As cryptocurrency and digital assets go mainstream, it’s vital they don’t get dragged into the mire.

But an investigation shows that funds from scammers, hacking syndicates and transnational criminal groups continue flowing into major crypto exchanges — raising questions about enforcement, regulation and the future integrity of the global financial system.

Sector in the spotlight

President Trump has launched his own cryptocurrency venture and promised to make the United States the world’s “crypto capital.” As he promotes digital assets, crypto companies have worked to portray themselves as secure, reliable institutions. Major corporations — from Wall Street banking giants to global e-commerce platforms — now integrate crypto payments or blockchain technology into their business models.

However, an investigation by the International Consortium of Investigative Journalists, The New York Times, and 36 partner newsrooms reveals that beneath the surface of growing legitimacy, at least $28 billion linked to illicit activity has reached crypto exchanges over the last two years. This influx underscores how deeply cybercrime has penetrated the digital-asset economy.

The funds originated with hackers, extortionists, online scam operations and state-linked cybercriminal groups in countries such as North Korea, according to blockchain analysis. Over and over, these actors funneled money into some of the world’s largest exchanges — platforms designed to convert traditional currency into digital coins.

Among those exchanges was Binance, the largest globally, which entered into a $2 billion business agreement with Trump’s crypto firm in May. At least eight other significant exchanges also received criminally linked funds, including OKX, a global platform expanding in the United States.

“Law enforcement can’t cope with the overwhelming amount of illicit activity in the space,” said Julia Hardy, co-founder of the crypto investigations firm zeroShadow. “It can’t go on like this.”

From niche to nation-state target

In crypto’s early years, anonymity and speed made Bitcoin and other digital coins attractive to drug traffickers and dark-web vendors. Over time, the sector professionalized, and daily legitimate crypto transactions climbed into the tens of billions. Exchanges pledged to strengthen fraud detection and restrict illicit behavior.

Yet cracks persisted. Binance pleaded guilty in 2023 to money-laundering violations for failing to stop transactions tied to terrorist groups including Hamas and Al Qaeda, ultimately paying a $4.3 billion penalty. The company insisted afterward that the industry was “an extremely unwelcoming place to bad actors.”

Still, as the Trump administration rolled back regulatory enforcement and softened oversight, crypto’s vulnerabilities widened. The Justice Department disbanded a key crypto enforcement unit in April, instructing prosecutors to focus narrowly on terrorists and drug traffickers while avoiding cases that scrutinized the platforms themselves.

Against that backdrop, criminal money continued to flow into the system in vast quantities.

What the investigation found

The Times and ICIJ analysis, bolstered by public records and work with blockchain forensic experts, revealed major flows of illicit funds:

• Binance received more than $400 million from wallets tied to Huione Group, a Cambodian conglomerate flagged by the U.S. Treasury for criminal operations.
• Another $900 million was funneled into Binance accounts from a service used by North Korean hackers to launder stolen crypto.
• OKX received over $220 million from Huione in the months following its own $504 million U.S. government settlement.
• Exchanges worldwide took in at least $4 billion linked to scams last year. Victims interviewed by reporters saw their stolen funds land on platforms including Binance, OKX, Bybit, and HTX.
• More than $500 million reached major exchanges through crypto-to-cash operations, which often allow anonymous conversion of digital coins into physical currency — a major money-laundering weak point.

Exchanges defend their current safeguards. Binance said “security and compliance stand as utmost pillars,” while OKX described extensive cooperation with law enforcement.

However, exchanges benefit financially from high trading volume. As University of Texas expert John Griffin put it, “If they kick criminal actors off the platform, then that’s a big revenue source that they lose.”

North Korea’s mega-hack

In February, the Lazarus Group — North Korea’s elite hacking syndicate — stole $1.5 billion in crypto from Bybit in what became the largest such theft in history. The hackers quickly used a crypto-swapping service to exchange Ether for Bitcoin.

ChainArgos, a tracking firm, linked a parallel spike of $900 million in Ether entering five Binance deposit accounts during the same period. While the funds may have changed hands before reaching Binance, the pattern strongly aligned with the laundering route.

“Even a bad — maybe even defective — screening tool would spot that,” said ChainArgos chief executive Jonathan Reiter. Binance did not address the specific transfers but cited its multilayered compliance framework.

Victims and vulnerabilities

Crypto investment fraud inflicted $5.8 billion in losses last year, according to the F.B.I. One Minnesota father lost $1.5 million after being lured into a fraudulent investment scheme. More than $500,000 of his stolen funds ultimately landed on major exchanges.

Binance records obtained via subpoena showed accounts linked to individuals in China and Myanmar who appeared to be “money mules” — their identities likely stolen or coerced.

Another victim, 58-year-old Carrissa Weber in Canada, lost her life savings — over $25,000 — to a scammer pretending to be a tech entrepreneur. Her funds flowed into OKX, which did not freeze the associated accounts until months later.

Crypto for cash

In Kyiv, Ukraine, a reporter visited a crypto-to-cash storefront hidden behind a deli. After sending $1,200 in crypto via Telegram, the reporter received cash within minutes — no questions, no receipt, no record. The Telegram chat disappeared instantly.

These services, common across Asia and Eastern Europe, allow customers to exchange large sums of digital currency for cash with little to no identity checks. In Hong Kong alone, such desks handled more than $2.5 billion in 2024.

Richard Sanders, a forensic crypto tracer, warned that these operations can “enable an almost endless volume of financial crime.”

Crystal Intelligence, a blockchain analytics firm, found that Binance, OKX, and Bybit collectively received over $500 million from these desks last year. Not all users are criminals, but the anonymity creates fertile ground for laundering.

In Dubai, a reporter observed a customer trade $6,000 in crypto for Emirati cash in a high-rise office. The desk’s wallet received over $2 million in two weeks, including $303,000 that originated from Binance.

The investigation’s report ended there, but the issue of dirty money in the crypto industry is far from over.

Europol revealed a sweeping international operation that dismantled critical infrastructure supporting several of the world’s most pervasive cybercriminal tools.