$3B Laundered Faster Than Ever.

A new report from Swiss blockchain analytics company Global Ledger reveals that over $3.01 billion was stolen across 119 crypto hacks in the first half of 2025, surpassing the total for all of 2024. Even more alarming is a trend beyond the rising volume: speed.

The report analyzed onchain data tied to each exploit, and tracked how quickly attackers moved funds through mixers, bridges and centralized exchanges. By mapping the time between the initial incident and the final laundering endpoint, researchers found that laundering now happens in minutes, often before a hack is even disclosed.

According to the report, laundering was fully completed before the breach became public in nearly 23% of cases. In many others, the stolen funds were already in motion when victims realized what had happened. In such cases, by the time a hack is reported, it may be too late.

Related: Logan Paul can’t blame CryptoZoo co-founders for collapse, judge says

How fast is fast?

As hackers get faster and more proficient at laundering stolen crypto, Anti-Money Laundering (AML) systems and Virtual Asset Service Providers (VASPs) are struggling to keep up.

In some cases, laundering happens almost instantly. In the fastest incident, funds were moved four seconds after the exploit, with full laundering completed in under three minutes.

Overall, 31.1% of laundering was completed within 24 hours, while public disclosure of hacks took an average of 37 hours. With attackers typically moving funds 15 hours after a breach, they often have a 20-hour head start before anyone notices, according to the report.

In nearly seven in 10 incidents (68.1%), funds were in motion before the hack was publicly reported through press releases, social media or alert systems. And in nearly one in four cases (22.7%), the laundering process was fully completed before any internal or public disclosure.

As a result, only 4.2% of stolen funds were recovered in the first half of 2025.

Related: Arizona woman sentenced for helping North Korea coders get US crypto jobs

New regulations, new responsibilities for CEXs

The report also revealed that 15.1% of all laundered crypto in the first six months of 2025 passed through centralized exchanges (CEXs), and that compliance teams often have just 10–15 minutes to block suspicious transactions before funds are lost.

CEXs remain the most targeted entry point for attackers, responsible for 54.26% of total losses in 2025, far more than token contract exploits (17.2%) and personal wallet breaches (11.67%).

As hackers improve, ticket-based compliance processes that exchanges often use are no longer sufficient. Instead, the report suggests that exchanges must adopt real-time, automated monitoring and response systems that detect and stop illicit activity before funds are fully laundered.

In other words, speed must be matched with speed. If laundering is complete within minutes, CEXs need detection and response systems that operate just as fast.

New legislation such as the Genius Act, signed into law by US President Donald Trump on July 18, put further pressure on exchanges and other VASPS to abide by stricter AML expectations and faster response requirements.

Roman Storm trial highlights growing expectation: stop crime before it happens

The ongoing trial of Tornado Cash developer Roman Storm underscores a growing shift in how regulators view responsibility in crypto. At the heart of the case is the question: Should developers and platforms be held accountable for not stopping illicit activity they could have anticipated?

Many believe they should. US prosecutors said during the trial that “Storm had the ability to implement controls that could have prevented illicit use, but chose not to.”

Storm is facing several charges, one of which is conspiracy to commit money laundering. Prosecutors allege that his platform, Tornado Cash, helped facilitate over $1 billion in illicit transactions, including funds linked to North Korea’s Lazarus Group. If convicted, he could face up to 45 years in prison.

Storm’s case could turn into a watershed moment for open-source development and privacy tools. Many argue that prosecuting a developer for writing code, particularly for a decentralized protocol like Tornado Cash, sets a dangerous precedent that could chill innovation and undermine software freedom.

Magazine: Coinbase hack shows the law probably won’t protect you — Here’s why