How prosecutors characterize money-laundering networks within crypto, including layering techniques and enforcement outcomes.
WASHINGTON, DC, April 17, 2026
For years, the crypto industry argued that blockchain systems would ultimately become too transparent for serious money launderers to trust, because every transfer left a permanent public trail that analysts, regulators, exchanges, and law enforcement could inspect after the fact.
The Department of Justice’s recent prosecutions tell a more sobering story, because prosecutors now describe a mature laundering ecosystem that does not depend on perfect invisibility, but instead relies on speed, fragmentation, jurisdiction shopping, compliance gaps, and carefully staged movement designed to overwhelm investigators before victims or platforms can react.
That change in emphasis matters because the government is no longer presenting crypto laundering as a futuristic anomaly, but as an updated version of a familiar financial crime in which criminals still place proceeds, layer transactions, disguise control, and seek clean exit points, only now they do it with mixers, bridges, online casinos, privacy tools, shell accounts, unlicensed exchanges, and cooperative intermediaries scattered across multiple countries.
The Samourai Wallet case showed how prosecutors frame crypto laundering as an intentionally built service rather than a neutral privacy tool.
The clearest recent example came in Manhattan, where federal prosecutors said Samourai Wallet was not simply a software project offering anonymity to users, but a functioning money transmitting business that knowingly handled criminal proceeds from drug trafficking, darknet markets, cyber intrusions, fraud, sanctioned jurisdictions, murder-for-hire activity, and child exploitation related conduct.
According to the Justice Department’s sentencing announcement, Samourai’s co-founders were sentenced in November 2025 to 5 and 4 years in prison after knowingly transmitting more than $237 million in criminal proceeds through a mixer that prosecutors said was built and marketed to help users sever the visible link between source and destination.
What stands out in that case is not only the sentence but also the government’s characterization of the service’s core purpose, because prosecutors treated the mixer itself as laundering infrastructure rather than merely a technical privacy feature that happened to attract bad users on the margins.
That framing is important for the wider market because it suggests the department is increasingly asking whether a platform’s design, messaging, defaults, and response to abuse show deliberate indifference or actual knowledge, especially when the service profits from the very opacity that victims later struggle to pierce.
The Roman Storm conviction reinforced the same theory on an even bigger scale.
The most closely watched mixer case in the crypto sector remained the prosecution of Tornado Cash co-founder Roman Storm, whose August 2025 conviction gave prosecutors a marquee courtroom win and a strong public template for explaining how blockchain obfuscation tools become money-laundering instruments in the government’s eyes.
Federal prosecutors said Storm knowingly operated a money-transmitting business that transmitted more than $1 billion in criminal proceeds, while continuing to provide anonymity features despite being aware that major criminal actors, including North Korean hackers, were using the service to move and hide stolen digital assets.
As summarized in Reuters’ analysis of the DOJ policy shift and ongoing crypto-laundering cases, the Storm conviction remained one of the clearest signs that, even as Washington backed away from some regulation-by-prosecution theories, it continued to pursue classic laundering cases built around criminal proceeds and deliberate concealment.
The lesson from Tornado Cash is not merely that the government dislikes anonymity, because the sharper prosecutorial argument is that once a service is built, promoted, and maintained with awareness that criminals are repeatedly using it to wash hacked funds and other dirty proceeds, the service itself can be charged as part of the laundering network.
That is a significant shift for crypto founders and developers because it narrows the room for the old defense that software is just code, especially where internal communications, public promotion, profit extraction, and victim complaints suggest knowledge of the criminal use case.
Bitcoin Fog remains the classic example of how long-running crypto layering still ends in prison.
Before the mixer cases involving Samourai and Tornado Cash reached their most recent milestones, the government had already built one of its clearest laundering narratives around Bitcoin Fog, the darknet service that prosecutors described as a go-to laundering venue for criminals seeking to hide proceeds from narcotics, identity theft, hacking, and child exploitation activity.
In November 2024, the DOJ announced that Roman Sterlingov had been sentenced to 12 years and six months in prison for operating Bitcoin Fog, which the government said processed more than 1.2 million bitcoins, worth about $400 million at the time of the transactions, over its decade-long run.
That case still matters because it demonstrates the kind of layering behavior prosecutors find compelling, with repeated breaking up of transaction flows, pooling and redistribution, use by darknet actors, and long-term operation that turned a supposedly opaque service into one of the best documented laundering enterprises in crypto history.
It also matters because Bitcoin Fog undercuts the idea that older blockchain-era anonymity was somehow beyond forensic reconstruction, since the government was able to convert years of supposedly hidden digital movement into a criminal case that ended with a substantial sentence and a public deterrence message.
Garantex pushed the theory from mixers into exchange-based laundering networks.
If Bitcoin Fog, Samourai, and Tornado Cash showed how prosecutors think about direct obfuscation services, the March 2025 action against Garantex showed how the department thinks about a crypto exchange that allegedly became a laundering hub while presenting itself as a transactional venue rather than a specialist mixing tool.
In that case, DOJ said Garantex processed roughly $96 billion in cryptocurrency transactions between 2019 and 2025, received hundreds of millions in criminal proceeds, and was used to facilitate hacking, ransomware, terrorism, narcotics activity, and sanctions violations with a substantial impact on victims in the United States.
According to the Department of Justice’s announcement about the Garantex disruption, the exchange’s administrators were charged with a money-laundering conspiracy, while one defendant also faced sanctions and unlicensed money-transmission conspiracy counts after prosecutors alleged that the operators knew criminal proceeds were moving through the platform and took steps to conceal that fact.
