TL;DR:
- Hackers doubled their fund-laundering speed in 2025, moving assets twice as fast in the second half of the year.
- According to Global Ledger, 42% of exploits used Tornado Cash and over $732M was laundered through DeFi in the second half alone.
- Ethereum recorded 60% of global losses, with $2.44 billion stolen, due to its unmatched available liquidity.
The most recentĀ reportĀ from Swiss blockchain analytics firmĀ Global LedgerĀ revealed thatĀ hackers modified their operational techniques throughout 2025, doubling the speed at which they move and conceal stolen funds following an exploit. The study, based on 255 reported incidents with total losses of $4.4 billion, provides a more detailed picture of the evolution of crypto asset laundering.
One of the most striking findings is the attackers’ reaction speed: in some cases, the first fund movement occurredĀ just two seconds afterĀ the exploit.Ā In 76% of cases, hackers managed to move, fragment, or partially launder funds before the attack was detected and publicly reported. However, the average time to complete the laundering process wasĀ 10.6 daysĀ in the second half, compared to eight days in the first, suggesting that greater operational complexity slightly slowed the closing of the cycle.
Stolen Funds by Hackers Flee Through the DeFi Market
The most significant shift in laundering techniques was theĀ abandonment of centralized exchangesĀ as the primary route, replaced by theĀ DeFiĀ ecosystem. In the second half of 2025, more thanĀ $732 millionĀ was laundered through decentralized protocols, compared toĀ $170 millionĀ in the first half, a 4.3-fold increase.Ā Mixers remain the most widely used channel, withĀ Tornado CashĀ present in 42% of the surveyed exploits.
Cross-chain bridges also played a central role.Ā Nearly half of the stolen funds, around $2.01 billion, were routed through bridges, more than triple the amount that passed through mixers. Their primary function wasĀ chain-hoppingĀ to obscure the origin of assets and access Ethereum’s liquidity.
Ethereum Remains the Primary Target
Lex Fisun, CEO and co-founder of Global Ledger, explained that the concentration of losses on EthereumĀ does not stem from specific technical vulnerabilities, but from the available liquidity. “If you’re building on Ethereum with high liquidity, you’re the default target for hackers,” Fisun stated.Ā Ethereum accumulated $2.44 billion in losses, equivalent to 60% of the total.
Fisun also noted that manual fund tracing is no longer sufficient to keep pace with the current speed of attacks. The solution, according to the executive, lies inĀ the implementation of real-time on-chain monitoring capable of detecting anomalies at the exact moment they occur, before funds are moved beyond the reach of any intervention.
