An ambitious new cross-border investigation from the International Consortium of Investigative Journalists, The New York Times and 36 partner outlets (dubbed Coin Laundry) alleges that at least $28 billion in suspect crypto has coursed through major exchanges between mid-2023 and mid-2025, despite headline-grabbing enforcement actions and lavish compliance rebrands. The report argues that illicit flows are not a fringe problem but a structural feature of centralised crypto finance.
A $28 Billion Shadow Ledger
The number is designed to sting: more than $28 billion in crypto linked to hacks, scams and laundering networks hitting centralised exchanges over just two years.
That figure is, in all likelihood, conservative. Investigators stitched it together from tens of thousands of on-chain transactions, analytics from firms such as Chainalysis, Arkham Intelligence and Tronscan, public records, and victim interviews. It excludes the funds that vanished into genuinely anonymised pockets of the ecosystem, untagged wallets, poorly instrumented chains, and privacy tools that break the visible trail.
Underneath the headline is a familiar cast of villains:
- State-sponsored hacks. North Korea’s Lazarus Group sits at the top of the table, with the February 2025 Bybit exploit alone draining roughly $1.5 billion in Ether. According to the investigation, the attackers then hopped across a privacy-focused cross-chain protocol, swapped into Bitcoin and pushed some $900 million towards five deposit accounts on Binance over ten days.
- Pig-butchering and romance fraud. The FBI estimates that Americans lost $5.8 billion to these schemes in 2024; chain forensics suggest roughly $4 billion of that ultimately landed on mainstream exchanges. The report spotlights victims in the US, Canada and Japan whose funds were traced to large platforms, often flagged internally, rarely frozen in time to matter.
- Professional laundering hubs. The Huione Group in Cambodia, described by the US Treasury as a “critical node” for cyber scams, allegedly sent hundreds of millions of dollars in USDT through Binance and OKX even after sanctions and public blacklisting. Russian-speaking networks tied to ransomware, darknet markets and drugs sales, along with Mexican cartel intermediaries, also feature in the flows.
- Cash-for-crypto desks. Unregulated OTC shops in Hong Kong, Kyiv and parts of Eastern Europe converted billions in digital assets into physical cash without meaningful identification checks, before routing more than half a billion dollars back into the large exchanges.
Inside the Coin Laundry Machinery
The investigation’s core argument is simple: blockchains are transparent; exits are not. At its core, the Coin Laundry is a story about off-ramps, not on-ramps.
The mechanics follow a familiar pattern. Stolen or fraud-tainted funds are broken up, hopped across networks, pushed through mixers or swapping protocols, and occasionally parked in DeFi to earn yield while tempers cool. By the time they re-emerge on a major exchange, they look like just another flow in a sea of stablecoin arbitrage and retail trading.
From there, the report describes three main pathways:
- Straight cash-out. Fiat withdrawals via banks and payment processors in multiple jurisdictions, justified as trading profits.
- Re-routing. Moving funds through multiple exchanges to exploit inconsistent controls, local KYC gaps or weak correspondent-banking oversight.
- Recycling into new crime. Converting into stablecoins or liquid majors to fund fresh scams, malware campaigns or synthetic identities.
On-paper compliance is rarely the issue. Exchanges point to politically exposed-person screening, transaction-monitoring vendors and case-management systems. What the investigation highlights instead is the tension between volume and vigilance: on a venue processing trillions a year, the marginal trade (and its fee) usually wins.
Exchanges as Off-Ramps, Not Bystanders
The report is unsparing about the role of specific platforms without pretending that any single exchange “is” the problem. Binance, OKX, Bybit and others are cast as systematic chokepoints in the laundering stack, not passive utilities that criminals merely pass through.
Binance, which already paid a multibillion-dollar penalty in 2023 for historic anti-money-laundering failures, is alleged to have received hundreds of millions of dollars from sanctioned or high-risk entities even after promising regulators a cultural reset. OKX, fresh off its own settlement in early 2025, is said to have continued handling flows linked to the Huione network months after US authorities effectively banned dealings with the group.
Compliance teams and former staff quoted in the investigation describe alert queues that grow faster than human reviewers can keep up, incentives geared around market-share and liquidity, and a constant temptation to rely on third-party screening tools as a kind of liability shield. As one blockchain analyst quoted in the piece notes, even an average-quality tool should have caught some of the patterns in play.
Crypto Capital Meets Compliance
Overlaying all this is a sharply political backdrop. The report situates its findings in an era where the White House talks up American leadership in digital assets while quietly dialling down pressure on some of the industry’s largest players.
According to the investigation, a dedicated crypto-crime team at the Department of Justice has been wound down, high-profile probes into several US-facing exchanges have been narrowed or shelved, and a new “crypto capital” narrative has emerged from the administration’s allies. Deals between senior industry figures and politically connected fintech projects add to the sense of blurred lines between policymaking and platform interests.
Experts interviewed by ICIJ are blunt: if you derive a meaningful share of revenue from flows that are, or should be, flagged as suspicious, you have a built-in incentive to treat AML controls as a speed bump rather than a hard stop. One academic quoted in the story describes this as “crime-adjacent revenue”: money that is attractive precisely because nobody asks too many questions about its origin.
Users and Regulators
Centralised exchanges remain the easiest bridge between self-custodied crypto and the fiat world, but they also appear (at least in this reporting) to be the preferred escape route for hackers, scammers and professional launderers. That raises obvious questions about who ends up bearing the cost when things go wrong: victims with no recourse, counterparties whose deposits share order books with dirty flows, or taxpayers who fund whatever enforcement capacity remains.
For regulators, it underlines that box-ticking KYC and sporadic headline fines are not enough to meaningfully reduce criminal throughput. It also points towards more structural levers: better data-sharing between jurisdictions, tougher expectations around tracing funds back to source rather than just screening at the point of deposit, and real consequences for platforms that repeatedly surface in major cases.
As long as exchanges are rewarded primarily for volume, not for weeding out toxic flow, criminals will continue to treat them as the most efficient exit from the on-chain world.
Disclaimer
This article is for information only and reflects publicly reported allegations. It is not investment, legal or tax advice.
