rewrite this title The New Arms Race: How States Use Blockchain for Cyberwarfare and Shadow Economies.

Blockchains were supposed to make finance more open and fair, but like any powerful tool, they can be used for good and bad. In the last few years, governments and criminal groups have learned to use crypto in clever ways. Some states use blockchains to fund secret programs or dodge sanctions, and other groups use them to move dirty money or run hidden markets. At the same time, new companies use on-chain data to follow those flows and help law enforcement. This has turned crypto into a new kind of battlefield, and the fight is getting louder.

How States and Bad Actors Use Crypto As a Weapon

Cryptocurrencies move value quickly across borders without relying on banks, and that can be useful for ordinary people, but it is also useful for countries or groups that face financial pressure. Two clear examples are North Korea and Russia.

North Korean-linked hackers have stolen large amounts of cryptocurrency, with specialist security researchers reporting that groups associated with the Democratic People’s Republic of Korea (DPRK) took an estimated about $1.34 billion from crypto platforms in 2024, the highest annual total on record for that year and accounting for over half of all stolen funds globally. These thefts were carried out through dozens of incidents, often involving advanced techniques such as malware, social engineering and large exchange breaches. 

In early 2025, the FBI and other blockchain intelligence firms like Arkham Intelligence publicly attributed a major hack of the Dubai-based exchange Bybit, involving roughly $1.5 billion in Ethereum, to North Korean-linked actors, underscoring the ongoing threat posed by these state-affiliated cyber groups.

BREAKING: BYBIT $1 BILLION HACK BOUNTY SOLVED BY ZACHXBT

At 19:09 UTC today, @zachxbt submitted definitive proof that this attack on Bybit was performed by the LAZARUS GROUP.

His submission included a detailed analysis of test transactions and connected wallets used ahead of… https://t.co/O43qD2CM2U pic.twitter.com/jtQPtXl0C5

— Arkham (@arkham) February 21, 2025

Security analysts and international officials have warned that proceeds from these cryptocurrency thefts are likely used by the regime to circumvent sanctions and support its weapons programmes and other government priorities.

Blockchain analysis firms like Chainalysis have published detailed reports mapping how the thefts occur, attributing many incidents to DPRK-associated groups and tracing movement of stolen funds across on-chain transactions and laundering activities.

States do this because traditional finance is slow to change and easy to monitor, whereas Crypto offers speed, new routes, and ways to hide ownership if you know how to use mixers, multiple chains, or private exchanges. That does not mean every crypto user is a criminal, but it also means bad actors find new tools and sometimes move fast.

Real Money, Real Harm: Criminal Finance On Chain

Crypto is not just about theft and sanctions evasion, as we have seen; it also powers large criminal networks, and ransomware gangs have been known to demand payments in crypto. Dark markets sell illegal goods and take crypto, and groups that run scams or hacks drain funds into complicated webs of wallets.

Chainalysis and TRM Labs track these flows every year and have shown how criminals exploit gaps in the system, with recent industry reports showing billions of dollars move through illicit channels in a single year, even as some other forms of crime fell. These reports help policymakers and companies understand which methods criminals use most often, because there is often a pattern. 

First, a hacker steals money or a gang gets paid, then the money moves through chains, mixers, bridges, or friendly exchanges. Finally, someone converts it into real currency through a narrow set of off-ramp services. Investigators say most laundering ends up at just a few key exit points, which is where law enforcement focuses to stop the flow. 

The New Battlefield: Cyberwarfare and Covert Finance

This use of crypto changes how wars and sanctions work; instead of tanks and fighter jets, some fights now use code, wallets and money flows. When a state backs hackers who steal from exchanges, it can quietly fund programs that are hard to trace, and when a state licenses or tolerates domestic exchanges that help sanctioned firms, it builds a shadow economy that keeps its industry alive even under pressure.

A recent analysis shows how some countries are building legal and technical systems to normalize crypto for international trade and to help firms bypass sanctions. These moves can appear to be economic planning, but the same infrastructure can also be used for covert purposes. 

How Investigators Follow The Money With Blockchain Intelligence

Blockchains are public ledgers, which help investigators: wallet addresses and transaction histories are visible to anyone, allowing companies to trace how funds moved across addresses, find patterns, and link them to services or real-world accounts. This work is called blockchain intelligence.

Firms like TRM Labs, Elliptic and others build tools to map transactions and flag suspicious flows. Their tools helped the FBI and other agencies track stolen crypto in major hacks, and they helped governments justify sanctions on risky exchanges by publishing reports that show trends and back up public claims about state-linked activity. But blockchain intelligence is not magic. Criminals use mixers, privacy coins, multiple exchanges, and cross-chain bridges to try to hide their tracks, and investigators must combine on-chain tracking with open-source research, account data from exchanges, and traditional financial information to build strong cases. The work is slow and technical, but it has gotten better and faster as tools improved.

