Most conversations about crypto start and end with Bitcoin—the headline-grabbing, price-swinging rebel of digital finance. But Bitcoin isn't where the real battle for the future of money is being fought. That battle is happening on stablecoins: the quiet, utilitarian bridge connecting the traditional banking world to Web3.
Stablecoins grew nearly 49% in 2025, reaching a market capitalization between $310 and $314 billion—larger than the GDP of Finland or Portugal. USDT (Tether) holds the largest share, functioning as the lubricant for the entire crypto trading ecosystem. And where hundreds of billions of dollars move, sophisticated criminals follow.
After 15+ years in fraud and compliance—including time at a crypto/web3 startup where stablecoins were the primary payment rail—my view is clear: stablecoins are here to stay, and they demand serious Fraud and AML thinking. For fraud and compliance leaders at banks, credit unions, and fintechs, they are no longer a niche concern. They are a core risk. Whether your institution directly offers crypto services or not, your customers are transacting in stablecoins—and your systems may already be the unwitting entry point for the next major financial crime event.
What Are Stablecoins? (And Why "Stable" Is Just a Label)
A stablecoin is a cryptocurrency designed to maintain a fixed value relative to a real-world asset—most commonly the US dollar. Unlike Bitcoin or Ethereum, which can swing 20% in a single day, a dollar-pegged stablecoin is meant to always be worth one dollar.
That stability makes them extraordinarily useful. A stablecoin can move a million dollars across the world in seconds, on a Saturday night, without requiring a bank intermediary, and the recipient knows exactly what it's worth upon arrival. That's the promise: the speed and programmability of crypto combined with the price certainty of cash.
There are three main types in circulation today:
- Fiat-backed stablecoins (USDT, USDC): Backed one-to-one by cash or Treasury bonds held in reserve. The issuer holds the vault; you hold the token.
- Crypto-backed stablecoins (DAI): Backed by a basket of cryptocurrencies, typically over-collateralized to account for volatility.
- Commodity-backed stablecoins (Pax Gold): Backed by physical assets like gold or silver.
- Algorithmic stablecoins (the now-infamous UST): Backed by nothing but code and market confidence—a mechanism that, as history proved, can fail catastrophically.
The Terra Luna Cautionary Tale
No discussion of stablecoin risk is complete without Terra Luna. In 2022, the Terra blockchain's algorithmic stablecoin UST—designed to maintain a $1 peg through a mathematical relationship with its sister token LUNA—suffered a complete collapse. When market confidence cracked and UST slipped below a dollar, panic set in. Holders rushed to exit, minting massive quantities of LUNA tokens in the process, which hyperinflated LUNA's supply and drove its value to near zero.
The result: $45–50 billion in market capitalization wiped out in days. There was no vault, no external collateral, and no backstop. The lesson is stark: you cannot algorithmically wish value into existence. Stable is just a label until the market tests it.
The Regulatory Landscape: The GENIUS Act and the Great Decoupling
The Terra Luna collapse sent the bat signal to Congress, and the regulatory response is now taking shape in the form of the GENIUS Act—one of the most significant pieces of stablecoin legislation to move through the US legislative process.
The GENIUS Act does four key things:
- Establishes licensing rules for US stablecoin issuers, requiring proof of reserves and ending "trust me" banking
- Sets standards for foreign issuers operating in the US—critical in a global market where bad actors can easily operate from offshore
- Clarifies the regulatory divide between the SEC and CFTC for oversight of digital assets
- Creates clear compliance pathways for stablecoins, DeFi, and smart contracts
In Europe, the MiCA framework is driving similar requirements, pushing issuers toward full reserve backing, auditable disclosures, and clear AML/KYC rules.
The effect is a "great decoupling"—what practitioners are calling the Splinternet of Money. Crypto liquidity is fragmenting into two distinct pools: a compliant pool of GENIUS- and MiCA-regulated coins (USDC, emerging regulated Tether products, bank-issued coins) and a grey pool of offshore stablecoins, synthetic assets, and no-KYC venues. Institutional treasuries will increasingly standardize on the former; the latter will be treated as toxic collateral. And during periods of market stress, expect spread differences to emerge between clean and grey liquidity—a signal risk teams at institutional desks will need to monitor actively.
