TL;DR
- Nation-states are increasingly using crypto, with some to evade sanctions and fund weapons programs, while others use it for transparency and modern payments.
- North Korea is a top offender, stealing over $2B in crypto in 2025, often routing funds through mixers and OTC desks.
- Crypto forensics and compliance teams are developing tools to track these flows across chains and new technologies.
TRM Labs reports that nation-states now use cryptocurrencies as instruments of power. Some administrations exploit borderless rails to bypass sanctions and hide financial activity. Others deploy blockchain for transparency, tax control, and modernized payments. The core driver remains simple: value moves across borders without banks, SWIFT, or correspondent networks, and money can settle at any hour.
State-linked operators route funds through DEXs, cross-chain bridges, mixers, and OTC desks. Networks split flows, recombine balances, and rotate venues to exhaust analytics teams. Compliance groups respond with address screening, heuristics for peel chains, and risk scoring for wallets, but adversaries update tactics quickly.
Governments arenāt just watching #crypto ā theyāre using it. TRM unpacks how nation-states operationalize blockchain in sanctions evasion, ransomware, and more. šhttps://t.co/pYiHN0Th90 pic.twitter.com/hql0eJNoru
— TRM Labs (@trmlabs) January 2, 2026
An on-chain contest with real-world stakes
The sharpest example comes from North Korea. Government cyber units target exchanges, DeFi protocols, and liquidity bridges, draining treasuries and hot wallets during liquidity gaps. TRM Labs ties portions of proceeds to nuclear and ballistic missile programs, raising geopolitical risk for markets that touch contaminated flows. Routing patterns often include swaps into stablecoins, followed by cash-outs through converters with weaker KYC/AML controls.
Fresh numbers add weight. Chainalysis estimates at least $2.02 billion in crypto theft during 2025 by North Korean actors, a 51% jump from the prior year, despite fewer incidents. Larger hauls per breach, plus deeper operational planning, help explain the total. For exchanges, custodians, and brokers, exposure now carries legal, reputational, and liquidity risk.
Not every government leans into covert finance
Treasury and central-bank teams in multiple jurisdictions test on-chain payments with verified identities, audit trails, and rules that mirror traditional finance. Goals include faster settlement, financial inclusion, and automated reporting. Friction appears when sanctioned regimes copy similar tooling and redirect it toward evasion, forcing policymakers to tighten travel-rule enforcement and broaden blocklists.
Task forces coordinate seizures, add designations, and demand stronger controls from fiat on-ramps, stablecoin issuers, custodians, and VASP networks. Forensics groups extend analytics to rollups, account-abstraction flows, gas-sponsoring wallets, and L2 hops. Liquidity migrates toward venues with clearer compliance, while permissive venues inherit higher shutdown and penalty risk.
