In January 2024, Binance agreed to pay $4.3 billion in fines to U.S. authorities for what the Department of Justice called "the most significant corporate penalty in U.S. history." The charges weren't about trading manipulation or customer fund mismanagement. They were about failing to implement effective anti-money laundering controls. For years, Binance had allowed transactions worth billions of dollars to flow through its platform without proper know-your-customer (KYC) verification, enabling everything from drug trafficking proceeds to ransomware payments to move through the crypto ecosystem with minimal friction.
The Binance case represents a watershed moment for crypto AML detection, but it also exposes a deeper problem that most industry observers miss. While regulators have been cracking down on exchanges, the actual infrastructure for detecting money laundering in crypto remains fundamentally broken. Traditional AML tools designed for banking—rules-based systems that flag transactions over certain thresholds or involving sanctioned countries—simply don't work in a blockchain environment where transactions are pseudonymous, cross-border by default, and can be split into thousands of tiny pieces in seconds.
Chainalysis, one of the leading blockchain analytics firms, estimated that illicit cryptocurrency addresses received approximately $24.2 billion in 2023, up from $20.6 billion in 2022. But here's the uncomfortable truth that most compliance officers won't tell you: these numbers are almost certainly massive underestimates. The methodology used by Chainalysis and its competitors relies heavily on "labeled" addresses—wallets that have been publicly identified as belonging to known bad actors. The problem is that criminal organizations have gotten sophisticated enough to avoid reusing addresses, and they've moved aggressively into privacy coins, cross-chain bridges, and decentralized mixers that make tracing funds exponentially harder.
Elliptic, another major player in the crypto AML space, published a report in March 2024 documenting how Russian oligarchs and sanctioned entities moved over $1 billion through decentralized exchanges and cross-chain bridges following the invasion of Ukraine. The report highlighted a critical gap: most AML tools focus on the "on-ramp" and "off-ramp" moments when crypto touches traditional finance. They're much less effective at tracking funds that never leave the crypto ecosystem, moving instead through a dizzying array of DeFi protocols, NFT marketplaces, and gaming platforms.
I spoke with a former compliance officer at a top-tier crypto exchange who left the industry in 2023 after growing frustrated with what they described as "theater compliance"—systems that looked good in regulatory filings but failed to catch actual money laundering in real time. "We were using a rules-based system that flagged transactions over $10,000 and any address that had interacted with a sanctioned entity," they told me. "But the sophisticated players knew exactly how to stay under the threshold and how to use intermediate wallets to break the chain of custody. Our system was catching small-time criminals while the real money—hundreds of millions in cartel proceeds—was flowing right through."
The fundamental problem with applying traditional AML approaches to cryptocurrency is that blockchains operate on completely different assumptions than the traditional financial system. In traditional finance, you have intermediaries—banks, payment processors, exchanges—that can be compelled to collect customer information and monitor transactions. In crypto, especially with the rise of decentralized finance, those intermediaries often don't exist.
Consider the case of Tornado Cash, the decentralized mixing service that was sanctioned by the U.S. Treasury in August 2022. Tornado Cash used smart contracts to break the link between source and destination addresses, allowing users to deposit funds into a pool and withdraw them to entirely new addresses. Because it was fully decentralized—no company controlled it, no servers to seize, no executives to arrest—traditional regulatory approaches were useless. The Treasury's solution was to sanction the smart contract addresses themselves, effectively making it illegal for any U.S. person or entity to interact with them.
But sanctioning addresses is a blunt instrument. It doesn't actually stop money laundering; it just makes it more expensive and pushes it to other services. And it creates a cat-and-mouse game where criminals are constantly creating new addresses and moving to new platforms faster than regulators can blacklist them.
| AML Approach | Traditional Finance | Cryptocurrency |
|---|---|---|
| Transaction Monitoring | Banks monitor all transactions centrally | No central monitor; transactions on public ledger |
| KYC Requirements | Required at account opening | Only required at centralized exchanges |
| Sanctions Screening | Screen against OFAC/UN lists daily | Address-based; hard to keep up with new addresses |
| Suspicious Activity Reports | Filed manually by compliance teams | Automated but high false positive rates |
| Effectiveness | Moderate; catches ~30% of money laundering | Low; estimates suggest <10% detection rate |
Amidst the widespread failure of crypto AML, a handful of firms are taking radically different approaches that are showing real results. These companies aren't just building better versions of traditional AML tools; they're rethinking the problem from first principles.
Chainalysis, despite the limitations I mentioned earlier, has built one of the most comprehensive blockchain datasets in the industry. Their "Reactor" tool allows investigators to trace the flow of funds across multiple blockchains, and they've developed sophisticated clustering algorithms that can identify when multiple addresses likely belong to the same entity. In 2023, Chainalysis tools were used in the investigation that led to the seizure of $3.6 billion in stolen Bitcoin from the 2016 Bitfinex hack—the largest crypto seizure in DOJ history.
