TL;DR:
- Hackers doubled their fund-laundering speed in 2025, moving assets twice as fast in the second half of the year.
- According to Global Ledger, 42% of exploits used Tornado Cash and over $732M was laundered through DeFi in the second half alone.
- Ethereum recorded 60% of global losses, with $2.44 billion stolen, due to its unmatched available liquidity.
The most recent report from Swiss blockchain analytics firm Global Ledger revealed that hackers modified their operational techniques throughout 2025, doubling the speed at which they move and conceal stolen funds following an exploit. The study, based on 255 reported incidents with total losses of $4.4 billion, provides a more detailed picture of the evolution of crypto asset laundering.
One of the most striking findings is the attackers’ reaction speed: in some cases, the first fund movement occurred just two seconds after the exploit. In 76% of cases, hackers managed to move, fragment, or partially launder funds before the attack was detected and publicly reported. However, the average time to complete the laundering process was 10.6 days in the second half, compared to eight days in the first, suggesting that greater operational complexity slightly slowed the closing of the cycle.
Stolen Funds by Hackers Flee Through the DeFi Market
The most significant shift in laundering techniques was the abandonment of centralized exchanges as the primary route, replaced by the DeFi ecosystem. In the second half of 2025, more than $732 million was laundered through decentralized protocols, compared to $170 million in the first half, a 4.3-fold increase. Mixers remain the most widely used channel, with Tornado Cash present in 42% of the surveyed exploits.
Cross-chain bridges also played a central role. Nearly half of the stolen funds, around $2.01 billion, were routed through bridges, more than triple the amount that passed through mixers. Their primary function was chain-hopping to obscure the origin of assets and access Ethereum’s liquidity.
Ethereum Remains the Primary Target
Lex Fisun, CEO and co-founder of Global Ledger, explained that the concentration of losses on Ethereum does not stem from specific technical vulnerabilities, but from the available liquidity. “If you’re building on Ethereum with high liquidity, you’re the default target for hackers,” Fisun stated. Ethereum accumulated $2.44 billion in losses, equivalent to 60% of the total.
Fisun also noted that manual fund tracing is no longer sufficient to keep pace with the current speed of attacks. The solution, according to the executive, lies in the implementation of real-time on-chain monitoring capable of detecting anomalies at the exact moment they occur, before funds are moved beyond the reach of any intervention.
