Criminal organizations are increasingly leveraging the decentralized nature of cryptocurrency markets to evade detection by Chinese and international authorities. They utilize digital currencies to launder proceeds from illicit activities such as drug trafficking and illegal gambling. Additionally, they orchestrate investment scams that promise substantial returns, thereby defrauding investors within the cryptocurrency sector.
The Lazarus Group and co-conspirators
A significant example of this is the Lazarus Group, active since at least 2018, and affiliated with North Korea's Reconnaissance General Bureau, which has established itself as a formidable entity in the cybercrime arena. This state-sponsored group is notorious for conducting ransomware attacks, encrypting files, and demanding ransom payments, thereby enabling North Korea to circumvent international sanctions. Notably, in 2020, the group orchestrated a major breach of the KuCoin exchange, resulting in the theft of approximately $275 million in various cryptocurrencies. The stolen assets were laundered through a complex network of wallets and mixers, involving 113 cryptocurrency accounts.
The Lazarus Group, a state-sponsored cybercrime syndicate tied to North Korea’s Reconnaissance General Bureau, has been a dominant force in global cyberattacks since at least 2018. Specializing in ransomware operations, they encrypt files and demand payments, playing a crucial role in North Korea’s efforts to bypass international sanctions.
Among their most infamous exploits was the 2020 KuCoin exchange breach, where they stole approximately $275 million in cryptocurrency. To obscure the funds’ origins, they funneled the stolen assets through a network of 113 crypto accounts and mixing services.
In a more recent and even larger-scale operation, on February 21st, 2025, The Lazarus group executed the largest crypto heist in history, targeting Bybit Exchange and stealing nearly $1.5 billion in digital assets. This attack appears to have been meticulously planned over a long period, utilizing a sophisticated front-end spoofing exploit to bypass security measures. Their relentless assaults on major platforms have led many to believe they are actively undermining the stability of the crypto industry. With an extensive track record of high-profile breaches, Lazarus continues to expand its influence in the cybercriminal underworld.
Lazarus collaborates with other criminal entities, including mixers and governments, complicating efforts to dismantle such operations. An notable example is the Chinese over-the-counter (OTC) trader Yicong Wang has been implicated in assisting the Lazarus Group by converting stolen cryptocurrencies into cash via bank transfers. Operating under aliases such as "Seawang" and "Greatdtrader," Wang facilitated the laundering of over $17 million linked to more than 25 hacks attributed to the Lazarus Group.
The anonymity provided by cryptocurrencies introduces geopolitical risks by creating sanctions gaps due to inadequate regulation. Fueled by cybercrime profits, North Korea's regime has escalated its nuclear weapons testing, highlighting the broader implications of cryptocurrency-related criminal activities.
Since at least 2021, the Russian-speaking cybercrime group known as Crazy Evil has gained prominence in the digital underworld. Their notoriety has surged following the exit scams of two other cybercrime organizations, Markopolo and CryptoLove, which were associated with a ClickFix campaign utilizing fake Google Meet pages in October 2024.
Specializing in redirecting legitimate online traffic to malicious sites, the gang targets digital assets, including non-fungible tokens (NFTs), cryptocurrencies, payment cards, and online banking credentials. Estimates suggest that Crazy Evil has illicitly amassed over $5 million, compromising tens of thousands of devices globally. According to Recorded Future, Crazy Evil employs advanced spear-phishing tactics targeting the cryptocurrency sector. The gang often dedicates days or even weeks to reconnaissance to identify potential victims before initiating their attacks. As Crazy Evil continues to flourish, it is anticipated that other cybercriminal groups will adopt similar strategies, necessitating increased vigilance from security teams to prevent widespread breaches and the erosion of trust in the cryptocurrency, gaming, and software industries.
Chinese criminal organizations have increasingly turned to cryptocurrencies to launder proceeds from activities such as drug trafficking and investment scams. The decentralized nature of digital currencies offers these syndicates a means to obscure the origins of their illicit gains, complicating efforts by authorities to trace and seize assets.