But here's the critical risk for compliance teams: the bridge between these two pools never fully disappears. That bridge—where clean fiat becomes compliant stablecoin becomes chain-hopped grey stablecoin becomes mixer-obfuscated criminal proceeds—is where AML risk concentrates. Relying on a "we only touch regulated coins" policy is dangerously naïve if those coins are just two or three hops away from sanctioned actors or trafficking flows.
Architecturally, this demands two things: treating compliant stablecoins as first-class payment rails fully integrated into core systems and risk engines—not a side experiment—and fusing onboarding and KYC data with on-chain intelligence so that a corporate treasury legitimately using USDC doesn't look the same as an arbitrage shop constantly cycling into grey liquidity. The ability to make that distinction is the difference between a sophisticated risk program and a checkbox.
The $158 Billion Paradox: Why Illicit Flows Are Growing Despite Tighter Rules
Here is the uncomfortable paradox of the current moment: regulation is tightening, enforcement is increasing—and yet illicit crypto flows reached an estimated $158 billion in 2025, one of the highest totals on record.
The explanation is that regulators have successfully reduced classic retail fraud. But stablecoins have simultaneously become the preferred rail for state-level and industrialized crime, a category that operates at a scale and sophistication that outpaces traditional controls.
Sanctions Evasion at Nation-State Scale
Research from Chainalysis and TRM documents an explosion in nation-state use of stablecoins for sanctions evasion and illicit trade finance. Ruble-linked tokens move tens of billions on-chain; Iranian and proxy networks push billions in oil, weapons, and laundering flows through stablecoins and high-risk exchanges. Banks and fintechs frequently become the placement or layering stage in these schemes without ever seeing a SWIFT message that names a sanctioned counterparty.
Pig-Butchering at Industrial Scale
"Pig-butchering" scams—once dismissed as simple romance scams—have evolved into vertically integrated fraud factories. Human-trafficking compounds in Cambodia, Myanmar, and Laos now operate large-scale scam operations. USDT is the preferred payroll and laundering currency because it is fast, liquid, and widely accepted on grey markets. UN and DOJ reporting explicitly links USDT flows to these operations, with seizures reaching hundreds of millions of dollars. The crypto transaction is just one layer in a supply chain that also involves recruitment, trafficking, and physical coercion.
The On-Ramp vs. On-Chain Gap
Most institutions still treat KYC at the on-ramp as their primary line of defense. "We verified the customer." "We completed travel-rule checks." "We screen counterparties." This defense fails when criminal activity happens entirely on-chain between pseudonymous wallets, funds are layered through mixers and chain-hopping long before touching a bank again, and your visibility is limited to fiat in / fiat out with no understanding of the path in between.
In a stablecoin world, risk lives in the path, not just the endpoints.
The Four Attack Patterns Fraud and AML Teams Must Know
Based on real-world case studies from crypto exchanges and financial institutions, these are the fraud and money laundering schemes most commonly targeting the fiat-to-crypto bridge:
1. ACH Kiting — The "Synthetic Float" Attack
Fraudsters exploit the ACH settlement gap (T+1/T+2). They link a bank account to a crypto platform, fund a wallet, and immediately buy stablecoins—then drain the originating bank account before the ACH pull settles. When the platform attempts to settle the transfer and receives an R01 return (insufficient funds), the coins are already on-chain and irretrievable.
Business pain point: Direct credit loss. The institution holds the negative balance; the funds are immutable on the blockchain.
2. Account Takeover → Crypto Off-Ramping (Rapid Exfiltration)
ATO actors increasingly prefer routing stolen funds to crypto rails rather than traditional wire transfers. Converting to USDT or USDC is faster than wires, near-instant in settlement, and—critically—irreversible. Once funds hit the chain, the trace request is dead. You cannot reverse a crypto transaction the way you can sometimes recall a wire or reverse an ACH.
Business pain point: Irreversible loss with no clawback mechanism, plus customer restitution liability.
