Global Ledger Report: $3.01B Stolen from CEXs in H1 2025 as Real-Time Laundering Outpaces AML Defenses

Generated by AI AgentCoin World
Friday, Jul 25, 2025 4:45 pm ET2min read
Aime RobotAime Summary

- Global Ledger report reveals $3.01B stolen from CEXs in H1 2025, surpassing 2024’s total via 119 hacks.

- Real-time laundering outpaces AML systems, with 23% of stolen funds fully obfuscated before breach detection.

- CEXs now account for 54.26% of losses, exploited as both attack targets and laundering hubs due to slow compliance processes.

- U.S. Genius Act mandates faster AML responses, while AI-driven attacks and API vulnerabilities highlight systemic security gaps.

A new report from Swiss blockchain analytics firm Global Ledger has unveiled alarming vulnerabilities in centralized cryptocurrency exchanges (CEXs), revealing that $3.01 billion was stolen through 119 hacks in the first half of 2025—surpassing the total for all of 2024. The findings highlight the rapid evolution of real-time crypto laundering, where stolen assets are obfuscated and moved before detection systems can respond. By analyzing onchain data, researchers found that 23% of laundering processes were fully completed before breaches became public, while in 68.1% of cases, funds were already in motion before victims realized the theft. The speed of these operations has outpaced Anti-Money Laundering (AML) systems, with some transactions laundered in under three minutes, leaving compliance teams with as little as 10–15 minutes to act [1].

The report underscores a critical shift in the threat landscape: attackers now exploit CEXs as primary entry points, accounting for 54.26% of total losses in 2025—far higher than losses from token contract exploits (17.2%) or personal wallet breaches (11.67%). Centralized exchanges face a dual challenge: they are both high-value targets and critical nodes in the laundering chain. In 15.1% of cases, stolen funds passed through CEXs, where traditional ticket-based compliance processes proved insufficient to counter the speed of illicit activity. Analysts warn that current systems struggle to detect and block suspicious transactions before they are irreversibly laundered [1].

The report also highlights the inadequacy of post-hack response mechanisms. On average, public disclosures of breaches took 37 hours, while attackers typically moved funds within 15 hours, securing a 20-hour head start. This delay exacerbates recovery challenges, as only 4.2% of stolen funds were retrieved in the first half of 2025. The fastest incident recorded saw funds moved four seconds after an exploit, with laundering completed in under three minutes—a pace that leaves little room for intervention [1].

Legislative and regulatory pressures are intensifying. The Genius Act, signed into U.S. law on July 18, mandates stricter AML compliance and faster response times for exchanges and other virtual asset service providers (VASPs). These requirements align with the growing expectation that platforms must proactively prevent crime rather than merely respond to breaches. This shift is evident in the ongoing trial of Tornado Cash developer Roman Storm, where prosecutors argue developers can be held accountable for failing to implement controls that could have curtailed illicit use. If convicted, Storm faces up to 45 years in prison [1].

The implications for CEXs are profound. The report advocates for real-time, automated monitoring systems capable of detecting and halting illicit activity before funds are fully laundered. Such measures are critical as AI-driven exploits and cross-layer attacks become more sophisticated. For instance, the $44.2 million breach at India’s CoinDCX exchange in July 2025 exploited vulnerabilities in internal API protocols and multi-signature wallet management, demonstrating how attackers bypass traditional security layers without directly targeting user wallets [1]. Similarly, the $290 million Munchables breach and $136 million Pike Finance attack underscore the growing complexity of AI-related vulnerabilities [2].

The convergence of these challenges demands urgent action. Cybersecurity firm Hacken’s separate report notes a 1,025% surge in phishing and social engineering attacks in H1 2025, alongside AI-driven exploits targeting insecure APIs and flawed models.

Ethereum
networks accounted for 61.4% of total losses, with BNB Chain and Arbitrum also heavily impacted [2]. As attackers increasingly target both financial and infrastructure layers, standard security audits are proving inadequate. Analysts stress the need for proactive strategies, including real-time monitoring, automated defense systems, and stricter governance for AI integrations [1].

Sources:

[1] [Real-time crypto laundering exposes CEX vulnerabilities — Report] (https://coinmarketcap.com/community/articles/6883ea6e8cc78b1500f62482/)

[2] [Hacken Report Flags $3.1B Web3 Meltdown, 1,025% Spike in AI Attacks] (https://cryptorank.io/news/feed/89990-hacken-report-3-1b-web3-meltdown-ai-attacks)

[3] [Inside the $44M CoinDCX Hack: How Hackers Drained ...] (https://www.ccn.com/education/crypto/coindcx-hack-44m-india-crypto-security-crisis-explained/)