Illicit cryptocurrency activity surged to an unprecedented $158 billion in 2025, marking a staggering 145% increase from the previous year, according to a new report from blockchain intelligence firm TRM Labs. This record-breaking volume reverses a multi-year trend of declining crypto crime figures.
The dramatic surge was largely driven by the rise of A7A5, a Russian ruble-pegged stablecoin specifically designed for sanctions evasion. TRM Labs' data reveals that A7A5 alone was associated with over $72 billion—or 77%—of all illicit stablecoin activity in 2025. This represents a major shift from previous years, where dollar-pegged stablecoins like Tether's USDT were the primary vehicles for illicit finance.
"A7A5 shows how pressure creates specialization, and how bad actors will build new rails when old ones become harder to use," said Ari Redbord, a former U.S. Treasury official and TRM's global head of policy. He described A7A5 as "arguably the biggest crypto crime story of the year" because it was not designed for global use but rather to "move value where mainstream channels were being shut off."
The report highlights a critical paradox: while the absolute volume of illicit activity skyrocketed, the share of illicit transactions as a percentage of total crypto volume continued to fall to approximately 1.2%. This indicates that legitimate adoption is growing at an even faster rate than criminal misuse.
Geopolitical tensions are a primary driver. The report details a troubling shift from opportunistic criminal groups to the systematic institutionalization of crypto crime by state actors under international sanctions. While Russia-linked networks remained prominent, nations like Venezuela and China have also moved towards using cryptocurrency-based mechanisms to circumvent global financial systems.
TRM's data shows a clear migration of illicit flows away from regulated platforms. In 2025, stablecoin flows to sanctioned entities decreased by nearly 30% on crypto exchanges with KYC protocols, but skyrocketed by over 200% on decentralized services and exchanges lacking KYC standards.
In other sanctioned nations, Tether remained dominant. Venezuela's illicit activity heavily involved USDT, while Iran's was "overwhelmingly" concentrated in Tether transactions on the Tron network.
