Chinese Laundering Networks Now Handle One Fifth of Dirty Crypto

Chinese-language money laundering networks now sit at the center of on-chain crime. New data from Chainalysis’ 2026 Crypto Crime Report and a companion chapter on Chinese money laundering networks show that these groups processed $16.1 billion in crypto laundering volume in 2025, roughly 20% of all known laundering activity. Bloomberg reports the same figures, citing nearly 1,800 active wallets tied into a full-service underground market.

The top-line crypto crime number jumped hard. Chainalysis tracked at least $154 billion flowing into illicit addresses in 2025, up 162% year-on-year, driven by a 694% surge in value sent to sanctioned entities. Illicit flows still sit below 1% of total attributed crypto volume, but the concentration inside a few laundering channels now changes the risk map for exchanges, OTC desks, and stablecoin issuers.

From Telegram side hustle to $16.1B laundromat

In a dedicated analysis of Chinese-language money laundering networks (CMLNs), Chainalysis shows how fast this machinery scaled. The firm estimates that total crypto laundering volume grew from $10 billion in 2020 to more than $82 billion in 2025. Within that pool, CMLNs grabbed roughly a fifth of all known laundering flows last year, handling $16.1 billion, or about $44 million a day, across at least 1,799 wallets linked to six distinct service types.

Those six categories include running-point brokers, money mules, OTC brokers, so-called Black U stablecoin services, gambling insiders, and money movement shops that handle mixing and swapping. According to Chainalysis’ CMLN chapter, inflows to these services since 2020 grew 7,325 times faster than illicit inflows to centralized exchanges and more than 1,800 times faster than inflows to DeFi protocols.

That growth did not happen in isolation. Chainalysis links CMLNs directly to funds from romance scams and investment cons, exchange and DeFi heists, nation-state hacking programs, and sanctions evasion. The firm describes these groups as “full-service criminal enterprises” that move value between scam compounds in Southeast Asia, cyber crews in North Korea, and brokers in Europe and North America.

Nation-states and scam compounds share the same pipes

The nation-state backdrop matters. Chainalysis’ report highlights that DPRK-linked hackers stole about $2 billion in 2025, with the February Bybit exploit alone accounting for nearly $1.5 billion. Those proceeds do not disappear into the void. They feed into the same laundering infrastructure now dominated by CMLNs, alongside funds from pig-butchering operations and ransomware crews.

On the scam side, Chainalysis estimates that scams and fraud pulled in at least $14 billion on-chain in 2025 and projects that figure will clear $17 billion as more addresses are tagged. Its scams chapter connects major pig-butchering and impersonation operations to Chinese-speaking criminal groups running forced-labor compounds in Cambodia, Myanmar and elsewhere, and notes that CMLNs now consistently launder more than 10% of pig-butchering takings.

Huione Group sits at the center of that overlay between physical and on-chain crime. Chainalysis previously flagged Huione’s guarantee platforms as key aggregation hubs for scam money, while the U.S. Treasury’s FinCEN found that Huione laundered at least $4 billion between August 2021 and January 2025. FinCEN first named Huione a financial institution of “primary money laundering concern” in a May 2025 Section 311 notice and then, on October 14, 2025, issued a final rule that cut the group off from the U.S. banking system.

U.S. officials are now widening the aperture beyond one platform. In an August 28, 2025 advisory focused on Chinese money laundering networks, FinCEN warned banks that CMLNs had become a key backbone for Mexican drug cartels and fentanyl supply chains. As Under Secretary John K. Hurley put it in that advisory:

Money laundering networks linked to individual passport holders from the People’s Republic of China enable cartels to poison Americans with fentanyl.

The message for crypto markets is clear. Washington now treats CMLNs as a national security problem, not just a fraud issue.

Stablecoins are the crime rail of choice

Chainalysis’ data confirms a structural shift in what assets criminals prefer. Stablecoins now account for 84% of illicit transaction volume, according to the 2026 report’s introduction, up sharply over the past few years. That mirrors their rising share of legitimate crypto activity but also means most dirty flows now hitch a ride on dollar-linked tokens that sit squarely in regulators’ sights.

The same report points out that the 162% jump in illicit volume is “primarily driven” by sanctioned entities, helped in part by Russia’s A7A5 ruble token, which transacted over $93.3 billion in less than a year. Put together, sanctioned actors, pig-butchering clusters, and CMLNs now rely on highly liquid stablecoin rails that plug into exchanges, OTC desks, and banks worldwide.

Some secondary coverage already rounds that 84% figure up to “almost 90%.” For compliance teams, the exact number matters less than the direction of travel. If your business model touches high-risk P2P corridors or Asia-facing OTC channels, your stablecoin activity is now sitting in the same lanes Chainalysis and FinCEN are mapping in detail.

Why this matters for desks, DeFi, and stablecoin risk

For trading and market-making desks, the immediate risk is not that stablecoin pegs snap, but that counterparties disappear. The Huione case shows how fast a major payment hub can be cut off once Section 311 tools come into play. Chainalysis’ CMLN work notes that guarantee platforms like Huione and Xinbi act as advertising and escrow shells while underlying vendors spread across Telegram and other channels. When one hub falls, liquidity routes shift rather than vanish. That churn raises KYC and sanctions risk for anyone sitting at the other end of those flows.

DeFi exploits now feed into the same story. On January 8, 2026, a bug in Truebit’s Purchase contract allowed attackers to mint free tokens and sell them for roughly $26.6 million, according to post-incident analysis and multiple security reports. Truebit’s team warned users not to touch the affected contract and contacted law enforcement. Incidents like this are exactly the kind of high-value, traceable inflows CMLNs specialize in breaking apart and off-ramping.

The sharper takeaway for crypto-native firms is that the laundering stack has professionalized faster than most compliance programs. You now have industrial-scale Chinese networks handling one in five laundered crypto dollars, nation-states leaning on the same infrastructure, and stablecoins carrying four-fifths of the volume. That is the map regulators are looking at. Trading operations, issuers, and DeFi teams that still treat money laundering risk as a side issue are already behind the curve.