- Chainalysis recorded $154 billion in illicit inflows, largely driven by sanctioned entities.
- Russia’s ruble-backed A7A5 token processed more than $93.3 billion in transactions within a year.
- Illegal transactions remain under 1% of total on-chain activity despite rapid growth.
Illicit cryptocurrency activity surged in 2025—not because of a sudden spike in everyday crypto crime, but due to a structural shift in how sanctioned states and entities move funds. As global financial restrictions expanded, blockchain networks increasingly became an alternative channel for cross-border transfers that are harder to block or monitor through traditional systems.
A new report from Chainalysis shows this change is reshaping the form, scale, and participants in the illicit crypto ecosystem. According to the analysis, illicit crypto addresses received at least $154 billion in 2025, a 162% increase from $59 billion in 2024. Chainalysis attributes much of this growth to sanctioned actors moving funds on-chain at scale.
Although illicit activity still accounts for less than 1% of total crypto transactions, the rapid expansion highlights how sanctions policy is influencing blockchain usage in ways not seen in prior years.
Sanctions driving on-chain activity
Chainalysis characterized 2025 as a turning point, marked by unprecedented volumes tied to the behavior of nation-states. Unlike earlier phases dominated by hacks, fraud, and darknet markets, recent activity shows higher levels of coordination and technical sophistication. This reflects growing familiarity with blockchain tools among sanctioned actors who face restricted access to the global banking system.
The scope of sanctions worldwide has increased significantly. The Global Sanctions Inflation Index estimated in May that nearly 80,000 individuals and entities are currently under sanctions. Separate research from the Center for a New American Security found that the U.S. added 3,135 entities to its list of specially designated nationals and blocked persons in 2024—the highest annual total on record. This expanding sanctions environment has increased incentives to seek alternative settlement systems.
Russia’s growing role
One of the most notable contributors to the rise in illicit crypto flows was Russia, which has been subject to extensive international sanctions since the invasion of Ukraine. In February 2025, Russia launched a ruble-backed digital token known as A7A5. Chainalysis reports that the token processed more than $93.3 billion in transactions in less than a year. The use of a state-linked token illustrates how sanctioned governments are experimenting with blockchain-based instruments to maintain trade and financial connections.
This approach differs from prior crypto use patterns, where states were more often indirect recipients within illicit networks rather than active participants in token-based systems.
Stablecoins take center stage
Stablecoins played a dominant role in illicit crypto activity throughout 2025, accounting for 84% of total illicit transaction volume. Chainalysis links this to their price stability, high liquidity, and ease of cross-border transfers. The same features that support legitimate payments and remittances have also made stablecoins attractive to sanctioned users seeking predictable settlement.
The growing reliance on stablecoins signals a shift away from volatile assets for illicit transfers. Rather than speculative trading, the focus has moved toward efficiency, reliability, and scale—especially for large-value transactions involving sanctioned entities.
Crime still a small share
Despite record illicit volumes, Chainalysis emphasized that criminal activity remains a small fraction of the broader crypto economy. Overall on-chain activity expanded substantially during the year, keeping illicit transactions under 1% of total volume even as their absolute value rose sharply.
Other forms of crypto-related crime continued alongside sanctions-driven flows. Blockchain security firm PeckShield documented more than 20 major exploits in December, including address-poisoning scams and private key leaks that led to losses in the tens of millions of dollars.