Cybercrime and crypto-enabled financial crime have become deeply interwoven with global geopolitical dynamics, regulatory responses, and the professionalization of illicit actors. From North Korea’s increasingly sophisticated heists to the European Union’s regulatory push via the Anti-Money Laundering Authority (AMLA), 2025 is shaping up to be a pivotal year for threat detection, compliance innovation, and transnational financial enforcement.

Summary

The 2025 crypto crime landscape is increasingly complex and globalized. Cybercriminals, nation-states, and extremist actors are exploiting the cross-border and pseudonymous nature of blockchain-based assets… Centralized exchanges, crypto ATMs, and bridges remain core attack vectors, while North Korea continues to dominate high-end exploits…

The Chainalysis 2025 Crypto Crime Report documents over $40 billion in illicit on-chain flows, with North Korean actors leading a surge in targeted, high-value exploits against centralized exchanges. In parallel, the European Union is mobilizing a regulatory counterforce: the newly established AMLA Work Programme, July 2025 sets forth the EU’s first harmonized supervisory regime over crypto-asset service providers. Warnings from EU authorities (such as Crypto poses money laundering threat to EU – GRIP and EU Sends AML Warning to Crypto Platforms – Digital Watch) underscore the urgency of this pivot.

Meanwhile, the EU’s newly operational Anti-Money Laundering Authority (AMLA) is laying its strategic foundation to harmonize anti-money laundering and combating the financing of terrorism (AML/CFT) supervision across crypto-asset service providers (CASPs).

With the global financial system at an inflection point, the year ahead will test the resilience of enforcement, compliance innovation, and digital deterrence. Centralized exchanges, crypto ATMs, and bridges remain core attack vectors, while North Korea continues to dominate high-end exploits, though activity slowed post-summit with Russia.

Why This Matters

As digital assets grow in economic and geopolitical relevance, their misuse threatens national security, market stability, and civil society.

• The convergence of advanced threat actors, AI-assisted fraud, and jurisdictional arbitrage is challenging existing enforcement regimes.
• AMLA’s operationalization represents Europe’s most ambitious effort to counter this threat, while the U.S. and Asia-Pacific remain in reactive mode.

Key Points

DeFi No Longer the Top Target—Centralized Services Are…notable 2024 hacks included DMM Bitcoin ($305M) and WazirX ($235M), with private key theft as the main vector.

• Illicit Crypto Use Is Surging Despite Overall Drop in Tracked Volumes: Chainalysis notes that the $40.9B figure for 2024 is a lower-bound estimate, likely to be revised upward as more illicit addresses are identified.
• North Korean Threat Actors Are the Dominant Crypto Thieves: DPRK-linked hackers stole $1.34B in 2024, representing 61% of the total crypto stolen that year. Their exploits have become faster, more frequent, and more sophisticated.
• Crypto-Asset Regulation in the EU Becomes Operational with AMLA: As of July 2025, AMLA begins indirect supervision and FIU coordination with a focus on CASPs. It will standardize AML/CFT processes and oversee 23 regulatory measures across risk, supervision, and intelligence.
• AI-Powered Scams Are Rising: “Pig butchering” and sextortion campaigns now leverage AI to defeat KYC and target victims more precisely.
• Crypto ATMs and Mixing Services Are Persistent Gaps: These tools remain critical laundering channels and fraud vectors, especially targeting the elderly and exploited communities.
• DeFi No Longer the Top Target—Centralized Services Are: Notable 2024 hacks included DMM Bitcoin ($305M) and WazirX ($235M), with private key theft as the main vector.

For the full Chainanalysis and AMLA reports, see:

The 2025 Crypto Crime Report (Chainalysis)

• Tracks over $40B in on-chain illicit flows.
• Highlights the growing professionalization of cybercrime.
• North Korean exploits doubled YoY, with geopolitical shifts affecting timelines.
• Stresses that centralized services are now prime hacking targets.
• Identifies predictive modeling and transparency as emerging defenses.

