Binance is once again embroiled in a cryptocurrency laundering scandal: what’s wrong with the exchange

No sooner had Binance solemnly announced a reduction in the volume of dirty cryptocurrency on its platform than it found itself at the center of a new scandal. It turned out that in recent years, the exchange had systematically ignored AML standards and helped to legalize criminal proceeds. GetBlock AML Research publishes the highlights of a new investigation by the International Consortium of Investigative Journalists (ICIJ).

Binance and other cryptocurrency exchanges have been caught violating AML laws on multiple occasions in the past. The most high-profile scandal occurred in 2023, when Binance CEO Changpeng Zhao resigned and was sentenced to prison in the United States.

After pleading guilty in 2023, Binance and OKX pledged to strictly follow international anti-money laundering standards. However, the ICIJ investigation revealed that the largest crypto exchanges continued to play a key role in global money laundering schemes — and did so systematically. Analysis of blockchain transactions, court documents, and internal materials points to a whole list of violations.

Key compliance trends for 2025: why AML policy is tightening

Businesses and ordinary users have recently faced the introduction of new AML rules and the tightening of existing anti-money laundering mechanisms. We explain why this is happening and how to respond to it

Читать дальше

Continued servicing of criminal networks

Even under the supervision of government oversight teams, Binance continued to accept funds from Huione Group, an entity that the US links to Chinese criminal networks, human trafficking, and multimillion-dollar fraud schemes in Southeast Asia.

According to the ICIJ, Binance received at least $408 million USDT linked to Huione after authorities had already labeled the group a “money laundering factory.” Similarly, OKX, despite its own admission of guilt and promise to comply with AML regulations, received more than $161 million from the same criminal clusters. This suggests that exchanges have not implemented restrictions on accepting funds from known high-risk sources.

Ongoing ties to Russian and East Asian criminal networks

ICIJ found that Binance systematically serviced transactions related to:

• the Russian platform Hydra, the largest dark web market, whose infrastructure was used for drug sales, child exploitation, and trade in stolen data;
• Russian cash-out groups operating through P2P exchanges;
• addresses linked to the Sinaloa Cartel — one such address received more than $700 000, including from Coinbase.

HTX (formerly Huobi) was involved in transactions linked to North Korean hackers and Russian intermediaries who facilitated the withdrawal of stolen assets.

Participation in North Korea’s money laundering chains

The ICIJ is paying particular attention to the investigation into the $1,5 billion Bybit hack, the largest cyber theft linked to the Lazarus Group. During the subsequent laundering through THORChain, some of the funds ended up on Binance, with about $900 million in ETH passing through addresses leading to the exchange.

Despite the fact that OFAC repeatedly included related addresses in its sanctions lists, the exchange did not take timely action to block them.

Six months after the $1,5 billion Bybit hack. How the incident changed the industry

North Korean hackers behind the Bybit hack had to invent new ways to launder cryptocurrency because they found themselves in a situation unique to the industry

Читать дальше

Exchanges claim that they “cannot block incoming transactions,” but they could

The official position of Binance, OKX, and HTX is that the exchange cannot prevent the receipt of funds because the blockchain is open.

However, the investigation showed the opposite:

• exchanges regularly freeze incoming funds if they want to — for example, at the request of special services;
• they could block the use of deposit addresses that have repeatedly received criminal transfers;
• exchanges could automatically transfer suspicious deposits to separate “cold” accounts for verification, but instead accepted them into circulation.

Thus, statements about “technical impossibility” are merely an excuse for the lack of proper AML controls.

Internal compliance shortcomings: overloaded teams and millions of unreviewed alerts

ICIJ obtained access to comments from former employees who claimed that:

• the compliance departments of large exchanges were overwhelmed by tens of millions of alerts about suspicious transactions;
• the risk prioritization system was weak — many transactions were backlogged for months;
• management often ignored critical incidents if they involved large, volatile flows that generated significant fees.

This directly indicates a gross violation of international AML standards, where timely monitoring is mandatory.

Support for P2P crime, underground OTC, and shadow exchangers

Most of the “dirtiest” flows passed through:

• Russian-language P2P exchange networks, where cash-out groups have been operating for a long time;
• Chinese OTC intermediaries serving online fraud and romance scams;
• traders who disguised transfers through USDT.

ICIJ notes that exchanges were well aware of the existence of shadow market makers but did not take action because they provided liquidity.

What are KYC and CDD? Complete guide to compliance and AML risk assessment

We have compiled a complete guide on how to organize the process of customer verification and financial risk assessment for financial service providers

Читать дальше

Exchanges continue to conceal the scale of the problem

In response to journalists’ inquiries:

• Binance stated that it “cannot comment on the investigation,”
• OKX and HTX cited privacy policies,
• and auditing companies refused to disclose their reports due to non-disclosure agreements.

In other words, the exchanges did not actually refute any of the facts, but merely attempted to avoid discussion.

Conclusion

The ICIJ investigation shows that the world’s largest crypto exchanges did not simply “fail” at AML controls — they remained a key element of the global money laundering infrastructure, serving:

• North Korean hackers,
• Russian criminal networks,
• drug trafficking (including Sinaloa),
• fraudulent structures in Southeast Asia,
• and human trafficking groups.

They did this even after official admissions of guilt, fines, and the establishment of external oversight, which makes the problem systemic rather than technical.