FATF Calls for Tighter Crypto Regulations After $1.46 Billion Bybit Hack

The Financial Action Task Force (FATF) has issued a call for enhanced global regulations on cryptocurrencies following a significant data breach. The breach, which occurred in February 2025, involved the hacking of the cryptocurrency exchange Bybit, resulting in the theft of $1.46 billion. This incident has highlighted the growing risks associated with virtual assets and the need for stricter regulatory measures.

The FATF's latest report, released on June 26, 2025, underscores the increasing use of stablecoins and other virtual assets by illicit actors, including North Korean agents, terrorist financiers, and drug traffickers. The report notes that most on-chain illicit activity now involves stablecoins, which could amplify illicit finance risks if not properly regulated. The FATF has emphasized the importance of licensing and registration for virtual asset service providers (VASPs), as well as the need for transparency in cross-border payments. The organization has called on jurisdictions worldwide to step up their efforts in these areas to mitigate the risks posed by the borderless nature of virtual assets.

The FATF's concerns are not limited to stablecoins. The report also highlights the significant uptick in the use of virtual assets in fraud and scams, further underscoring the need for enhanced regulations. The FATF has urged governments to strengthen their anti-money laundering (AML) and counter-terrorist financing (CFT) enforcement measures, warning that regulatory gaps could threaten global financial stability. The organization has also called for greater cooperation among jurisdictions to address the systemic risks posed by weaknesses in any country's virtual asset regulatory framework.

The FATF's call for action comes at a time when the adoption of virtual assets is on the rise. As of April 2025, only 40 of 138 jurisdictions assessed were "largely compliant" with the FATF's crypto standards, up from 32 a year earlier. This indicates that while progress is being made, there is still a long way to go in ensuring that virtual assets are regulated effectively. The FATF has urged jurisdictions to prioritize the implementation of its standards for VAs and VASPs, including the Travel Rule, which requires the sharing of information about the originator and beneficiary of a transaction.

The FATF's report also provides an overview of global trends and evasion methods in the virtual asset space. It highlights the need for jurisdictions to identify individuals conducting VASP activities and to mitigate the risk of offshore VASPs. The organization has also called for greater transparency in cross-border payments, noting that regulatory failures in one jurisdiction can have global consequences.

In response to the FATF's call for action, many regulators and security firms have called for stronger protective measures for centralized exchanges. The fallout from the Bybit breach has sent shockwaves throughout the industry, raising urgent questions about security measures at centralized exchanges. The FATF's report serves as a wake-up call for jurisdictions to step up their efforts in regulating virtual assets and to work together to address the systemic risks posed by the borderless nature of digital financial transactions.