A new report by the Swiss Blockchain Global Ledger analysis company reveals that more than $ 3.01 billion was stolen from 119 crypto hacks in the first half of 2025, exceeding the total of 2024. Even more alarming is a trend beyond the growing volume: speed.
The report analyzed onchain data linked to each feat and followed the speed with which the attackers moved the funds through mixers, bridges and centralized exchanges. By mapping the time between the initial incident and the final criterion of the final laundering, the researchers have found that laundering is now occurring in a few minutes, often before a hack is even disclosed.
According to the report, laundering was fully completed before the violation became public in almost 23% of cases. In many others, the stolen funds were already in motion when the victims realized what had happened. In such cases, when hacking is reported, it can be too late.
In relation: Logan Paul cannot blame the co-founders of Cryptozoo to collapse, says judge
How fast is it?
While hackers become faster and more competent in laundering stolen cryptography, anti-whipping systems (AML) and virtual active service providers (Vasp) are struggling to follow.
In some cases, whitening occurs almost instantly. In the fastest incident, the funds were moved four seconds after the feat, with complete whitening completed in less than three minutes.
Overall, 31.1% of money laundering was completed within 24 hours, while the public disclosure of hacks took an average of 37 hours. The attackers generally displacing funds 15 hours after a violation, they often have one step ahead of 20 hours before anyone remarks, according to the report.
In nearly 10 out of 10 incidents (68.1%), funds were in motion before hacking was publicly reported by press releases, social media or alert systems. And in almost one in four cases (22.7%), the laundering process was completely completed before any internal or public disclosure.
As a result, only 4.2% of stolen funds were recovered in the first half of 2025.
In relation: Arizona female condemned for helping the coders in North Korea to provide us with cryptography jobs
New regulations, new responsibilities for CEX
The report also revealed that 15.1% of the entire white crypto in the first six months of 2025 went through centralized exchanges (CEX), and that compliance teams often have only 10 to 15 minutes to block suspicious transactions before the funds were lost.
The CEX remains the most targeted entry point for attackers, responsible for 54.26%of the total losses in 2025, much more than the exploits of tokens contracts (17.2%) and the violations of personal portfolios (11.67%).
As pirates improve, the compliance processes based on the tickets that exchanges often use are no longer sufficient. Instead, the report suggests that exchanges must adopt automated surveillance and response systems in real time that detect and stop the illegal activity before the funds are fully whitewashed.
In other words, the speed must be paved with speed. If bleaching is finished in a few minutes, CEXs need detection and response systems that work just as quickly.
New legislations such as the Engineering Act, signed by US President Donald Trump, on July 18, exerted additional pressure on exchanges and other basins to meet the stricter expectations of LMA and faster response requirements.
The trial on the Roman storm highlights increasing expectations: to stop crime before it happens
The current trial of the developer of Tornado Cash Roman Storm underlines a growing change in the way in which regulators consider the responsibility of the crypto. At the heart of the case is the question: should developers and platforms be responsible for not stopping illegal activity that they could have anticipated?
Many believe they should. The American prosecutors said during the trial that “Storm had the capacity to implement controls which could have prevented illegal use, but which chose not to do so”.
Storm faces several accusations, including a conspiracy to commit money laundering. Prosecutors allege that his platform, Tornado Cash, helped facilitate more than a billion dollars in illicit transactions, including funds related to the Lazare group in North Korea. If he is found guilty, he could incur up to 45 years in prison.
The case of Storm could be transformed into a moment of the watershed for open source development and confidentiality tools. Many argue that the pursuit of a developer for code writing, in particular for a decentralized protocol like the Tornado Cash, establishes a dangerous precedent which could cool innovation and undermine the freedom of the software.
Magazine: Coinbase Hack shows that the law will probably not protect you – here is why
