Illicit crypto flows soar to $154B as sanctions push activity on‑chain
The volume of cryptocurrency tied to illicit activity surged to an unprecedented $154 billion in 2025, as sanctioned states and entities increasingly turned to blockchain rails to dodge traditional financial controls. The figures come from a new annual report by blockchain analytics firm Chainalysis, which describes 2025 as a “watershed year” for on‑chain behavior by nation-states and other sanctioned actors.
According to the report, addresses identified as illicit received at least $154 billion over the year, up sharply from $59 billion in 2024 — a 162% year‑over‑year jump. Chainalysis stresses that this spike is not primarily the result of more typical crypto crime like retail scams or darknet markets. Instead, the bulk of the increase was driven by sanctioned governments, state-affiliated entities and related intermediaries moving money openly on public blockchains at industrial scale.
The firm characterizes this shift as a new evolutionary phase for the illicit crypto ecosystem. Earlier years were dominated by individual hackers, ransomware gangs, and fraud schemes. In 2025, however, the most striking trend was the scale, discipline, and coordination of activity attributed to sanctioned actors, particularly those looking to bypass restrictions imposed by the United States, the European Union, and their allies.
Russia stands out in the data. Under sweeping sanctions following its invasion of Ukraine, the country intensified its exploration of alternative payment rails. In February 2025, Russian authorities rolled out a ruble‑backed token known as A7A5. Within less than twelve months, that token processed more than $93.3 billion in transactions, Chainalysis found. While not all flows involving A7A5 are necessarily illicit, the token’s rapid adoption and usage patterns suggest it has become a significant tool for entities trying to operate outside the conventional banking system.
The broader context is one of escalating sanctions pressure worldwide. By mid‑2025, the Global Sanctions Inflation Index estimated that roughly 80,000 individuals and organizations were subject to some form of sanctions. In parallel, research from the Center for a New American Security highlighted that the United States alone added 3,135 entities to its Specially Designated Nationals and Blocked Persons List in 2024 — the largest annual increase on record. As access to the traditional financial system tightens, many of those listed are actively searching for parallel payment infrastructures, and digital assets have quickly become a prime candidate.
Stablecoins were at the center of this transformation. Chainalysis reports that stablecoins were involved in 84% of all illicit transaction volume in 2025. The reasons mirror the drivers of legitimate stablecoin growth: relatively predictable value, deep liquidity on major exchanges, and frictionless cross‑border transfer. These same properties that make stablecoins attractive for remittances, trading, and corporate settlements also make them ideal for parties trying to evade currency controls or move money outside the view of banks and regulators.
Yet, despite the headline‑grabbing numbers, Chainalysis emphasizes that criminal and sanctions‑related activity still accounts for a small proportion of the overall crypto economy. Even after the 2025 spike, illicit transfers remain under 1% of total on‑chain volume, although their share did tick up modestly compared with the previous year. In other words, while the criminal slice grew sharply in absolute terms, the underlying crypto market continued to expand as well.
Traditional cybercrime did not disappear amid the rise of state‑linked flows. Security firm PeckShield tracked 26 major on‑chain exploits in December alone. Two common attack vectors — address‑poisoning scams and private‑key leaks — were responsible for some of the largest losses. In one high‑profile episode, an unsuspecting user lost $50 million after copying a malicious address that visually resembled the intended recipient, a technique that relies on user inattention rather than protocol‑level vulnerabilities. In another case, the compromise of a private key associated with a multi‑signature wallet led to estimated losses of $27.3 million, underscoring that even more advanced custody setups can fail if operational security is weak.
Not all crypto‑related crime is purely digital. Prosecutors in the United States charged Brooklyn resident Ronald Spektor with allegedly stealing $16 million from approximately 100 Coinbase users. According to court documents, Spektor is accused of posing as an employee of the exchange, leveraging social engineering and impersonation rather than sophisticated malware to separate victims from their funds. The case highlights a persistent reality: many successful crypto thefts exploit human trust rather than complex code.
The 2025 data raises broader questions about the future of sanctions enforcement. Traditional sanctions rely on banks, payment processors, and financial institutions as chokepoints: if an entity is blacklisted, regulated intermediaries must freeze or reject their transactions. Public blockchains, by design, have no central authority that can unilaterally block a transfer. Once a sanctioned party controls an address and can find a willing counterparty, value can move globally with little friction.
However, the transparency of public ledgers creates new pressure points. While blockchains remove centralized gatekeepers, they also preserve a permanent, traceable record of all transactions. Governments are increasingly leaning on this transparency, partnering with analytics firms to map the networks around sanctioned addresses, identify patterns, and flag off‑ramps trying to cash out tainted funds. In some cases, this has allowed authorities to move faster than they could in the opaque world of offshore banks and shell companies.
The rise of tokens like Russia’s A7A5 also signals a new geopolitical contest over financial standards. State‑backed crypto instruments can be designed to integrate tightly with domestic banking systems while offering cross‑border functionality that sidesteps Western infrastructure such as SWIFT. For countries under sanctions or at risk of them, such tools are attractive hedges against financial isolation. For policymakers in sanctioning nations, they pose a challenge: how to maintain leverage when rival payment networks are programmable, global, and run on open technology.
For the broader crypto industry, the dominance of stablecoins in illicit flows cuts both ways. On one hand, it exposes serious reputational and regulatory risks. If stablecoins become synonymous with sanctions evasion in the eyes of policymakers, issuers and exchanges could face stricter oversight, aggressive enforcement actions, or even de‑platforming in some jurisdictions. On the other hand, the same data equips compliant platforms with the information they need to strengthen their defenses — for example, implementing more rigorous screening of counterparties, monitoring large movements involving high‑risk jurisdictions, and collaborating closely with analytics providers.
Institutional and retail users who interact with digital assets also have practical takeaways. The spike in address‑poisoning and key‑compromise incidents reinforces a few core operational lessons: never rely solely on visual similarity when copying addresses; use hardware wallets and multi‑factor authentication where possible; and treat any unsolicited contact claiming to be from an exchange or wallet provider with deep suspicion. The biggest single losses in 2025 were often preventable with basic security hygiene.
Looking ahead, most experts expect illicit crypto flows to remain elevated so long as the global sanctions regime continues to broaden and enforcement remains asymmetric. As more entities are blacklisted and more countries experiment with state‑linked tokens and alternative settlement mechanisms, on‑chain volumes related to sanctions circumvention are likely to grow. At the same time, advances in analytics, increased cooperation between regulators and compliant platforms, and the maturing of industry best practices may gradually narrow the space in which bad actors can operate undetected.
Ultimately, the 2025 figures do not simply tell a story about “crypto crime.” They illustrate how digital assets have become woven into the fabric of international finance and geopolitics. Public blockchains are now a battleground where state power, financial innovation, and criminal opportunism intersect. The challenge for regulators, developers, and users over the coming years will be to preserve the open, permissionless qualities that make crypto useful, while constraining the capacity of sanctioned regimes and sophisticated threat actors to exploit those same qualities at global scale.