How States Evade Sanctions With Crypto

Sanctions aim to isolate a target from global finance, but crypto can weaken that pressure when used strategically. Below are key methods states and actors use to evade sanctions, along with how investigators counter them.

1. Using domestic or friendly exchanges

Some sanctioned actors rely on exchanges located in allied or politically aligned countries, and these platforms accept crypto deposits and convert them into local currency or goods. Russia has allowed the use of such exchanges for specific trade flows, creating a shadow network that keeps commerce alive despite restrictions. 

2. Creating local stablecoins for trade

Certain states experiment with ruble-backed or local-currency stablecoins designed for cross-border settlement because these tokens make it possible to bypass traditional banking rails. Russia and other sanctioned economies have explored this method as part of their efforts to maintain strategic imports and exports.

3. Laundering funds through DeFi

Illicit funds are often pushed through decentralized finance protocols with attackers using mixers, cross-chain bridges, or liquidity pools on chains with weak oversight. This process obscures the origin of stolen or sanctioned funds before they exit into more regulated environments.

4. Exploiting low-compliance chains and exchanges

After laundering in DeFi, actors typically move funds into exchanges known for lax compliance. Chainalysis reports consistently show that a small set of off-ramp services receive the majority of illicit crypto flows, making them critical choke points for investigators and regulators.

5. Investigator response and pattern tracking

Blockchain intelligence teams map transaction patterns, identify clusters linked to state actors, and focus enforcement on high-risk off-ramps. Reports from groups like Chainalysis reveal how investigators track laundering routes and disrupt networks tied to sanctions evasion and criminal finance.

Why Blockchain Helps and Why It Hurts Investigations

A tricky truth about blockchain is that it is both a weapon and a microscope, where transparency means every transaction is recorded and can be traced. That helps law enforcement identify mule accounts, trace funds, and freeze them when they enter a compliant exchange. Public reports show cases where quick action and blockchain tracking led to recoveries or law enforcement action. 

At the same time, the same transparency lets bad actors develop more effective hiding strategies, as they learn how investigators trace funds and adapt. They use privacy tools, cross-chain bridges, and complex layering to make tracing more expensive and slower. This dance between criminals and investigators keeps evolving, and such investigators must stay up to date with the latest devices used to perpetuate these schemes.

What This Means For Regular People and Businesses

If you build a business that uses crypto or use crypto in your life, these trends matter, mostly because companies must follow good compliance practices and use reputable partners for fiat conversion. Exchanges should operate with clear rules and cooperate with regulators, and users should be aware that not all routes from crypto to cash are safe.

For citizens, the bigger problem is geopolitical because when states weaponize crypto, it can destabilize regions and make sanctions less effective. That can delay accountability and make conflicts harder to resolve. On the positive side, improved blockchain intelligence and better regulation have made crypto safer for ordinary users over time, with the number of funds stolen in some years falling as industry and law enforcement improve how they respond. Still, the threats remain large and constant vigilance is required. 

What Needs To Happen Next

Stopping state-backed misuse of crypto is not a single-approach endeavour; it requires better tools, stronger international coordination, and smarter policy. Regulators must work together to target the exit points where dirty money turns to cash, exchanges and on-ramps must run stronger checks and blockchain intelligence companies must keep improving their tools and share data with law enforcement. All of this needs careful law and diplomacy to avoid harming legitimate users.

At the same time, the industry must keep building privacy-preserving tools for lawful use while preventing abuse–a difficult balance, but an essential one.

In Conclusion

Crypto was supposed to free money from slow banks and central control, but instead it became a new battleground where state actors and criminals fight with code and wallets. 

This turns blockchains into both engines of innovation and channels for criminal finance, but the good news is that the same public ledger that enables abuse also gives investigators a way to track and stop misuse. 

The fight between concealment and transparency will continue, shaping how digital money fits into the world for years to come.

Disclaimer: This article is intended solely for informational purposes and should not be considered trading or investment advice. Nothing herein should be construed as financial, legal, or tax advice. Trading or investing in cryptocurrencies carries a considerable risk of financial loss. Always conduct due diligence. 

Enjoyed this piece? Bookmark DeFi Planet, explore related topics, and follow us on Twitter, LinkedIn, Facebook, Instagram, Threads and CoinMarketCap Community for seamless access to high-quality industry insights.

Take control of your crypto  portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools”