Interview with Nicola Buonanno from Chainalysis on Crypto Crime 2025: crime evolves, but so does security

What are the main trends that emerged from the Crypto Crime Report 2025? Are there new types of crimes emerging compared to previous years?

Crimes committed with cryptocurrencies are becoming much more sophisticated and personalized. It’s no longer just about hackers carrying out thefts: cryptocurrencies are being used in a wide range of illicit activities, from threats to national security to organized crime, including fraud against consumers. Another significant development is the rise of on-chain services operating on a large scale as money laundering hubs. It’s no longer about individual criminals trying to clean stolen funds on their own, but organized networks offering laundering as a service, making the ecosystem decidedly more complex.

In our latest Crypto Crime Report, we found that the compromise of private keys has emerged as the main attack vector, responsible for 43.8% of funds stolen globally.

Although DeFi continued to represent the highest share of assets stolen in the first quarter of 2024, there is a significant growth in attacks targeting centralized services, which have become the main targets in the second and third quarters, culminating in the case of Bybit.

Despite it seeming that 2024 saw a decline in illicit activities, with a total value of 40.9 billion dollars, last year was likely a record year for inflows to illicit actors. In fact, this figure is a conservative estimate, based on inflows to illicit addresses that we have identified to date.

In a year, these totals will be higher, as illicit addresses that we have not yet identified will be integrated. It is expected that the volume of illicit cryptocurrencies in 2024 will surpass that of 2023: since 2020, our annual estimates of illicit activity have grown on average by 25% between annual reference periods. Assuming a similar growth rate between now and next year’s Crypto Crime Report, in 2024 the value of illicit activities perpetrated with cryptocurrencies could exceed the threshold of 51 billion dollars.

2. Which cryptocurrencies or networks are most involved in illicit activities, and what do the data suggest about the evolution of crime in the sector?

The crypto sector continues to be a target for malicious actors, particularly those sponsored by states. In 2024 and 2025, we witnessed a significant increase in the value stolen from cyber attacks.

In fact, in February, the cryptocurrency sector was shaken by a serious cyber attack against Bybit, which resulted in a loss of nearly 1.5 billion dollars in Ether (ETH): the largest digital theft in the history of cryptocurrencies.

According to our data, in 2023 groups of cybercriminals associated with North Korea had stolen approximately 660.5 million and 1.34 billion in 2024. The attack on Bybit alone exceeded by over 160 million dollars the total amount stolen by North Korean actors throughout 2024, highlighting its exceptional scale. Despite the severity of the event, Bybit responded promptly, actively collaborating with experts and industry partners, including Chainalysis, to trace and attempt to recover the stolen funds.

Furthermore, there has been a significant change in the way criminals use different cryptocurrencies. If previously Bitcoin dominated illicit transactions, now stablecoins represent about 63% of all illicit activities in cryptocurrencies. This figure is due to a broader trend, which sees a growing adoption of stablecoins worldwide. In fact, these instruments offer greater liquidity and stability, making them more attractive for moving money without too much volatility.

However, stablecoin issuers often freeze funds if they become aware of their use by illicit entities. For example, Tether has frozen the addresses of individuals suspected of being linked to scams, terrorism financing, and sanctions evasion, which can make stablecoins an inadequate tool for transferring value by illicit actors. That said, Bitcoin is still widely used for certain types of crimes, such as ransomware and darknet market transactions, while scams and laundering of stolen funds are spread across multiple assets.

3. The DeFi sector is increasingly in the crosshairs of cybercriminals. Which vulnerabilities have been exploited the most in 2024, and how are the protocols responding to mitigate the risks?

Between 2021 and 2023, DeFi platforms have consistently been at the top of the list of cryptocurrency hacking victims. One possible explanation is that many developers prioritize speed to market over security robustness, thus leaving vulnerabilities easily exploitable by hackers.

The most significant vulnerability identified in 2024 was the compromise of private keys. This remains a critical threat, as access to a private key allows attackers to control and completely drain an account, with no possibility of recovering the assets.

In the first quarter of 2024, DeFi continued to be the area most affected by attacks, with the highest number of assets stolen. However, in the second and third quarters, the focus of hackers shifted towards centralized services, which became more frequent targets. Among the most striking cases are DMM Bitcoin, which suffered a loss of 305 million dollars, and WazirX, with nearly 235 million dollars taken. These attacks are pushing the entire sector to rethink its security strategies, particularly regarding the protection of private keys and the tracking of stolen funds, often moved between different blockchains through bridges and mixing services.

4. Rug pulls and attacks on cross-chain bridges have been among the major security issues in recent years. Have you noticed changes in these dynamics in 2025?

Rug pulls continue to represent a serious problem, especially due to the enormous quantity of scam tokens that are created. In 2024, about 3.59% of all launched tokens turned out to be a pump-and-dump or rug pull scheme.

The model we are observing is that most of these scams occur on decentralized exchanges, where it is easier for malicious actors to create liquidity pools, attract investors, and then disappear with the funds.

A particularly significant fact is that in 94% of cases, it was the same person who created the liquidity pool that executed the rug pull. Therefore, even if the methods may change, the underlying problem remains the same: unscrupulous actors exploit the decentralized nature of the crypto world to deceive unsuspecting investors.