3. Promo Abuse — Incentive Farming at Scale
Growth-focused fintechs offering sign-up bonuses ("get $50 when you open an account") become targets for organized fraud rings that deploy bot farms, phone farms, and synthetic identity swarms to harvest those bonuses at scale. Each fake account claims the bonus, buys stablecoin, and funnels it to a harvest wallet. The platform burns its customer acquisition budget on bots instead of real users and wastes operational resources manually closing fake accounts.
Business pain point: CAC inflation, wasted marketing spend, and degraded growth metrics.
4. AML Layering — Chain Hopping
Criminals create mule accounts at financial institutions to ingest dirty cash, move it to a crypto exchange, swap for stablecoins, and funnel through mixers (like Tornado Cash) or high-risk jurisdictions. Your institution becomes the placement stage of a money laundering operation—even if you never knowingly touched the illicit proceeds. The regulatory consequences can be severe even when there is no direct financial loss.
Business pain point: Regulatory fines, reputational damage, and potential consent orders.
Decentralization Red Flags: What to Watch On-Chain
Blockchain's core feature—a publicly visible, immutable ledger—is theoretically the worst environment for crime. Every transaction is written in permanent ink. But sophisticated actors have developed equally sophisticated obfuscation tools:
Mixers are automated protocols that break the direct connection between the origin and destination of crypto funds. A mixer pools funds from many users, mathematically co-mingles inputs and outputs, and returns funds to fresh addresses—severing the chain of custody. Tornado Cash was the most prominent example before its sanctioning.
No-KYC Exchanges facilitate crypto trading without requiring identity verification. By limiting individual transaction amounts, they fly under reporting thresholds—but aggregated across many transactions, they can move millions anonymously.
Affinity Fraud deserves special attention because it isn't a technical exploit—it's a human one. Fraudsters targeting crypto communities exploit the trust gap between those who understand the technology and those who don't. They infiltrate religious communities, ethnic groups, veterans associations, and professional networks. Once trust is established, the skepticism that would otherwise protect a victim disappears. The crime happens emotionally in the real world before a single cent moves on the blockchain. By the time the victim realizes what happened, the funds have passed through a mixer and sit in a wallet in a non-extradition jurisdiction.
Mule Farms represent the industrialized version of this problem. Clusters of new users with near-identical device fingerprints, IP addresses, or behavioral patterns across both fiat and crypto rails are a hallmark of organized fraud rings deploying synthetic identities at scale. Unlike individual bad actors, mule farms are designed to look like organic user growth—which is exactly why they are so dangerous and why network-level detection, rather than account-level review, is required to surface them.
Five Practical Moves to Protect Your Institution
1. Treat the On-Ramp as Your Primary Battleground
The fiat-to-crypto on-ramp is where fraudsters must briefly interact with the traditional financial system—and briefly remove their mask. Catching them here is exponentially easier than chasing them on-chain, where detection difficulty increases tenfold.
Build risk checkpoints across every stage of the onboarding and funding journey: signup and KYC, bank account linkage, fund-in, and first purchase. Implement velocity rules (e.g., flag any new account attempting maximum daily stablecoin purchases immediately after creation), device intelligence checks, and behavioral signals like remote desktop application activity—a significant indicator of elder financial exploitation and third-party takeover scams.
2. Build Controls Specifically at the Clean–Grey Bridge
Don't just ask whether USDC is safe. Ask: Where did this USDC come from, and what did it touch?
You need multi-asset, multi-chain tracing that follows value across bridges, DEXs, and mixers; exposure scoring for no-KYC exchanges, OTC brokers, and high-risk counterparties; and path-aware rules that flag deposits where a "clean" coin is only a hop or two removed from sanctioned entities or known laundering patterns.
3. Deploy Unsupervised Machine Learning to Surface Hidden Attack Clusters
Fraud rings don't operate like individual bad actors. They sign up in coordinated clusters—100 users from the same subnet with sequential email addresses, for example. Traditional rule-based systems looking at individual accounts will miss this. Unsupervised machine learning (UML) can identify these cluster patterns at onboarding and flag the entire ring in real time before a single transaction occurs, enabling your team to take network-level action rather than playing whack-a-mole account by account.
