Tag: financial crime

  • TRM Labs hits $1 billion valuation

    TRM Labs hits $1 billion valuation

    Crypto crime fighting has become a big business out of necessity. In 2025, over $3.4 billion in cryptocurrency was stolen. About $1.5 billion was attributed to the February 2025 hack of the Bybit exchange, while hacks targeting individuals also rose to over $700 million. North Korea is responsible for the majority of stolen crypto funds.

    One of the biggest crypto crime-fighting businesses is TRM Labs, which announced on Feb. 4 it had reached unicorn status after raising US$70 million in a Series C funding round. Investors in the round included Galaxy Ventures and a group of existing shareholders, such as Goldman Sachs, Bessemer Venture Partners, DRW Venture Capital (DRW VC), Y Combinator, and Citi Ventures. TRM Labs will use the funding to hire AI researchers and engineers while building out its compliance and investigation tools.

    The San Francisco-based company provides software that tracks cryptocurrency transactions to help financial institutions, law enforcement agencies, and governments detect illicit activities. The startup is known for its blockchain forensics, tools for law enforcement to trace illicit funds, analyze digital asset flow, and link wallet addresses to real-world identities. TRM Labs also maintains a large database of over 2.4 billion labeled addresses tied to illicit activities like ransomware, terrorist financing, and darknet markets.

    TRM Labs has posted 150% annual revenue growth over the past five years. Demand for tools to fight digital asset crime has surged as governments increase oversight of cryptocurrencies.

    Unlike competitors that initially focused only on Bitcoin, TRM Labs made an early strategic decision to track multiple blockchains. This provided a significant advantage as criminal networks expanded their use of diverse tokens and emerging networks.

    An example of TRM Labs’ prowess is its expertise on North Korea’s crypto crime. The company calculates that in 2025, North Korea was linked to more than half of the US$2.7 billion stolen in crypto hacks. Instead of directly cashing out, North Korea has effectively outsourced this process to what investigators refer to as the “Chinese Laundromat,” a sprawling, opaque network of underground bankers, OTC brokers, money transmitters, and trade-based laundering intermediaries. These professional money launderers are mainly Chinese shadow-banking brokers who operate across Southeast Asia, buy hacked crypto at a discount, and offer off-chain settlement—often in Chinese yuan. TRM Labs says they “function as high-volume liquidity engines for North Korea.”

    TRM has also formed partnerships with Tron and Tether to combat illicit activities. This cooperation includes establishing the T3 Financial Crime Unit task force that has frozen over $300 million in tainted assets.

    Roughly 40% of TRM’s clientele is in the private sector, a segment growing as banks and payment firms explore tokenized deposits and assets. Its private sector clients include digital asset heavyweights like USDC issuer Circle and Coinbase, as well as PayPal, Robinhood, Stripe, and Visa.

    In the public sector, clients include the FBI, IRS, and U.S. Secret Service, as well as law enforcement in over 50 countries. TRM’s team also includes former federal investigators.

    While TRM has strong capabilities and a solid client list, it does seem to be leaning a bit hard into AI—perhaps to justify its unicorn status and excite investors. “At TRM, we’re building AI for problems that have real consequences for public safety, financial integrity, and national security,” CEO and co-founder Esteban Castaño said in a news release.

    Just about every financial crime-focused startup out there is either using AI in some way or claiming to do so. That isn’t what makes TRM Labs distinct. Rather, it is the company’s ability to trace illicit crypto activity across 100+ blockchains and turn those insights into actionable intelligence.

    At the same time, we will keep an eye on how TRM Labs’ valuation evolves. One of its chief competitors, Chainalysis, was valued at a whopping US$8.6 billion in 2022 but has since fallen to $1.55 billion.

  • North Korea’s crypto theft reaches new high in 2025

    North Korea’s crypto theft reaches new high in 2025

    Long known for financial crime, North Korea has become the most notorious crypto-pilfering state actor over the past few years. The Hermit Kingdom operates a sophisticated, state-directed cyber apparatus, known largely through groups like the Lazarus Group.

    North Korea steals cryptocurrency for the same reasons it engages in financial crime involving fiat currency: to circumvent severe international sanctions and fund its nuclear weapons and ballistic missile programs.  According to North Korean state media, the country’s leader, Kim Jong Un, on January 3 called for the doubling of production capacity of tactical guided weapons while visiting a munitions factory.

    However, while the United States managed to crack down hard on Pyongyang’s international money laundering in years past—notably with the freezing of North Korean assets at Banco Delta Asia in 2005—North Korea’s crypto crime is harder to fight. Despite some moves by regulators in different jurisdictions to bring crypto out of the shadows, its ecosystem is still largely separate from the mainstream, regulated financial services sector.

    TRM Labs calculates that in 2025, North Korea was linked to more than half of the US$2.7 billion stolen in crypto hacks. Instead of directly cashing out, North Korea has effectively outsourced this process to what investigators refer to as the “Chinese Laundromat,” a sprawling, opaque network of underground bankers, OTC brokers, money transmitters, and trade-based laundering intermediaries.  These professional money launderers are mainly Chinese shadow-banking brokers who operate across Southeast Asia, buy hacked crypto at a discount, and offer off-chain settlement—often in Chinese yuan. TRM Labs says they “function as high-volume liquidity engines for North Korea.”

    These Chinese money launderers wash stolen assets across chains, jurisdictions, and payment rails, ensuring that the funds are thoroughly laundered before entering the formal financial system.  The fusion of state-directed hacking with industrial-scale laundering has positioned North Korea as the dominant high-value attacker in the cryptocurrency realm today.

    North Korea’s biggest crypto hack of 2025 was also the largest such heist in history. In February, the Lazarus Group stole US$1.5 billion from the Dubai-based exchange Bybit. The hackers used a sophisticated supply chain attack. They compromised a developer’s workstation at Safe (formerly Safe{Wallet}), a third-party multi-signature wallet platform used by Bybit.

    The hackers injected malicious JavaScript code into the Safe user interface specifically for Bybit transactions. When Bybit employees signed off on a seemingly routine transaction to move funds from a secure “cold wallet” to a “hot wallet,” the code manipulated the underlying smart contract logic, redirecting approximately 401,000 Ethereum (ETH) tokens to North Korean-controlled addresses instead.

    Although Bybit CEO Ben Zhou assured clients that their funds were secure and that the exchange covered the losses through its own reserves and partner support, the vast majority of the stolen crypto has not been recovered given the hackers’ sophisticated money laundering capabilities. The incident highlighted significant security vulnerabilities in third-party software supply chains and prompted calls for more robust security measures across the cryptocurrency industry.

    Unfortunately, sanctions are not proving to be effective against North Korea’s crypto crime. While sanctions have been placed on specific crypto mixers (services used to obscure transaction origins) like Tornado Cash and Sinbad, North Korean hackers have adapted to use more complex, off-chain laundering infrastructures that are harder to trace.

    Effectively fighting North Korea’s crypto crime requires a multifaceted approach involving enhanced cybersecurity measures, regulatory compliance, and international public-private collaboration. Rapid intelligence sharing between private sector companies (e.g., crypto exchanges, blockchain analytics firms) and law enforcement agencies is paramount for disrupting illicit activities and tracking stolen funds in real time.Additionally, law enforcement capabilities should be enhanced. Countries should establish specialized task forces and permanent divisions within justice departments dedicated to cryptocurrency investigations, ensuring they have the expertise and resources to pursue cybercriminals across borders.

    Long known for financial crime, North Korea has become the most notorious crypto-pilfering state actor over the past few years. The Hermit Kingdom operates a sophisticated, state-directed cyber apparatus, known largely through groups like the Lazarus Group.

    North Korea steals cryptocurrency for the same reasons it engages in financial crime involving fiat currency: to circumvent severe international sanctions and fund its nuclear weapons and ballistic missile programs.  According to North Korean state media, the country’s leader, Kim Jong Un, on January 3 called for the doubling of production capacity of tactical guided weapons while visiting a munitions factory.

    However, while the United States managed to crack down hard on Pyongyang’s international money laundering in years past—notably with the freezing of North Korean assets at Banco Delta Asia in 2005—North Korea’s crypto crime is harder to fight. Despite some moves by regulators in different jurisdictions to bring crypto out of the shadows, its ecosystem is still largely separate from the mainstream, regulated financial services sector.

    TRM Labs calculates that in 2025, North Korea was linked to more than half of the US$2.7 billion stolen in crypto hacks. Instead of directly cashing out, North Korea has effectively outsourced this process to what investigators refer to as the “Chinese Laundromat,” a sprawling, opaque network of underground bankers, OTC brokers, money transmitters, and trade-based laundering intermediaries. These professional money launderers are mainly Chinese shadow-banking brokers who operate across Southeast Asia, buy hacked crypto at a discount, and offer off-chain settlement—often in Chinese yuan. TRM Labs says they “function as high-volume liquidity engines for North Korea.”

    These Chinese money launderers wash stolen assets across chains, jurisdictions, and payment rails, ensuring that the funds are thoroughly laundered before entering the formal financial system.  The fusion of state-directed hacking with industrial-scale laundering has positioned North Korea as the dominant high-value attacker in the cryptocurrency realm today.

    North Korea’s biggest crypto hack of 2025 was also the largest such heist in history. In February, the Lazarus Group stole US$1.5 billion from the Dubai-based exchange Bybit. The hackers used a sophisticated supply chain attack. They compromised a developer’s workstation at Safe, a third-party multi-signature wallet platform used by Bybit.

    The hackers injected malicious JavaScript code into the Safe user interface specifically for Bybit transactions. When Bybit employees signed off on a seemingly routine transaction to move funds from a secure “cold wallet” to a “hot wallet,” the code manipulated the underlying smart contract logic, redirecting approximately 401,000 Ethereum (ETH) tokens to North Korean-controlled addresses instead.

    Although Bybit CEO Ben Zhou assured clients that their funds were secure and that the exchange covered the losses through its own reserves and partner support, the vast majority of the stolen crypto has not been recovered given the hackers’ sophisticated money laundering capabilities. The incident highlighted significant security vulnerabilities in third-party software supply chains and prompted calls for more robust security measures across the cryptocurrency industry.

    Unfortunately, sanctions are not proving to be effective against North Korea’s crypto crime. While sanctions have been placed on specific crypto mixers (services used to obscure transaction origins) like Tornado Cash and Sinbad, North Korean hackers have adapted to use more complex, off-chain laundering infrastructures that are harder to trace.

    Effectively fighting North Korea’s crypto crime requires a multifaceted approach involving enhanced cybersecurity measures, regulatory compliance, and international public-private collaboration. Rapid intelligence sharing between private sector companies (e.g., crypto exchanges, blockchain analytics firms) and law enforcement agencies is paramount for disrupting illicit activities and tracking stolen funds in real time.Additionally, law enforcement capabilities should be enhanced. Countries should establish specialized task forces and permanent divisions within justice departments dedicated to cryptocurrency investigations, ensuring they have the expertise and resources to pursue cybercriminals across borders.