What makes Garantex especially important is that the case moved beyond a passive compliance failure and into alleged operational concealment, because prosecutors said the platform responded to Russian law-enforcement requests with incomplete information and continued servicing U.S.-linked flows despite public sanctions designations.
That kind of fact pattern allows the department to portray an exchange not as a poorly supervised business that happened to process some illicit activity, but as a continuing laundering venue whose administrators allegedly understood the criminal use case and adapted operations to sustain it.
Exchange resolutions now show that weak controls can be treated as laundering enablement.
The Justice Department has also been sending a second message through big platform resolutions: laundering accountability does not always require proving that an operator designed a mixer or actively coordinated with hackers, because an exchange can still face criminal exposure when weak controls make it an attractive venue for dirty money.
That was the signal in the January 2025 KuCoin guilty plea, in which prosecutors said the exchange operated as an unlicensed money-transmitting business, failed to implement required anti-money-laundering and know-your-customer programs, and let users access the platform without meaningful customer identification for years while serving large numbers of U.S. customers.
The message became even louder in February 2025, when OKX pleaded guilty and agreed to pay more than $500 million in penalties after federal prosecutors said the exchange knowingly violated U.S. anti-money-laundering laws, facilitated more than $5 billion in suspicious transactions and criminal proceeds, and inadequately monitored sanctions and suspicious activity until well into 2023.
Those cases matter because they show how prosecutors increasingly collapse the distance between compliance failure and laundering exposure, especially when the platform’s internal culture, business incentives, and user-acquisition strategy appear to reward volume while treating due diligence and suspicious-activity controls as obstacles.
They also tell exchange executives that incident-free operations are not enough, because if the government concludes the platform functioned as a permissive gateway for criminal funds, the absence of a single dramatic hack will not protect it from a very serious, laundering-centered resolution.
Paxful added another layer by focusing on a marketplace built to look ordinary.
In December 2025, the DOJ announced a guilty plea from Paxful Holdings, describing the peer-to-peer virtual asset trading platform as a business that knowingly facilitated serious criminal conduct through a calculated lack of controls that made it useful for money laundering, sanctions violations, fraud, romance scams, extortion schemes, and prostitution-related activity.
The significance of Paxful is that it broadens the laundering story beyond headline exchanges and specialist anonymizers, showing that prosecutors are also willing to target platforms whose core commercial model appears ordinary on the surface but whose compliance architecture allegedly allows bad actors to treat the platform as a flexible laundering marketplace.
That approach is particularly important in crypto because peer-to-peer environments, over-the-counter counterparties, and fragmented off-ramp channels create opportunities for launderers to turn a single highly visible blockchain trail into multiple smaller fiat-facing pathways that are much harder for victims to follow in real time.
How prosecutors describe the laundering techniques themselves.
Across these cases, the government’s description of crypto laundering has become more concrete and much less mystical, because prosecutors now routinely explain that the point is not to make funds literally invisible, but to make tracing slower, attribution harder, and recovery politically or technically difficult.
The placement stage often begins with stolen or criminally derived assets entering a mixer, an exchange account, a peer-to-peer marketplace, a bridge, or a gambling site, especially when the service accepts rapid movement from fresh hack proceeds or other tainted inflows without robust customer screening.
The layering stage then breaks those funds into repeated movements across multiple wallets, asset types, chains, and service providers, often using techniques such as peel chains, chain hopping, partial consolidation, repeated deposits and withdrawals, and timing patterns designed to frustrate quick reconstruction.
The integration stage occurs when proceeds emerge through accounts that appear cleaner than the source wallet, or through businesses and intermediaries willing to convert crypto into spendable value, luxury goods, cash withdrawals, or other assets that appear detached from the underlying offense.
What modern DOJ complaints and indictments make clear is that prosecutors are increasingly confident in narrating each one of those stages, not simply by pointing to a wallet balance, but by combining blockchain analytics with exchange records, server data, phone evidence, cloud accounts, messaging logs, IP information, and financial records from the off-ramp side.
The enforcement outcomes are now designed to punish both movement and infrastructure.
The recent case mix also shows that DOJ is not relying on one remedy when it encounters crypto-laundering networks, because prosecutors are using prison sentences, guilty pleas, criminal fines, corporate monitors, forfeiture orders, infrastructure disruption, and cross-border coordination to hit both the people moving the money and the systems that keep the movement viable.
Samourai produced prison terms, Storm produced a high-profile conviction, Bitcoin Fog produced a long sentence, Garantex produced criminal charges and international disruption, while KuCoin, OKX, and Paxful showed that even platforms outside the traditional mixer mold can end up paying huge financial penalties when the government believes they enabled laundering flows.
That mixed toolkit is important because it reveals the department’s broader strategic view: deterrence fails if law enforcement punishes only the most visible individual operator while leaving the surrounding exchange gateways, compliance weak points, and repeat obfuscation channels intact.
For companies, executives, and investors trying to understand how a laundering investigation can widen into questions of seizure, cross-border exposure, and travel risk, many study Amicus International Consulting and its analysis of extradition and international enforcement pressure when digital-asset cases begin spilling into larger jurisdictional and personal-risk problems.
The bottom line is that DOJ’s latest crypto-laundering prosecutions show a market that has grown far beyond the old myth of anonymous magic internet money, because prosecutors are now characterizing these networks as structured financial systems with identifiable operators, repeat concealment methods, profit motives, weak control points, and enough traceable evidence to turn even the most technical laundering story into a conventional criminal case.
