TRM Labs released its comprehensive 2026 Crypto Crime Report on January 28, revealing that illicit cryptocurrency volume reached an all-time high of $158 billion in 2025 — a staggering 145% increase from the $64.5 billion recorded in 2024. Despite the dramatic rise in absolute terms, the proportion of illicit activity relative to total crypto volume actually declined, dropping from 1.3% in 2024 to 1.2% in 2025, underscoring the rapid growth of legitimate crypto adoption worldwide.
The Exploit Mechanics
According to the report, malicious actors stole $2.87 billion across nearly 150 individual hacks throughout 2025. While the number of incidents decreased compared to the previous year, the average loss per exploit climbed significantly. The single largest breach — the Bybit exchange hack — accounted for $1.46 billion, representing 51% of all stolen funds for the year. The attack leveraged sophisticated social engineering combined with compromised infrastructure access, demonstrating how a single well-executed exploit can skew annual loss figures dramatically.
TRM Labs also introduced a new metric framing risk relative to deployable capital rather than raw transaction volume. Under this framework, illicit entities captured 2.7% of available crypto liquidity in 2025 — a figure that provides a more nuanced view of criminal activity’s impact on the market.
Affected Systems
Sanctions-related activity dominated the illicit landscape, driven overwhelmingly by Russia-linked financial flows. The ruble-pegged stablecoin A7A5 processed more than $72 billion in total volume, functioning as a key instrument for sanctions evasion. TRM identified a wallet cluster associated with the Russian sanctions evasion network A7 that alone handled at least $39 billion in 2025, reflecting concentrated and coordinated activity tied to state-aligned financial infrastructure.
Beyond Russia, the report highlighted how Iran and Venezuela increasingly relied on cryptocurrency rails for sanctions-constrained payments and financial services at scale. Chinese-language escrow and money laundering networks processed over $100 billion, operating as critical infrastructure for global illicit markets rather than state-directed operations.
The Mitigation Strategy
The report emphasizes that improved detection capabilities and greater blockchain transparency have enabled law enforcement and compliance teams to trace illicit flows more effectively than ever before. TRM’s methodology now accounts for both total incoming value to illicit wallets and the proportion of liquidity those entities absorb — providing regulators with sharper tools to assess systemic risk.
Major cryptocurrency exchanges and decentralized finance protocols have responded by strengthening their transaction monitoring systems and implementing more rigorous know-your-customer procedures. The declining proportion of illicit volume relative to total activity suggests these measures are producing measurable results, even as criminal actors adopt increasingly sophisticated techniques.
Lessons Learned
The 2025 data paints a clear picture: cryptocurrency is no longer a niche or peripheral financial instrument. It is broadly integrated into both legitimate and illicit economies worldwide. Governments, regulators, everyday users, and criminal actors all now encounter crypto as a routine component of financial life. The growing baseline fluency with digital assets has, paradoxically, both enabled larger illicit volumes and improved the tools available to detect and prevent them.
For individual users and institutions, the report underscores the importance of using regulated platforms, enabling multi-factor authentication, and maintaining awareness of common attack vectors — particularly social engineering tactics that contributed to the year’s largest breaches.
User Action Required
As crypto crime scales alongside adoption, users should audit their security practices regularly. Hardware wallets remain the gold standard for long-term storage. Enable withdrawal whitelists on exchange accounts. Monitor transaction histories for unauthorized activity. And when interacting with DeFi protocols, verify contract addresses through official channels before signing any transaction. The $2.87 billion lost in 2025 is a reminder that vigilance is not optional — it is the cost of participating in a permissionless financial system.
Disclaimer: This article is for informational purposes only and does not constitute financial or security advice. Always conduct your own research before making investment or security decisions.
1.46B from a single hack and they still only caught 1.2% of total volume being illicit. the scale of this is insane
the bybit hack was half of all stolen funds for the YEAR. one incident. imagine if they had basic multisig
basic multisig wouldnt have stopped this. the attackers compromised the signing devices themselves. you need HSMs plus geographically distributed key holders
one hack being 51% of total annual losses says everything about exchange security. its not a thousand small breaches, its one catastrophic failure
declining proportion of illicit activity despite higher absolute numbers is actually a bullish signal for adoption. more legit users entering the space faster than criminals
1.2% illicit share with $158B absolute volume means legit crypto is scaling faster than crime. this is the stat regulators should actually focus on
regulators will ignore the declining share and hammer the $158B absolute number. thats how policy works, the scarier headline always wins