On August 12, 2025, blockchain analytics company Global Ledger hosted the webinar “Crypto’s Laundering Problem: Can Anyone Keep Up?” to address the sharp rise in crypto hacks and the growing use of digital assets for illicit finance.
The session brought together leaders from some of the industry’s most prominent companies, who shared their views on regulatory challenges, the effectiveness of investigations, and new security strategies. The discussion was grounded in Global Ledger’s latest report, which revealed the unprecedented scale of funds stolen in 2025.
The panel featured:
- Lex Fisun, CEO, Global Ledger
- Max Krupyshev, CEO, CoinsPaid
- Georgy Sokolov, CCO, Wirex
- Andriy Velykyy, CEO, Allbridge.io
The session was moderated by journalist and host Catherine Ross-Mychka.
The conversation covered several big themes, which we dive into below.
The Scale of the Threat and Sources of Vulnerability
According to Global Ledger, in the first half of 2025, the crypto industry lost more than $3 billion across 119 hacks. That’s nearly 50% more than in all of 2024, and it became one of the main points of debate.
Andriy Velykyy argued that the surge is less about new attack methods and more about the market’s growth:
“The bigger the market becomes, the more money there is to steal. At the same time, more people understand the technical potential of blockchain. If they lack moral boundaries, they see it as an easy way to make money.”
He noted that bull markets often attract inexperienced teams rushing to launch projects, which creates more vulnerabilities.
Lex Fisun stressed that while cybercrime isn’t unique to crypto, blockchains create unusual opportunities for attackers:
“In banking, it’s difficult to know exactly where the money is. In crypto, it’s different — hot and cold wallets are publicly visible. Sometimes all it takes is one private key, or even an insider at a company, to gain access to huge sums.”
He also pointed to the role of state-sponsored hacking groups and an active market for trading software exploits.
Georgy Sokolov added that human motivation plays as big a role as technology — rapid growth attracts both professionals and opportunists chasing fast money:
“When the market grows, it attracts not only professionals but also people chasing quick profits. This isn’t just a question of technology, but of human motivation — some are here to build, others to take advantage.”
The First 10–15 Minutes After a Hack
Research shows that compliance teams have just 10–15 minutes to stop stolen funds from being moved once they hit a platform. The panelists discussed how companies should act in those critical first moments and shared their personal experiences.
Max Krupyshev stressed the importance of immediately tapping into informal professional networks:
“The industry has developed trusted groups of researchers, analysts, and major exchanges. Information about a theft spreads instantly within these circles, and funds can be frozen even without official paperwork. This mechanism has already helped recover millions of dollars.”
At the same time, Krupyshev admitted that against highly organized groups such as North Korea’s Lazarus, options are still limited:
“Even if you use that 15-minute window as effectively as possible, they move too quickly and too professionally.”
The practice known as a “friendly freeze” — temporarily blocking assets across platforms before a formal law enforcement request—was endorsed by other speakers as well. They agreed that a collective response and close coordination between companies and analytics providers offer the best chance of stopping funds in those first crucial minutes.
Andriy Velykyy added that the technical response must include a full system shutdown at the first sign of suspicious activity to prevent repeat exploits:
“The mistake we made was not shutting the system down immediately. After the first attack, someone copied the exploit and used it again. As soon as suspicious activity is detected, you have to stop processing completely, investigate, and only then resume.”
Transparency and Disclosure
Another heated topic during this session was the fact that in more than half of cases (68%), hackers manage to move stolen funds before the targeted company makes a public announcement about the incident.
Georgy Sokolov pointed out that for regulated financial institutions, going public too quickly can carry legal risks:
“Even when we know for sure that an incident occurred, we have to consider the legal consequences. In some cases, sharing details with users could be seen as tipping off and even a violation of the law. Company executives carry personal liability, including criminal responsibility.”
Andriy Velykyy, by contrast, argued for maximum openness, especially for decentralized platforms:
“If a platform is attacked, it should immediately stop all processes and publicly announce the incident. That way, no one can accuse the team of a rug pull, and it shows that the company is actively addressing the problem.”
Lex Fisun proposed a middle ground, highlighting the role of closed professional channels first to block funds before going public:
“There’s no need to go public right away. There are analyst groups and industry forums where information can be shared instantly. This allows funds to be blocked quickly while buying time before making a public statement.”
Max Krupyshev added that disclosure timing has little effect on hackers’ behavior, who start laundering instantly:
“Hackers start laundering money immediately after the attack. Whether you make a public statement or not, they’re already moving. The real question is the scale of the loss and whether the company is ready to bear the reputational consequences. In some cases, going public is unavoidable; in others, a private notice to partners may be enough.”
