Skip to Content

2025 Crypto Crime Landscape: Record Illegal Flows, Massive Hacks, and AI‑Driven Scams

In 2025 illegal crypto flows hit $158 billion, hacking losses reached $2.87 billion, and AI‑enhanced scams surged. Explore the trends, ransomware shifts, and emerging security measures.
30 January 2026 by
TechStora Editorial Board

Record Illegal Cryptocurrency Flows

TRM Labs reports that illegal cryptocurrency movements reached a historic $158 billion in 2025, reversing a three‑year decline that saw flows fall from $86 billion in 2021 to $64 billion in 2024.

Hacking Incidents and the Biggest Breach

In total, 150 hacking incidents cost the ecosystem $2.87 billion, with the top ten attacks responsible for 81% of the loss.

  • February 2025 – Bybit breach (attributed to North Korean actors) – $1.46 billion stolen.
  • Other high‑impact hacks – collectively accounted for $1.41 billion.

Scam Activity Fueled by AI Tools

Scams remained a dominant threat, siphoning roughly $35 billion in 2025. Investment‑related scams comprised 62% of total illicit inflows, encompassing romance baiting, Ponzi schemes, and fake‑task offers.

TRM Labs observed a marked rise in the organization, professionalism, and outreach of these scams, a shift they link to the adoption of AI‑driven automation and social‑engineering tools.

  • AI‑generated phishing messages.
  • Deep‑fake personas for romance scams.
  • Automated “task” platforms that lure victims with bogus work.

Ransomware‑Linked Crypto Inflows

While ransomware‑related cryptocurrency inflows stayed elevated, they did not match the peaks of earlier years.

Money‑laundering tactics evolved:

  • Mixer usage dropped 37%.
  • Bridge usage and cross‑chain routing surged 66%.

Ecosystem Fragmentation and Technical Shifts

2025 saw unprecedented fragmentation: 161 active ransomware strains and 93 new variants were identified.

These dynamics complicate detection and response, demanding more adaptable security tooling.

Emerging Security Strategies

With the Model Context Protocol (MCP) becoming the de‑facto standard for linking LLMs to tools and data, security teams are accelerating efforts to protect these new services.

Key recommendations include:

  • Redefining permissions for agentic AI to enforce least‑privilege access.
  • Continuous monitoring of stealer logs—one compromised employee download can expose the entire organization.
  • Deploying specialized token‑security solutions and requesting demos to evaluate protection capabilities.