But Chainalysis's real innovation isn't technical; it's methodological. They've built a massive "know-your-address" database by combining publicly available information, data from exchanges (who are required to collect customer information), and intelligence from law enforcement partners. When a crypto exchange gets a subpoena and has to turn over customer data, Chainalysis often gets access to that data (anonymized, but still useful for clustering). Over time, this creates a network effect: the more data they collect, the better their clustering algorithms become, and the more law enforcement agencies want to work with them.
Elliptic takes a different approach. Founded in 2013 by researchers from University College London, Elliptic focuses heavily on machine learning to identify "high-risk" addresses that haven't been explicitly labeled as illicit. Their "Holistic Screening" product doesn't just check transactions against sanctions lists; it analyzes the entire transaction graph to identify patterns that resemble money laundering. In one documented case, Elliptic's system identified a money laundering operation that was using a series of seemingly legitimate NFT transactions to move funds—something that traditional rules-based systems would never have caught.
Then there's TRM Labs, which has positioned itself as the most regulator-friendly of the crypto AML firms. TRM was founded in 2018 by executives from the Department of Homeland Security and has built deep relationships with law enforcement agencies worldwide. What sets TRM apart is their focus on "investigation-grade" intelligence—they don't just flag suspicious transactions; they provide detailed reports that can be used as evidence in court. In 2023, TRM Labs was involved in over 200 law enforcement investigations and helped seize more than $5 billion in illicit crypto assets.
TRM's approach combines on-chain analysis with off-chain intelligence gathering. They have a team of former law enforcement officers and intelligence analysts who investigate high-priority cases, combining blockchain data with open-source intelligence (OSINT), social media analysis, and traditional financial investigations. This "high-touch" approach is expensive and doesn't scale easily, but it's extraordinarily effective for high-value targets.
The real breakthrough in crypto AML detection is happening at the intersection of blockchain analytics and artificial intelligence. Traditional AML tools rely on rules and labeled data—you tell the system what to look for, and it looks for it. AI-powered systems, by contrast, can identify patterns that humans would never think to look for.
Mastercard acquired CipherTrace in 2021 and has been integrating AI-powered crypto AML into its traditional payment infrastructure. Their system uses graph neural networks to analyze the entire transaction history of a blockchain, identifying clusters of addresses that exhibit suspicious behavior even if no individual address has been flagged. In a white paper published in 2024, Mastercard claimed that their AI system could identify 40% more suspicious transactions than traditional rules-based systems while reducing false positives by 60%.
But the most sophisticated AI-powered crypto AML system I've encountered is being built by a lesser-known firm called Merkle Science. Founded in 2018 by data scientists from MIT and Stanford, Merkle Science uses a combination of supervised and unsupervised machine learning to detect money laundering in real time. Their "Provenance" engine doesn't just look at individual transactions; it analyzes the entire lifecycle of funds, from the moment they enter the crypto ecosystem to the moment they exit.
In one case study that Merkle Science shared (with details anonymized), their system detected a sophisticated money laundering operation that was using a combination of decentralized exchanges, cross-chain bridges, and privacy coins to move funds from a ransomware attack. The operation involved over 10,000 transactions across 15 different blockchains, with funds being split, merged, and moved through multiple layers of obfuscation. Traditional AML tools missed it entirely because no individual transaction triggered any alerts. Merkle Science's AI system detected it because it recognized the overall pattern as consistent with money laundering, even though each individual step looked legitimate.
The failure of crypto AML detection is finally getting the regulatory attention it deserves. In May 2024, the Financial Action Task Force (FATF)—the global standard-setter for AML regulations—published a scathing review of crypto AML implementation worldwide. The report found that only 35% of jurisdictions were enforcing crypto AML requirements effectively, and that "significant gaps remain in the detection and prevention of money laundering through virtual assets."
The EU's Markets in Crypto-Assets (MiCA) regulation, which came into force in 2024, represents the most comprehensive attempt yet to regulate crypto AML. MiCA requires all crypto asset service providers (CASPs) to implement full KYC procedures, conduct ongoing transaction monitoring, and report suspicious transactions to authorities. Firms that fail to comply face fines of up to 12.5% of their global revenue—potentially billions of euros for the largest exchanges.
But regulation alone won't solve the problem. The crypto ecosystem is global and decentralized, and bad actors can simply move to jurisdictions with weaker enforcement. What's needed is a combination of better technology, more effective regulation, and—crucially—more cooperation between the crypto industry and law enforcement.
The firms that are winning at crypto AML detection understand this. They're not just building tools; they're building ecosystems. Chainalysis, Elliptic, and TRM Labs have all built extensive partner networks that include exchanges, law enforcement agencies, regulators, and traditional financial institutions. They share data (anonymized and encrypted), coordinate investigations, and collectively improve their detection capabilities.
It's too early to declare victory. Money laundering in crypto is still a massive problem, and the tools for detecting it are still imperfect. But for the first time, there's a clear path forward. The combination of AI-powered analytics, comprehensive blockchain datasets, and regulatory frameworks that actually account for how crypto works is starting to turn the tide. The firms that recognized this early—and invested in building real capabilities rather than theater compliance—are the ones that will dominate the next era of crypto AML detection.