How Regulation Affects Cybersecurity
Regulation was another area that sparked intense debate among the panelists. With attacks on the rise, regulators are tightening their oversight of companies by enforcing increasingly stringent KYC and AML procedures. One recent example came from Kraken, which notified users that they must provide sender or recipient ownership details for all transactions above $1,000.
Andriy Velykyy called the measure “absurd,” arguing that requiring explanations for transactions as small as $1,000 only adds to the bureaucratic burden.
Lex Fisun explained that such heavy-handed rules were a reaction to industry crises like the collapse of Terra and the bankruptcy of FTX:
“MiCA was drafted in a climate of public panic, and the final version turned out excessively strict. Even some of its authors admit the rules make business unnecessarily complicated.”
Particular attention was given to the travel rule, which requires transmitting counterparties’ data with every transaction. Georgy Sokolov dismissed it as outdated:
“The travel rule is a 20th-century law imposed on 21st-century technology. Blockchain is already fully transparent, and we have tools to analyze transactions. Real criminals use fake KYC, so the rule only creates problems for honest users while doing little to stop money laundering.”
Sokolov added that harsher rules hurt user experience and push clients toward unregulated exchanges, offshore services, or decentralized protocols.
Max Krupyshev took a more moderate stance, describing regulation as a “necessary evil”:
“Most requirements make sense. Regulators have a duty to protect the broader public. Yes, it’s painful for business, but it disciplines companies and sets minimum standards.”
How Hacks Change Companies
Direct experience with attacks has become a turning point for many companies and executives. Panelists noted that after serious incidents, it is not only the technical response protocols that change, but also broader management decisions.
Max Krupyshev recalled that CoinsPaid went through one of the largest hacks in the market:
“After something like that, all other problems seem minor. We tightened controls around security and treasury management — perhaps in some cases it might seem even too much. But the most important realization is that there is life after a major hack. These experiences make both the company and its leadership stronger.”
Andriy Velykyy admitted that his approach to product development changed after an incident:
“We used to launch new tools as fast as possible to capture market share. Now we’ve added multiple layers of audits. The process is slower, but the risks are much lower.”
Lex Fisun compared the situation to aviation training:
“When you learn to fly, the main focus is on what to do if the engine fails. Companies need the same kind of ‘engine failure procedures’ when a hack happens — to alert partners instantly, maintain control of the situation, and send a fast signal across the ecosystem.”
Georgy Sokolov added that even small incidents can serve as valuable lessons:
“Sometimes clients find unconventional ways to use a product, and it looks like a vulnerability. The important thing is to learn from such cases and adjust processes accordingly.”
For all participants, the conclusion was the same: hacks are painful, but they are also what build resilience and push companies to develop more mature security frameworks.
The Role of Technology in Protecting Crypto Companies
In the final part of the discussion, experts examined how new technologies can help the industry fight money laundering and hacking. Special attention was given to artificial intelligence and automation.
Max Krupyshev noted that AI systems are already being used to analyze transactions and detect anomalies:
“We process millions of addresses every month, and it’s impossible to check them manually. AI tools help distinguish suspicious activity from normal behavior and allow us to react faster. In the future, we plan to expand its use, for example, to monitor unusual client behavior when withdrawing funds.”
Lex Fisun stressed that new technologies must remain invisible to users while reducing costs for businesses:
“Technology should speed up data processing and shorten response times to threats, not create additional barriers. AI tools are effective when they help sort and investigate incidents more quickly.”
Georgy Sokolov linked the development of AI to improving user experience:
“Rigid rules and fixed algorithms often block legitimate transactions. AI can replace these outdated systems with flexible analytics, reducing errors and inconvenience for clients while maintaining security.”
Andriy Velykyy added that, despite his skepticism toward regulation, he sees real value in technologies that increase transparency:
“Analytics tools are needed not only to detect attacks but also to gather transaction statistics. We invest in cross-chain explorers and open APIs so anyone can track the movement of funds. Transparency remains the best defense strategy.”
The panelists agreed that without AI and advanced analytics tools, the industry will not be able to cope with the rising number of attacks. At the same time, they emphasized that technology must go hand in hand with industry-wide cooperation and the development of common standards.
The spirited debate during “Crypto’s Laundering Problem: Can Anyone Keep Up?” underscored the need for joint approaches to industry protection, shaped by the experiences of companies themselves. Combating money laundering and cyber threats will require not only technology but also collaboration and a careful balance between transparency and legal obligations.
