Crypto-enabled scams, laundering, and sanctions evasion by criminal and state actors

The period from 2025 through 2027 has witnessed a relentless intensification of crypto-enabled illicit finance, driven by a volatile confluence of state actors, sanctioned entities, criminal networks, and emerging technologies such as artificial intelligence (AI). This evolving landscape not only magnifies the scale of illicit flows—estimated at over $104 billion transacted by sanctioned entities in 2025 alone—but also deepens the complexity of enforcement and regulatory efforts worldwide. Recent developments reveal how innovations in stablecoins, decentralized finance (DeFi), mixers, and AI-driven social engineering have become central tools in circumventing sanctions, laundering proceeds, and financing malign activities, including weapons programs and human trafficking.

---

Persistent Dominance of Stablecoins and DeFi in Sanctions Evasion

Stablecoins, especially Tether (USDT), continue to be the backbone of illicit crypto finance due to their liquidity, price stability, and widespread acceptance. These features allow sanctioned states and proxy networks to execute swift, opaque transfers that evade traditional financial monitoring. The crypto ecosystem’s decentralized facets—particularly DeFi platforms, mixers, and tumblers—have further entrenched themselves as indispensable enablers of sanctions evasion, offering layers of anonymity and transaction obfuscation.

• USDT’s role remains pivotal, with enforcement agencies recovering over $61 million in tether-linked assets connected to AI-augmented social engineering scams in 2025.
• Mixers and tumblers have grown more sophisticated, complicating blockchain tracing and forensic analysis, especially amid hybrid laundering networks blending crypto with fiat, commodities, and informal value transfer systems (IVTS).

---

AI-Augmented Scams and Their Human Toll

The intersection of AI and illicit finance has birthed unprecedented fraud modalities, notably in the realm of romance scams and “pig butchering” frauds, which have surged to estimated losses exceeding $17 billion in 2025. These scams exploit AI-generated synthetic identities and automated social engineering to ensnare victims worldwide, often culminating in coercion into laundering schemes tied to human trafficking and exploitation.

• Investigations reveal a disturbing nexus where victims of AI-driven scams are forced into laundering stolen crypto via illicit industries, such as underground massage parlors and trafficking-associated businesses.
• Enforcement actions targeting these schemes have demonstrated tangible impact, yet the scale and sophistication of these fraud networks continue to outpace conventional detection methods.

---

State-Sponsored Cyber Heists and Hybrid Threats

State-linked cyber operations have escalated in both ambition and geopolitical intent, leveraging crypto-finance as a vector for destabilization and illicit funding:

• The February 2025 crypto heist attributed to Chinese threat actors remains the largest recorded, combining advanced cyber intrusions with disinformation campaigns designed to sow economic disruption.
• North Korean IT fraud rings, recently sanctioned for employing cryptocurrencies to fund weapons of mass destruction (WMD) programs, exemplify the direct nexus between crypto-enabled illicit finance and national security threats. OFAC’s targeting of six individuals and two entities in these rings highlights the growing recognition of this intersection.
• Iran, Russia, and North Korea have further expanded their use of DeFi platforms, mixers, and pseudonymous blockchain tools to evade sanctions and complicate enforcement.

---

Expansion and Innovation in Hybrid Laundering Networks

The laundering landscape is evolving into complex hybrid systems that integrate diverse asset flows and informal mechanisms, challenging regulatory and enforcement paradigms:

• Hezbollah’s Al-Qard al-Hassan network exemplifies political actor innovation, fusing blockchain pseudonymity with multi-layered corporate structures and community-based IVTS disguised as lending operations. This hybridization enhances resilience against AML/CFT measures.
• Turkish financial channels, including state-owned banks such as Halkbank, remain critical facilitators of Iranian sanctions evasion. Investigations have uncovered systemic corruption within Iran’s judicial and prison institutions—particularly in Mashhad—that perpetuate laundering activities and institutional complicity.
• Offshore Virtual Asset Service Providers (oVASPs) operating from jurisdictions with lax transparency continue to serve as conduits, exploiting fragmented regulatory environments and enabling rapid layering through shell companies connected to politically exposed persons.
• A noteworthy emerging vector is commodity-based laundering, especially illicit gold trade at the Cameroon–Central African Republic border, which has become intricately linked with crypto laundering. Regional initiatives involving customs and law enforcement cooperation aim to dismantle these networks, recognizing the need for integrated cross-sectoral responses.
• Diaspora communities and informal networks remain pivotal: Toronto’s Persian community near Yonge Street functions as a hub for trust-based MSBs and crypto wallets supporting sanctioned Iranian entities, while Caribbean organized crime groups exploit banking secrecy and informal remittances to launder substantial sums.
• The use of AI-generated synthetic identities and automated layering techniques is pushing laundering sophistication to new heights, straining forensic capabilities and underscoring the urgent need for AI-powered investigative tools.