An example from 2024 highlights the growing trend of large-scale fraud and money laundering, such as the £5bn investment scam led by Zhang, also known as Zhimin Qian. Zhang, who defrauded nearly 130,000 investors in China between 2014 and 2017, used Bitcoin in the scheme. She arrived in the UK on a false passport but has since fled, with her whereabouts unknown. While her associate Wen was not involved in the original fraud, he was convicted of money laundering related to the case between 2017 and 2022. This case underscores the increasing global reach of financial fraud and its links to organized crime, much like the ongoing investigations into Su Weiyi and the collapse of Atom Asset Exchange (AAX).
Case studies: Europe, Latin America and South Korean crypto crime gangs
A notable money laundering operation was uncovered involving UK gangs that struggled to offload cash during the COVID-19 lockdown. This network spanned 30 countries, resulting in 84 arrests, including 71 in the UK. Ekaterina Zhdanova, the head of a Moscow-based cryptocurrency network called Smart, was identified as a key figure in this operation and was previously sanctioned by US authorities for allegedly facilitating financial transactions for Russian elites.
Across Latin America, transnational criminal organizations are capitalizing on weaknesses in regional financial regulations by shifting portions of their assets into cryptocurrencies. Groups such as the Jalisco New Generation Cartel (CJNG), the Sinaloa Cartel, and MS-13 are increasingly attracted to the anonymity and lack of oversight provided by digital currencies. Although the recent decline in cryptocurrency values may temporarily slow this trend, it is expected to continue growing as prices stabilize. Opportunities for criminal use of crypto have significantly increased in the past few years; a growing number of high-corruption governments, which also act as money laundering havens, are actively courting unvetted crypto investors with purposeful deregulation and opacity. This environment facilitates the transfer of illicit funds into cryptocurrencies, thereby avoiding detection and asset seizures. A growing number of countries overwhelmed by endemic corruption, weak or non-existent regulatory infrastructure, and deliberately opaque crypto policies help create an exceptionally fertile environment for this growth.
The decentralized and pseudonymous nature of cryptocurrencies presents significant challenges for regulators and law enforcement agencies. The lack of centralized oversight and the ability to conduct transactions without revealing identities complicate efforts to trace and seize illicit funds. Additionally, the high volatility of digital currencies can be both an advantage and a risk for criminals, influencing their strategies in using cryptocurrencies for money laundering.
In Germany, law enforcement agencies have seized 47 cryptocurrency exchange services operating within the country that facilitated illegal money laundering activities for cybercriminals, including ransomware gangs. These platforms enabled users to exchange cryptocurrencies without adhering to KYC regulations, allowing for complete anonymity during transactions. This environment provided cybercriminals with a low-risk avenue to launder illicit proceeds without fear of prosecution or detection. The Federal Criminal Police Office (BKA) emphasised that exchange services facilitating anonymous financial transactions are critical components in the criminal value chain of cybercrime.
In South Korea, prosecutors have established a special "crypto crime unit" dedicated to combating organized crypto criminal gangs, including coin price manipulators, scammers, hackers, and fraudsters. Initially formed as a temporary task force in July 2023, the unit has been formalized into a permanent organization. This initiative reflects the escalating prevalence of crypto-related crimes and the necessity for specialized units to address these challenges effectively.
Producing a solution:
The exploitation of cryptocurrencies by transnational criminal organizations represents a significant challenge for global law enforcement. Addressing this issue requires a multifaceted approach, including robust regulatory frameworks, international cooperation, public education, and technological advancements to effectively combat the misuse of digital currencies in criminal enterprises.
Crypto Crime Gangs FAQs:
Q: How do criminal organizations use cryptocurrency to launder money?
Criminals use cryptocurrencies to hide illicit funds from activities like drug trafficking and gambling, taking advantage of the decentralized nature to evade detection by authorities.
Q: What risks are involved in cryptocurrency investment scams?
Q: How does transaction monitoring help detect cryptocurrency-related crimes?
While we strive for accuracy in our content, we acknowledge that errors may occur. If you find any mistakes, please reach out to us at contact@nominis.io Your feedback is appreciated!