AMLA Work Programme, July 2025 (AMLA)

• Marks the start of AMLA operations under EU Regulation (EU) 2024/1620.
• Prioritizes harmonized AML/CFT oversight across high-risk crypto sectors.
• Establishes supervisory and FIU mandates for 2025-2026.
• Focuses on risk-based approaches, convergence in national supervision, and crypto intelligence.

What Next?

• For AMLA: It must move from operational setup to strategic supervision, with a clear implementation roadmap for 2026-2028. Critical early wins will depend on harmonizing national supervisory practices and deepening cooperation with non-EU partners.
• For Crypto Ecosystem Actors: Exchanges, protocols, and custodians need to integrate predictive intelligence and improve internal controls, especially around private key management and hiring practices.
• For Law Enforcement and Intelligence Agencies: Multilateral threat intelligence sharing, real-time blockchain analytics, and stronger deterrents are essential to counter adversarial actors such as the DPRK.

Recommendations (from the sources on which this Threat Review is based)

1. Strengthen Crypto AML Standards Globally: Support regulatory convergence and AMLA’s leadership in standardizing CASP oversight.
2. Deploy Predictive Cyber Defense: Adopt tools like Hexagate’s ML-based exploit detection across crypto platforms.
3. Address Nation-State Crypto Threats: Treat North Korean and similar crypto attacks as strategic-level threats and expand diplomatic and cyber deterrence mechanisms.
4. Expand AI-KYC Countermeasures: Bolster defenses against AI-powered fraud and impersonation schemes.
5. Support AMLA’s FIU Collaboration Pillar: Encourage the operationalization of its joint analysis, typology tracking, and cross-border typology workstreams.

Further OODA Loop Resources

Crypto

Wall Street Embraces Stablecoin Cryptocurrencies: Is this the future of the global financial infrastructure?

Circle’s recent IPO (and a wave of related filings) mark a turning point in the convergence of traditional finance (TradFi) and digital assets. Is stablecoin now positioned as critical infrastructure for the next era of global capital markets? See Wall Street Embraces Stablecoin Cryptocurrencies: Is this the future of the global financial infrastructure?

The Great Dollar Retreat: Trade Wars, Financial Power, and the Accelerating Case for Cryptocurrency

This OODA Loop Original Analysis provides critical geopolitical and macroeconomic context for a deeper understanding of high-profile crypto IPOs like Circle and Gemini. It outlines how weaponized finance, trade wars, and political instability have weakened confidence in the U.S. dollar, accelerating interest in cryptocurrency and stablecoins as alternative financial infrastructure. This backdrop amplifies the strategic significance of Circle’s IPO and Gemini’s follow-on filing, as both firms aim to institutionalize digital assets during a pivotal shift in global monetary trust. See The Great Dollar Retreat: Trade Wars, Financial Power, and the Accelerating Case for Cryptocurrency.

Cyber

AI as a Defense Multiplier and Attack Amplifier: Strategic Imperatives for 2025

A recent OODA Network monthly meeting underscored the strategic convergence of AI, quantum, and autonomous defense systems, driving both opportunity and risk. Adversarial AI defenses have emerged as a vital area of interest: the AI security landscape is shifting rapidly as AI becomes both a defense multiplier and an attack amplifier, which is where we begin in this post with recent perspectives offered by research from OpenAI Global Affairs and The Institute for AI Policy and Strategy (IAPS).

Cyber Policy Shift: Decentralizing Federal Cybersecurity Responsibilities

The Trump Administration’s Executive Order 14306 marks a strategic pivot in U.S. cybersecurity policy, reducing federal cybersecurity responsibilities in favor of private sector autonomy and amending prior Biden and Obama initiatives focused on centralizing cybersecurity governance. A Congressional Research Service (CRS) report on the EO is our source material for a breakdown of the impact and implications of EO 14306.

Meanwhile, the EU’s newly operational Anti-Money Laundering Authority (AMLA) is laying its strategic foundation to harmonize AML/CFT supervision across crypto-asset service providers (CASPs).