---

Enforcement Milestones Amid Regulatory Complexity

Despite formidable challenges, enforcement authorities have achieved several notable victories, signaling a growing resolve to counter crypto-enabled illicit finance:

• The U.S. Treasury’s seizure of over $15 million in crypto assets linked to Iranian terrorist organizations, including IRGC and Quds Force affiliates, marks a targeted disruption of key funding streams.
• OFAC’s sanctions against North Korean IT fraud rings involved in crypto-facilitated WMD financing demonstrate an evolving understanding of crypto’s role in global security threats.
• FinCEN’s $80 million civil penalty against Canaccord Genuity LLC for facilitating crypto laundering exemplifies heightened regulatory scrutiny on intermediaries and VASPs.
• Dutch authorities secured a €25.8 million settlement with a shell company tied to a sanctioned Israeli tycoon involved in corruption and sanctions evasion in the Democratic Republic of Congo, a rare and impactful cross-border enforcement success.
• However, legal hurdles remain formidable—such as the dismissal of terrorism-financing lawsuits against major crypto platforms like Binance—reflecting the uneven global regulatory landscape and evidentiary challenges.
• Regulatory bodies have intensified oversight of crypto ATM operators including Bitcoin Depot, targeting inadequate KYC/AML controls that enable rapid anonymization of illicit cash into crypto assets.
• The FATF continues refining standards for VASPs and DeFi platforms, while the U.S. GENIUS Act report advocates for sophisticated AML/CFT frameworks tailored to decentralized and anonymous finance, aiming to close critical transparency gaps around offshore entities and DeFi protocols.

---

Strengthened Focus on Commodity-Based Laundering Risks

New analyses highlight the global gold trade’s hidden risks as a key facilitator of crypto laundering and illicit finance. The Cameroon–Central African Republic border has emerged as a nexus where illicit gold extraction and trade intertwine with crypto laundering, exploiting weak governance and porous borders.

• A recent report, “Five Key Questions About the Global Gold Trade and Its Hidden Risks,” underscores how gold’s portability, high value density, and fungibility make it an attractive vehicle for layering illicit proceeds.
• Coordinated regional strategies are underway, involving customs, financial intelligence units, and law enforcement agencies, to disrupt these commodity-based laundering channels. This approach exemplifies the necessity of integrated anti-commodity laundering frameworks that bridge financial and physical asset enforcement.

---

Strategic Imperatives for the Future

The evolving threat landscape demands a multifaceted, coordinated response that blends technological innovation, regulatory harmonization, and international collaboration:

• Global harmonization of stablecoin regulation and robust KYC standards is urgent to prevent regulatory arbitrage exploited by illicit actors. Uniform enforcement across jurisdictions is critical.
• Deployment of AI-powered forensic tools must accelerate to detect synthetic identities, automated layering, and rapid transaction patterns that overwhelm traditional methods.
• Regulatory frameworks tailored for VASPs and DeFi platforms need continual refinement, balancing transparency and traceability with innovation-friendly approaches.
• Victim-centric interventions integrating law enforcement, social services, and NGOs are essential to protect and rehabilitate victims of AI-driven scams and trafficking-linked laundering.
• Strengthened public-private intelligence sharing can improve early detection and coordinated responses, leveraging expertise from crypto exchanges, analytics firms, and community stakeholders.
• Targeted enforcement against hybrid laundering networks, including Hezbollah’s Al-Qard al-Hassan and corrupt facilitators within Turkish financial channels, requires precise, intelligence-led strategies.
• Integral anti-commodity laundering initiatives that combine financial intelligence, customs enforcement, and cross-border cooperation are essential to dismantle illicit gold trade and associated laundering schemes.

---

Conclusion: Navigating a Critical Juncture in Crypto Financial Security

By mid-2027, the crypto-enabled illicit finance ecosystem starkly illustrates the challenges of a borderless, hybrid, and technologically sophisticated threat environment. The enormous volume of illicit flows, the rise of AI-augmented scams intertwined with human trafficking, and state-backed cyber heists collectively underscore the urgency and scale of this global issue.

Recent enforcement successes affirm the power of sustained multinational cooperation and regulatory innovation. Yet, persistent regulatory fragmentation and the rapid evolution of laundering techniques necessitate harmonized international frameworks, AI-driven investigative capabilities, and robust public-private partnerships.

The path forward demands not only cutting-edge technology but also global political will and coordinated action. Only through comprehensive and adaptive strategies can the promise of cryptocurrencies be responsibly harnessed, preventing their exploitation by illicit actors operating at an unprecedented scale and sophistication.

---

Selected Additional Reading

• “Five Key Questions About the Global Gold Trade and Its Hidden Risks” — An in-depth analysis of gold’s role in illicit finance and laundering.
• “Inside The $17 Billion Crypto Scam Industry Built On Human Trafficking” — Investigative report on AI-augmented romance scams and trafficking-linked laundering.
• “Sanctioned Entities Moved $104B Through Crypto in 2025: Report” — Chainalysis data on illicit crypto flows.
• “US Treasury Sanctions Facilitators Of North Korea IT Worker Fraud Targeting Businesses” — OFAC actions linking crypto to WMD financing.
• “Netherlands Settles DRC Corruption Probe into Sanctioned Israeli Tycoon’s Shell Company for €25.8M” — Landmark cross-border enforcement.
• “Toronto Crypto Dealings Allegedly Linked to Iran Groups” — Case study of diaspora facilitation hubs.
• “FBI Arrests Government Contractor Accused of $46 Million Cryptocurrency Heist from US Marshals” — Example of state-linked cyber heists.
• “U.S. Treasury Recommends AML/CFT Rules for DeFi” — Regulatory innovation for decentralized platforms.
• “New FATF Report Highlights Illicit Finance Risks Linked to Offshore VASPs” — Risks of offshore virtual asset service providers.
• “Cameroon–CAR Strategy Could Disrupt Illicit Gold Trade Fueling Border Crime” — Integrated commodity laundering and crypto nexus.
• “Narcotics Control Bureau, US Drug Control Body Agree to Share Real-Time Info on Transnational Drug Cartels” — Enhanced bilateral intelligence cooperation.

---

This synthesis reflects the urgent, multidimensional challenges and responses shaping the global fight against crypto-enabled illicit finance, as technological innovation, geopolitical conflict, and entrenched criminal enterprise continue to redefine the contours of financial crime.