Crypto’s $350 billion shadow war: How sanctioned states and criminal networks exploit digital finance |
A sweeping new study on illicit finance in cryptocurrency markets paints a stark picture of how hostile governments and transnational crime syndicates are leveraging digital assets to evade sanctions, launder billions and fund cyber operations. The report, titled Confronting the Illicit-Finance Hydra in Crypto Markets: Protecting Retail Investors and Disrupting Hostile Government Exploitation, estimates that at least $350 billion has been laundered globally through cryptocurrency between 2005 and 2025 – a figure its author warns is likely only a fraction of the true total.
The research draws on 164 documented money-laundering cases spanning two decades. According to its findings, cryptocurrency has evolved from a niche financial experiment into a powerful parallel financial system – one that sanctioned individuals, terrorist groups and entire governments have increasingly weaponized to sidestep restrictions and move vast sums across borders.
In an interview with the Organized Crime and Corruption Reporting Project, Alexander Browder, founder of the Global Cryptocurrency Laundering Database and author of the report, cautioned that the $350 billion estimate is conservative. The database relies on open-source reporting, court documents and law enforcement announcements. But many illicit schemes, he noted, never surface publicly.
“The database is based on open-sourced reporting of crypto laundering,” Browder said, “but many schemes have never seen the light of day.” In his assessment, the real scale of crypto-enabled money laundering is likely “many multiples” of the documented figure.
The report singles out Russia, North Korea and Iran as particularly prolific in exploiting cryptocurrency markets for sanctions evasion and state revenue generation. These governments, it argues, have not merely tolerated crypto misuse but in some cases systematically incorporated it into their economic survival strategies under international pressure.
In Russia’s case, the report highlights the role of Garantex, a cryptocurrency exchange that allegedly processed more than $100 billion in transactions. According to the findings, 82 percent of Garantex’s total transaction volume was linked to sanctioned entities worldwide. The exchange is described as having functioned as a sanctions-evasion tool by providing services that enabled users to move value beyond the reach of traditional financial oversight.
The concentration of crypto-related money laundering activity in Russia reflects what the report characterizes as a convergence of factors: state support and funding, a large domestic population, and a sophisticated cybercriminal ecosystem. It also notes that the widespread domestic use of cryptocurrency mirrors the country’s broader efforts to mitigate the impact of Western sanctions imposed after geopolitical conflicts.
North Korea presents a different but equally alarming model. Rather than relying primarily on exchanges, Pyongyang has allegedly built an aggressive cybercrime apparatus targeting cryptocurrency platforms and private investors worldwide. The report attributes 19 major hacks to North Korean entities, collectively netting approximately $4.1 billion.
Among those incidents was a February 2025 breach of Bybit, described as the largest cryptocurrency hack to date. Hackers allegedly seized $1.5 billion in digital assets in that operation alone. The scale and sophistication of such attacks underscore how cyber warfare and financial crime have merged in the digital asset ecosystem. For North Korea, whose access to global financial markets is heavily restricted, cryptocurrency theft has reportedly become a vital source of foreign currency.
Iran, meanwhile, has adopted a hybrid strategy, combining state-aligned actors, oil revenue streams and crypto exchanges to bypass trade barriers. The report alleges that two sanctioned individuals – Alireza Derakhshan and Arash Estaki Alivand – generated more than $100 million in profits for Iran through cryptocurrency transactions linked to oil sales. By converting energy exports into digital assets, the network reportedly avoided conventional banking channels subject to monitoring and sanctions enforcement.
The geopolitical dimension intensified after US-Israeli airstrikes on Tehran on February 28. According to blockchain analytics firm Elliptic, crypto outflows from the Iranian exchange Nobitex surged 700 percent in the aftermath, suggesting that users rapidly shifted funds to overseas exchanges in anticipation of further instability or enforcement actions.
While the United States is often portrayed as the principal architect and enforcer of global sanctions regimes, the report presents a more complex reality. The US ranks as the country most affected by crypto-enabled money laundering in documented cases.
Out of 164 cases analyzed, 39 occurred in the United States, accounting for 23.6 percent of the total. The report attributes this to structural factors rather than systemic complicity. As the world’s largest economy and a global financial hub, the United States presents more opportunities for money laundering activity. It also has a higher likelihood that victims -including retail investors and businesses – will be targeted.
Russia ranks second in documented cases, with 19 incidents representing 11.5 percent of the total laundered volume. The United Kingdom joins the United States and Russia among the three most impacted nations.
This dual role – as both enforcer and victim – underscores the inherent paradox of crypto regulation. Democracies with open financial systems provide fertile ground for innovation but also for exploitation. The decentralized architecture of many digital assets complicates jurisdictional enforcement and cross-border investigations.
Perhaps most concerning is the report’s finding that 79 percent of documented cases worldwide have not resulted in convictions. Despite high-profile enforcement actions and increased regulatory scrutiny, the majority of crypto-related money laundering cases remain unresolved or unpunished.
Several factors contribute to this accountability gap. First, cryptocurrency transactions, while traceable on public blockchains, often involve layers of obfuscation such as mixers, privacy coins and cross-chain bridges. Second, perpetrators frequently operate across multiple jurisdictions, exploiting weak regulatory regimes or limited law enforcement capacity. Third, the rapid pace of technological innovation outstrips the ability of regulators and prosecutors to adapt.
The report argues that more vigilant prosecution and stronger international coordination are essential. It also calls for enhanced compliance measures within the crypto industry itself, including stricter know-your-customer (KYC) standards, improved transaction monitoring and more robust cooperation with authorities.
The broader implication of the study is that cryptocurrency has become a new domain of geopolitical competition – a financial battlefield operating in parallel with traditional warfare and diplomacy. For sanctioned states, digital assets offer a partial lifeline. For cybercriminals, they provide a fast, borderless medium for monetizing theft. For regulators, they present a persistent challenge in balancing innovation with security.
The report does not advocate dismantling cryptocurrency markets. Instead, it frames the issue as one of governance and resilience. Retail investors, it warns, remain vulnerable not only to market volatility but also to systemic abuse by hostile actors.
As digital assets continue to integrate into mainstream finance, the stakes are rising. Central banks are exploring digital currencies, institutional investors are expanding their exposure and governments are drafting new regulatory frameworks. Yet the same technology that promises financial inclusion and efficiency also enables shadow networks to flourish.
If the documented $350 billion is merely the visible portion of a much larger problem, the challenge ahead is formidable. Combating crypto-enabled illicit finance will require not only law enforcement action but also international cooperation, technological sophistication and political will.
In the meantime, the shadow war in digital finance continues – largely out of public view but with profound implications for global security, economic stability and the integrity of the financial system.
Please follow Blitz on Google News Channel