A recent report from Global Ledger, a blockchain analytics firm based in Switzerland, has unveiled alarming statistics regarding cybercrime in the cryptocurrency sector. The data indicates that in the first half of 2025, over $3.01 billion was lost to 119 hacks, a figure that has already exceeded the total thefts reported throughout 2024. What is particularly concerning is not just the increasing amount of money stolen, but also the speed at which hackers are able to move and launder the stolen assets.
The report delved into onchain data associated with these breaches, focusing on the rapidity of fund movement through methods such as mixers, bridges, and centralized exchanges. By analyzing the interval from the initial hack to the ultimate laundering endpoint, the findings highlighted that criminals are now able to wash their stolen assets in mere minutes, often before a breach is even made public. Alarmingly, in nearly 23% of the incidents, the laundering process was completed prior to the breach being disclosed.
### Speed of Laundering Raises Concerns
As cybercriminals enhance their tactics, the systems designed to combat money laundering (AML) and monitor virtual asset service providers (VASPs) are struggling to keep pace. In some instances, stolen funds are moved almost instantaneously; the quickest recorded transaction occurred just four seconds after the hack, with the entire laundering process wrapped up in under three minutes. Overall, 31.1% of the laundering activities were finalized within 24 hours, while it took an average of 37 hours for the hacks to be publicly disclosed. This gives attackers a significant advantage, as they typically transfer funds approximately 15 hours after a breach, allowing them a 20-hour head start before victims become aware of the theft.
The report further revealed that in about 68.1% of cases, the stolen funds were already being transferred before the hacks were reported via news outlets, social media, or alert mechanisms. Furthermore, in nearly 22.7% of the instances, the laundering was entirely completed before any form of internal or public notification occurred. As a result, only a mere 4.2% of the misappropriated funds were successfully recovered in the first half of 2025.
### Centralized Exchanges Under Increased Scrutiny
The report also highlighted that 15.1% of all laundered cryptocurrencies in the initial six months of 2025 passed through centralized exchanges (CEXs), which are becoming the primary target for cybercriminals. CEXs accounted for 54.26% of total losses this year, significantly overshadowing losses from token contract exploits (17.2%) and personal wallet breaches (11.67%). Compliance teams at these exchanges often have a narrow window of just 10-15 minutes to halt suspicious transactions before they are irretrievably lost.
As hackers evolve, the traditional ticket-based compliance methods used by many exchanges are proving insufficient. The report advocates for a shift towards real-time, automated monitoring and response systems that can identify and neutralize illicit activities as they occur. With money laundering often completed within minutes, CEXs must develop detection and response mechanisms that can operate at a similar pace.
### Regulatory Changes and Accountability
New regulatory frameworks, such as the Genius Act, signed into law by former US President Donald Trump on July 18, have imposed additional responsibilities on exchanges and VASPs to adhere to more stringent AML standards and expedite their response times.
The ongoing trial of Roman Storm, a developer associated with Tornado Cash, highlights a significant shift in regulatory expectations regarding accountability in the crypto space. Central to the case is whether developers and platforms should be held responsible for preventing illicit activities that they were capable of anticipating. Prosecutors have alleged that Storm could have implemented measures to avert illegal uses of his platform but opted not to do so.
Facing a multitude of charges, including conspiracy to commit money laundering, Storm is accused of facilitating over $1 billion in illicit transactions, some of which are linked to North Korea’s Lazarus Group. A conviction could result in a prison sentence of up to 45 years. The outcome of his trial could set a significant precedent for open-source development and the use of privacy tools, as many fear that prosecuting developers for creating code—especially for decentralized protocols like Tornado Cash—could stifle innovation and threaten the freedom of software development.
