There has been a sharp rise in
funds transferred to crosschain bridges from addresses linked to
stolen assets.
Cybercriminal organizations with advanced laundering techniques,
such as North Korean hacking groups like Lazarus Group, leverage a
diverse range of crypto services. Over time, they have adapted
their strategies in response to enforcement actions. The shutdown
of the Sinbad mixer in late 2023, for example, led these groups to
shift toward other mixing services like YoMix, which operates on
the darknet.
National and
international frameworks for crypto AML
Governments worldwide have implemented laws and guidelines
to prevent crypto money laundering. Various national jurisdictions
have put in place regulatory frameworks to ensure
compliance.
United States
The Financial Crimes Enforcement Network (FinCEN) regulates
crypto asset service providers to prevent money laundering in the
US. Crypto exchanges function under the Bank Secrecy Act, which
requires the exchanges to register with FinCEN and implement AML
and Counter-Terrorist Financing programs. They have to maintain
proper records and submit reports to authorities.
Canada
Canada was the first country to introduce crypto-specific
legislation against money laundering through Bill C-31 in 2014.
Transactions involving virtual assets fall under the Proceeds of
Crime (Money Laundering) and Terrorist Financing Act (PCMLTFA) and
related regulations, requiring compliance from entities dealing in
digital currencies.
European Union
The
Markets in Crypto-Assets (MiCA) Regulation aims to safeguard
consumers from crypto-related financial risks. The EU-wide
Anti-Money Laundering Authority (AMLA) has also been set up.
Crypto Asset Service Providers (CASPs) must collect and share
transaction data to ensure traceability, which aligns with global
standards.
Singapore
Singapore enforces strict AML regulations through the Payment
Services Act, which governs digital payment token services.
Companies must conduct customer due diligence and comply with AML
and Countering the Financing of Terrorism (CFT) measures to operate
legally.
Japan
Japan regulates cryptocurrency under the Act on Punishment of
Organized Crimes and the Act on Prevention of Transfer of Criminal
Proceeds, ensuring strict oversight to combat illicit financial
activities.
Countries also collaborate globally to deter crypto money
laundering, forming organizations like the FATF. They are working
together for regulatory alignment, information sharing and
strengthening AML frameworks.
Token issuers also play a crucial role in tackling illicit
activities. Notably,
stablecoins such as Tether’s USDt (USDT) and USDC
(USDC), have
built-in mechanisms that allow them to block funds associated with
criminal activities, preventing further misuse.
How to prevent crypto
money laundering
Crypto money laundering is evolving and is forcing
authorities to adopt advanced blockchain analytics to track illicit
transactions. Thus, law enforcement agencies must use sophisticated
tools to detect suspicious activity and dismantle criminal
networks.
Law enforcement has become more adept at tracing illicit
transactions, as demonstrated in cases like Silk Road, where
blockchain analysis helped uncover criminal operations. However, by
working with global bodies like the FATF and the European
Commission, authorities can assess high-risk jurisdictions and
mitigate threats to the financial system.
For crypto service platforms, stringent KYC and AML protocols
must be followed, especially for transactions from high-risk areas.
Platforms should regularly audit transactions, monitor for
suspicious patterns, and collaborate with law enforcement to
respond quickly to potential laundering activities.
Users also play a role by avoiding transactions with entities
operating in high-risk regions and reporting suspicious activities.
Familiarizing themselves with
secure wallet practices and ensuring their own
transactions are traceable (if required) by keeping records can
help prevent accidental involvement in illegal activities. Strong
cooperation across all parties is key to curbing crypto money
laundering.
...