But detection alone isn't enough. Once your team understands what makes a stablecoin transaction suspicious in your specific environment, those insights must be codified into concrete policies and crypto-native triggers—rules that reflect how these assets actually move (bridge and DEX interactions, not just on-exchange trades) rather than being forced into frameworks built for traditional payments. Critically, this requires a feedback loop where on-chain intelligence and case outcomes continuously tune those rules. The threat landscape evolves too quickly for a static ruleset to remain effective; your controls need to learn as your adversaries adapt.
4. Use Graph Analysis to De-Anonymize Hidden Connections
Knowledge graph technology connects the "fiat world" (PII, bank accounts, devices) to the "crypto world" (wallets, protocols, routes), revealing hidden linkages that rule-based systems miss. A seemingly clean new user who shares a device fingerprint or recovery email with a known bad actor becomes visible. These connections provide the narrative your compliance team needs to build defensible SAR filings and justify account closures.
5. Invest in Foundational Risk Infrastructure
Fraud and money laundering risks remain acute during both the fiat-to-crypto (on-ramp) and crypto-to-fiat (off-ramp) processes. Successfully managing these bridge risks requires long-term investment in core infrastructure—not one-off tool purchases.
That means committing to a flexible platform capable of rapidly integrating new data sources and risk signals, including on-chain intelligence, as the market evolves. It means better data orchestration: the ability to seamlessly connect data from the traditional fiat world (KYC, PII, devices) with the crypto world (wallet activity, protocols, routes) to form a unified risk view. And it means continuous investment in advanced models—UML and graph/linkage analysis—to stay ahead of evolving, clustered attack patterns rather than always playing catch-up after a new scheme has already caused losses.
6. Break Down the Monitoring Silos
One of the most common and costly gaps in crypto fraud monitoring is the siloed approach: the crypto product gets monitored separately from the rest of the customer relationship. A customer who has been a trusted checking account holder for five years presents a very different risk profile than a brand-new account immediately attempting to fund a stablecoin purchase. Holistic user activity—Zelle patterns, branch activity, account tenure, linked relationships—should inform every crypto risk decision. Breaking down these silos is not optional as stablecoin adoption accelerates.
Key Takeaways
- The stablecoin market is a $310+ billion ecosystem that grew 49% in 2025—it is now core financial infrastructure, not an experiment.
- The Terra Luna collapse proved that algorithmic stablecoins without real-world backing can go to zero in days. Reserve backing and regulatory compliance are non-negotiable risk filters.
- The GENIUS Act and MiCA are creating a permanent divide between compliant and grey-market stablecoins. Institutions should build for a world where corporate clients demand stablecoin settlement.
- Illicit flows reached ~$158 billion in 2025 despite tighter regulation—because stablecoins have become the preferred rail for nation-state sanctions evasion and industrialized pig-butchering scams.
- The four primary attack vectors at the fiat-to-crypto bridge are ACH kiting, ATO-to-crypto exfiltration, promotional abuse, and AML chain-hopping layering.
- Risk lives in the path, not the endpoints. Knowing your customer at onboarding is necessary but not sufficient. You need on-chain provenance tracing to understand where funds actually came from.
- The fiat-to-crypto on-ramp is your most defensible chokepoint. Once funds reach the chain, detection difficulty increases tenfold.
- The most effective defenses combine early-stage velocity rules, unsupervised machine learning, and knowledge graph analysis to shift from case-by-case reaction to network-level disruption.
The Irony of Transparency
The same blockchain transparency that criminals try to exploit through obfuscation tools is your most powerful weapon as a compliance professional. With the right analytics, you can see more, earlier, and in more detail than ever before across both the fiat and crypto worlds. The open question is whether your organization moves fast enough to use what the data is already telling you.
Stablecoins have evolved from a hedge against volatility into three simultaneous forces: a core payment rail for legitimate commerce, a regulatory project defining what "clean" money looks like in the digital age, and a preferred tool for the most sophisticated financial criminals on earth. If you own fraud, AML, or risk, you are already involved—whether you acknowledge it or not.
The choices your organization makes about coins, controls, data, and analytics over the next 12–24 months will determine whether you are passively processing stablecoin flows or actively managing your exposure in the Splinternet of money.
Have questions for an expert, reach out today.
