Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / Cryptopolitan /
Hackers Turbocharge Laundering: Mixers & DeFi Double the Speed of Stolen Fund Cleanup

Hackers Turbocharge Laundering: Mixers & DeFi Double the Speed of Stolen Fund Cleanup

Author:
Cryptopolitan
Published:
2026-02-19 11:29:36
8
2

Digital heists just got a faster getaway car. The window to track and recover stolen crypto is slamming shut as cybercriminals perfect their money-moving machinery.

The New Laundering Playbook

Forget slow, traceable bank transfers. Today's thieves are leveraging decentralized tools built for privacy and speed. Crypto mixers—services that obfuscate transaction trails—are now the first port of call. They scramble funds from thousands of users into a single pool, sending clean coins back out. It's a digital shell game regulators struggle to pin down.

Then comes the DeFi dash. Hackers route tainted assets through a maze of automated protocols—swapping, lending, and bridging across chains in minutes. Each interaction fractures the money trail further. Smart contracts don't ask for ID; they just execute the code. This automated obfuscation cuts the traditional laundering timeline in half, leaving forensic teams in the dust.

Why Speed Kills Recovery

The acceleration isn't just technical—it's economic. Faster laundering means stolen assets hit mainstream exchanges quicker, often disguised as legitimate trading profits. It's the ultimate cynical finance jab: the very infrastructure designed to democratize finance is being weaponized for its efficiency. By the time a freeze order is issued, the funds have often vanished into the liquidity ether, converted into harder-to-trace assets or simply cashed out.

The arms race is on. While security firms build better tracking, hackers innovate faster exits. The result? A pressurized system where each successful heist funds more advanced tools for the next—a vicious cycle turbocharged by decentralized tech. The promise of an open financial system now faces its most potent stress test: its own architecture turned against it.

Hackers moved funds immediately after the exploits

The fastest movement of funds took around two seconds, according to Global Ledger. Despite this, around 50% of the funds remain unspent after the hack or wait for months to be moved. 

In 42% of exploits, hackers resorted to Tornado Cash for laundering. Overall, hackers moved funds twice as fast in the second half of 2025. In 76% of cases, they succeeded in moving, splitting or partially laundering funds even before the exploit was intercepted and reported. 

The victims also began reacting faster, compressing their reaction time by more than half in H2. The new reactions on freezing funds where possible and cooperating with exchanges led to a slowdown of exploits in the second half of 2025. 

Despite the fast movement of funds, hackers still took 10.6 days on average to launder funds in H2, up from around eight days in the first half of the year. The bad actors fragmented their haul, taking it into smaller chunks through more intermediaries and over a slightly longer time span.

The laundering techniques were well-known, but hackers used them more intensively in 2025.

Which protocols were the most targeted by hackers?

The past year saw a shift from using centralized exchanges for laundering to tapping the DeFi ecosystem. Over $732M was laundered through DeFi in the second half of 2025, up from $170M in the first half of the year. The volumes ROSE more than 4.3 times, making DeFi the second most-used laundering route after mixers. 

This also meant DeFi protocols were under siege, as they directly connect to a powerful laundering infrastructure.

“Ethereum remains the top target for attackers, accounting for $2.44 billion in losses (~60% of the global total) in 2025. If you are building on ethereum with high liquidity, you are the default target for hackers. The data shows that while other chains like Solana or Bitcoin are growing in incident counts, the massive financial damage is still concentrated where the most liquidity lives,” Lex Fisun, CEO and co-founder of Global Ledger, told Cryptopolitan.

To prevent some of the losses, Fisun believes manual tracking of funds is not efficient. The fix may lie in instant labeling of the source of funds and the automated tracing of transactions. 

“To close the gap between a hack and response, DeFi protocols need real-time action. Here, implementing real-time on-chain monitoring that detects anomalies the moment they happen. Without internal detection and alerting, no ecosystem response can be fast enough,” commented Fisun.

Bridges were also key infrastructure for hacks, which could be monitored.

Hackers doubled the speed of laundering crypto from exploits

In 2025, bridges were more rarely attacked, but were widely used for chain-hopping to trade and disguise the origin of funds. | Source: Global Ledger

In 2025, nearly half of stolen funds, or $2.01B was laundered or routed through bridges, over three times the amount that went through mixers.

One of the reasons was to move funds to the Ethereum L1 chain, which is more liquid and accessible. Bridges still attract hackers for their liquidity, as well as for chain-hopping and disguising origins, added Fisun.

If you're reading this, you’re already ahead. Stay there with our newsletter.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2026 BTCC.com. All rights reserved

All articles reposted on this platform are sourced from public networks and are intended solely for the purpose of disseminating industry information. They do not represent any official stance of BTCC. All intellectual property rights belong to their original authors. If you believe any content infringes upon your rights or is suspected of copyright violation, please contact us at [email protected]. We will address the matter promptly and in accordance with applicable laws.BTCC makes no explicit or implied warranties regarding the accuracy, timeliness, or completeness of the republished information and assumes no direct or indirect liability for any consequences arising from reliance on such content. All materials are provided for industry research reference only and shall not be construed as investment, legal, or business advice. BTCC bears no legal responsibility for any actions taken based on the content provided herein.