The Rise of Cyber Laundering and Cyber terrorism in the Digital Age

Financial Crime has always been keeping pace with technological advancements. However, what has changed now is the speed, scale, and anonymity with which criminals move funds across borders. Digital assets, decentralized finance, and online payments have given a boost to legitimate commerce. At the same time, it has created a ripe ecosystem for cyber-enabled money laundering and cyber-terrorism.

The U.S. Treasury has said North Korea’s state-sponsored hacking has stolen more than $3 billion in mostly digital assets over the past three years, according to a press release published on November 4, 2025. Those stolen funds were then moved from secrecy jurisdictions to hide the origins, known as cyber laundering. Some of this illegally obtained money was allegedly being used to fund North Korea’s nuclear programs, commonly referred to as proliferation financing. This is one reason why cyber enabled laundering and sanctions evasion now sit alongside traditional AML risk.

Cyber laundering vs cyberterrorism

Cyber laundering and cyber terrorism both rely on digital infrastructure, but they differ in purpose. Cyber laundering focuses on disguising the origin and movement of illicit funds across online channels. Cyber terrorism focuses on disruption and intimidation through cyber attacks, often targeting institutions, services, or systems that societies rely on.

Financial institutions today not only need to have AML systems that safeguard against cyber laundering but they also need to manage cyber terrorism risks to avoid disruption of critical financial infrastructure and to ensure operational resilience.

What is Cyber Laundering

Cyber laundering is the process of using digital technologies such as cryptocurrency, virtual platforms, encrypted networks, and DeFi to hide the sources of illicitly generated funds until they appear as legitimate.

In the contemporary era, the conventional money laundering stages (placement, layering, and integration) are carried out digitally, which makes it complex for legacy systems to detect. Consequently, criminals can easily bypass the systems and perform cyber laundering.

There are two types of cyber laundering:

• Instrumental Digital Laundering: where digital tools facilitate parts of traditional laundering, like using crypto exchanges to layer funds.
• Integral Digital Laundering: where all phases occur in cyberspace, often across crypto assets, gaming economies, and peer‑to‑peer platforms.

Cyber laundering conceals not only organized crime proceeds but also funds that could support extremist activities by exploiting pseudonymity, cross‑chain bridges, and weak regulatory oversight. Regulatory bodies are highlighting these risks. Europe’s Anti‑Money Laundering Authority (AMLA) now expects strong protections against money laundering and terrorist financing across crypto service providers, while the Markets in Crypto-Assets Regulation (MiCA) sets specific compliance requirements for digital asset activities in the EU.

Common cyber laundering typologies in crypto and online platforms

Criminals use different forms of cyber laundering techniques, some of which are:

• Mixers and Tumberles, by which criminals can shuffle the money between wallets and real-world identities, making it complex to trace where the funds are coming from.  Furthermore, the unregulated crypto exchanges and ATMs allow users to swap currencies with few or no identity checks, leaving transactions untraceable.
• Decentralized Finance (DeFi) or cross-chain bridges that allow criminals to transfer assets between blockchains in real-time, creating complicated paths that avoid traditional AML systems, making it harder to detect illicit activities.
• Real-world value conversions through non-financial channels such as digital marketplaces, tokenized assets, gaming platforms, and virtual goods that blend their illegal funds with legitimate activity.
• Encrypted messages, bot-generated transactions, and AI-generated synthetic identity scams that intensify the risk of cyber money laundering by making it difficult for traditional systems to spot with their limited rules.

What is Cyberterrorism

Cyberterrorism is the process of ideologically or politically motivated harm to the general public or disrupting essential services and systems by using digital technology. The purpose of cyberterrorists is beyond financial gain; they want to create fear and instability among the public to fulfil their illicit objectives.

From a financial services viewpoint, cyberterrorism matters because disruption can trigger customer harm, outages, fraud spikes, and regulatory scrutiny under operational resilience expectations. It also creates cover, because large scale incidents can generate alert backlogs and monitoring blind spots.