5. Which tools can help exchanges and other actors in the crypto market to strengthen compliance and prevent money laundering?

Blockchain-based intelligence tools are becoming increasingly sophisticated, allowing investigators to trace illicit funds across different networks and block their cashing in before it is too late. However, it is crucial that the intervention is timely: if one waits for the funds to be already laundered, recovering them becomes much more complex.

For this reason, real-time monitoring and predictive technologies based on artificial intelligence are taking on an increasingly central role in blockchain security and fraud prevention in the crypto world. Platforms like Hexagate, for example, use machine learning models to identify suspicious transactions in real-time, helping exchanges and protocols to intervene before it’s too late. Similarly, Alterya offers proactive protection against payment fraud and detection of suspicious activities during the KYC (know your customer) phase, supporting exchanges, blockchain, and wallet providers.

With the evolution of regulations on cryptocurrencies, it is likely that attention on the security of platforms and the protection of users’ funds will also increase. The industry’s best practices must therefore continuously update to ensure both fraud prevention and operator accountability. Strengthening collaboration with law enforcement and providing teams with the tools and skills to react promptly can make a difference. These efforts not only serve to defend individual users but are essential for building trust and long-term stability in the entire digital ecosystem.

6. Regulation is advancing rapidly in many jurisdictions. Which countries are adopting the most effective strategies to counter crypto crime?

Globally, there is a growing cooperation among law enforcement agencies. The seizures carried out in 2024 on darknet markets and Russian exchanges without KYC procedures demonstrate how authorities are refining their strategies, increasingly focusing on the underlying financial infrastructure rather than merely chasing individual criminals. At the same time, a growing number of governments are implementing stricter regulations on exchanges, thus hindering the free movement of illicit funds.

The regulatory frameworks for services related to crypto-assets and compliance with AML/CFT regulations are rapidly evolving worldwide. In the European Union, the MiCA (Markets in Crypto-Assets) regulation represents the most comprehensive framework for providers of services related to crypto-assets. It is already in force and being implemented in the 27 member states, and it could become a model at a global level. In parallel, the United States, United Kingdom, Singapore, and Hong Kong are also contributing to defining the international regulatory landscape.

Since illicit proceeds in cryptocurrencies often end up on centralized exchanges, strong regulations for VASPs (or CASPs) are essential in the fight against financial crimes. Although comprehensive regulatory frameworks focused on the conduct of crypto operators are still rare, AML/CFT-oriented regulations – including KYC obligations and the so-called travel rule – are increasingly widespread, leading to more effective law enforcement and strengthened international cooperation among authorities.

The seizures of 2024 confirm a shift in the strategy of law enforcement: the focus is now on the economic infrastructure that fuels crypto crime, rather than on the individual subjects involved. Thanks to these successes, more and more governments are considering tightening the rules for VASPs, making it even more difficult for illicit funds to transit and improving the effectiveness of countermeasures.

The most effective strategies against crime related to cryptocurrencies combine regulatory clarity, competent authorities, advanced blockchain analysis tools, and strong international collaboration.

7. The dark web remains a critical point for the illicit use of cryptocurrencies. Have you observed changes in the usage patterns compared to past years?

In recent times, a decline in the revenues of darknet markets and fraud shops has been observed, probably due to increased pressure from law enforcement. However, this does not mean that criminals are taking a step back: they are evolving their tactics, modifying the ways in which they cash out and store funds on-chain, in an attempt to evade controls and avoid detection.

8. What is the role of privacy coins in the landscape of crypto crime? Are they still widely used or are they losing relevance?

Privacy coins like Monero are still used in darknet markets, but they are no longer as dominant as they once were. It seems that criminals are increasingly turning towards stablecoins for illicit transactions. This is a significant change because the latter are generally considered more regulated and traceable, but they also offer greater liquidity and stability, making them more suitable for moving large sums of money without the same volatility risks as other cryptocurrencies.

9. Looking to the future, which innovations in blockchain analytics could help combat crime in the crypto sector?

Predictive security models represent one of the most promising innovations. Companies like Hexagate are already using artificial intelligence to identify suspicious transactions before an attack occurs, marking a significant advancement in terms of security. The ability to anticipate and block threats before they materialize could truly represent a turning point for the entire sector.

10. If you had to give advice to those operating in the sector (investors, companies, institutions), what would be the most urgent measure to adopt to improve security?

Despite the recent slowdown in the cryptocurrency market, opportunities for malicious actors remain numerous, continuing to expose both developers and end users to significant risks — as demonstrated by the attack on Bybit. However, a distinctive element of the blockchain ecosystem is its structural transparency, which constitutes a strategic advantage in terms of security.

The public and immutable nature of on-chain transactions indeed allows regulatory authorities and companies specialized in cybersecurity to monitor, track, and analyze suspicious operations in real-time, facilitating the identification of illicit patterns and potential culprits. And while criminals refine their techniques, tracking tools and blockchain security solutions are also rapidly evolving.

However, the sector must shift from a reactive to a proactive approach in threat prevention. To effectively tackle these challenges, close collaboration between public and private sectors is essential. Data sharing initiatives, real-time security solutions, advanced tracking tools, and targeted training programs can help industry operators quickly identify and neutralize malicious actors, while simultaneously building the resilience needed to protect digital assets.

Source