Types of Cyberterrorism Threats

The threat of cyberterrorism extends beyond monetary flows; it can be done through:

• ransomware and extortion targeting critical services
• Distributed denial-of-service (DDoS) attacks on financial infrastructure
• supply-chain compromise
• phishing and credential theft at scale
• malware, destructive wipers
• attacks on OT/ICS where relevant (energy, transport, healthcare)

Global Responses to Cyber laundering and Cyber Terrorism Incidents

Cyber‑Laundering

Ronin Bridge Heist (South Korea / Global)

In March 2022, hackers exploited a security flaw in the Ronin bridge (used by the game Axie Infinity) to steal roughly $600–625 million in cryptocurrency. These funds were then split, converted, and routed through decentralised mixing services and cross‑chain bridges to conceal their origin. Blockchain experts tracked part of the stolen assets through Tornado Cash and other privacy tools, underscoring how mixers and anonymity tools help cyber launderers obscure funds.

Precautions: Exchanges and bridges have made wallets secure by enhancing the security features and using multisignature controls. They also adopted risk scoring before transfers and started using complete blockchain analytics to track illegal activities. With support from forensic companies, law enforcement has recovered and frozen some of the stolen funds and placed sanctions on related wallet addresses.

North Korea / Lazarus Group (U.S. & International)

State‑linked actors like North Korea’s Lazarus Group have carried out multiple large crypto thefts and laundering operations, funneling stolen assets through mixers, decentralised exchanges, and cross‑chain pathways before attempting to convert them to fiat or other assets. In 2025, the FBI reported that a group of hackers known as Lazarus stole $1.5 billion in cryptocurrency from an exchange known as ByBit. The stolen money was then disguised and moved in secrecy, which is a common practice performed by restricted actors to avoid regulatory constraints.

Precautions: The U.S. Treasury’s Office of Foreign Assets Control (OFAC) and the Department of Justice have sanctioned wallets and individuals tied to these operations, used asset seizure and indictments, and expanded AML programmes. VASPs and blockchain analytics firms now maintain comprehensive watchlists and share intelligence with FIUs globally to catch high‑risk transfers early.

Cyber Terrorism

Islamic State–Linked Cyber Attacks on Western Infrastructure (U.S. / Europe)
In various Western countries such as the US and UK, ISIS-related hacker groups like the United Cyber Caliphate (UCC) carried out coordinated cyberattacks. They targeted government agencies such as:

•  US State Department
• Department of Homeland Security
• Department of Defense

Military personnel and important websites, including the US embassy portals. Authorities recorded attacks that included changing website contents, leaking data, launching denial-of-service attacks, and threatening people online. The major intentions behind these actions are not to make money but to harm individuals for social, political, and ideological objectives.

Precautions: Governments and cybersecurity agencies share information about threats so they can spot attacks early. They perform network monitoring to detect suspicious activity and have plans to instantly respond to it. From the essential service providers, it is required to integrate strong preventive measures so their systems remain secure. Simultaneously, the law enforcement agencies must function internationally to identify and alleviate cyberattacks.

Middle East / International

Groups linked to Hamas and other militant organizations have used social media and privacy‑enhancing cryptocurrencies to gather funds, often breaking payments into many small transfers to pass undetected.

For example, in March 2025, the U.S. Department of Justice (DOJ) disrupted a cryptocurrency-based terrorist financing scheme tied to Hamas (Harakat al‑Muqawama al‑Islamiyya), seizing about $201,400 in crypto. According to the DOJ, donors were directed via encrypted group chats to multiple changing crypto addresses, and over $1.5 million was laundered through wallets and exchanges intended for Hamas since October 2024. This case demonstrates the group’s use of digital assets to raise and obscure funds.

Precautions: Authorities such as the U.S. Treasury and Israeli enforcement agencies issue wallet freezes and sanctions, working with private blockchain tracing firms to block known terror‑linked addresses. Risk‑based monitoring and targeted asset freezes are advised under global FATF and UN guidance.

International law enforcement operations have taken down cyber‑enabled terror fundraising campaigns and seized linked virtual assets, often accompanied by policy pushes for better public‑private information sharing and AML/CFT compliance at exchanges.

Counter Cyber Money Laundering with AML Watcher

Cyber laundering and cyber-enabled financing risks are expanding because criminals can move value faster than many monitoring programs can adapt. Organizations with legacy monitoring systems can fail to detect these advanced threats.

Therefore, financial service providers need an AML system that can adapt and keep pace with emerging risks. AML Watcher’s proprietary database and designed to be adaptive approach provides that foundation to the financial institutions. The platform monitors risks in real-time, and combines custom-made, context-aware rules and explainable AI-driven reviews. This approach removes the majority of the manual effort and false positives, which helps minimize compliance costs and allows compliance resources focused on real threats.