© 2026 TORALYA

From Mixers to Coin Swaps: Layer‑2 Networks and the Changing Face of Crypto Laundering

coin swaps
Blockchain Forensics & Monitoring-Crypto AML & Financial Crime-Dark Web Threat Infrastructure-DeFi & Cross-Chain Obfuscation-Laundering Typologies-Layer‑2 Risk & Blockchain Infrastructure-Privacy and Traceability in Crypto-Regulatory Gaps & Enforcement Lag-Senza categoria
December 1, 2025

Cryptocurrency criminals are rapidly shifting their money laundering playbook under regulatory heat. Traditional mixing services – once the go-to anonymisers – have fallen out of favour after high-profile sanctions and global takedowns. In their place, unregulated “coin swap” brokers and layer‑2 protocols are emerging as the preferred conduits for illicit funds. Blockchain intelligence research indicates that cross-chain and off-chain obfuscation has become a mainstream tactic: more than $21.8 billion in illicit crypto has been laundered via decentralised exchanges, bridges and no-KYC coin swap services. At the same time, usage of legacy mixers has plummeted by roughly 50% following enforcement actions. This article draws on data from blockchain analytics firms, law enforcement agencies and compliance reports to map this trend, noting regional variations and acknowledging data limitations. By combining multiple sources, we aim to illuminate how underground networks are outpacing traditional controls – and what that means for anti-money laundering (AML) efforts in late 2025.

Underground coin swaps – often arranged via Telegram or dark web forums – now offer anonymised, any-to-any asset conversions that bypass exchanges. These off-the-grid services operate without KYC, advertising discreet cross-chain swaps and even fiat cash-outs. In parallel, criminals are exploiting layer‑2 networks like Bitcoin’s Lightning and Ethereum’s rollups to move funds off-chain, making transactions invisible to public ledgers. The result is a multifaceted challenge for investigators: value can hop across blockchains, disappear into private payment channels, and re-emerge in entirely different form. Compliance infrastructure is lagging behind this shift. Travel Rule requirements rarely capture off-chain transfers, and most blockchain analytics tools struggle to follow assets through complex multi-chain hops. The following sections break down the key observations from recent cases and studies, explain why these developments matter for crypto compliance, and offer a forward-looking perspective for AML analysts, investigators and regulators.

Key observations

  1. Crackdown on mixers drives displacement – Intensifying enforcement has eroded the appeal of traditional crypto mixers. The designation of Tornado Cash in 2022 was a watershed, followed by international actions against platforms like Sinbad and ChipMixer. As a result, illicit funds sent to mixers dropped significantly in 2023. Law enforcement pressure even forced shutdowns of some Bitcoin mixing services, leading threat actors to seek alternatives. For example, North Korea’s Lazarus Group shifted from sanctioned mixers to new options in a cat-and-mouse adaptation. Major mixer developers have faced arrests and prosecution – sending a clear signal that these once-popular tumblers are high-priority targets.
  2. Rise of no‑KYC coin swap services – In place of mixers, underground swap brokers have proliferated to launder crypto across chains. These services, often advertising on Telegram and forums, let users swap any cryptocurrency into another (or into cash) without identity checks. Cross-chain laundering via DEXs, bridges and no-KYC coin swaps has soared in illicit crypto moved, becoming a mainstream method for hiding funds. Such services are active on darknet forums, offering “cleaning” packages that combine swaps, mixing, and even cash delivery across regions. Many operate under multiple brand names to evade detection. This underground industry thrives on the enforcement gap: unlike regulated exchanges, these brokers ignore sanctions and AML laws, providing criminals a reliable channel to convert “dirty” crypto into other assets with impunity.
  3. Cross‑chain “chain-hopping” becomes the norm – Sophisticated launders are leveraging cross-chain bridges and token swaps to obfuscate fund flows across multiple blockchains. Rather than send tainted coins straight to an exchange, they will hop value through several cryptocurrencies and networks – for instance, swapping Bitcoin to Ethereum via a bridge, then into privacy coins or stablecoins, then onto another chain like Tron – before a final cash-out. This fragmentation of the trail undermines traceability: each hop attempts to break the on-chain link between the origin and destination. More than 80 sanctioned entities have been identified employing coordinated cross-chain laundering to exploit gaps between jurisdictions. Dark web marketplaces now even sell “chain-hopping-as-a-service,” enabling non-technical criminals to anonymously route funds across chains for a fee. This professionalisation of chain hopping allows virtually anyone to launder proceeds through a labyrinth of wallets and contracts, greatly complicating attribution.
  4. Layer‑2 networks exploited for off‑chain obfuscation – Beyond multi-chain hopping, criminals are also moving funds through layer‑2 protocols that leave minimal footprints on base blockchains. A prime example is the Lightning Network on Bitcoin. Investigators warn that Lightning will not broadcast all transactions to the blockchain, but only the opening and closing of payment channels. Within a Lightning channel, illicit actors can rapidly pass BTC amongst themselves without making the times or amounts visible on-chain. Only when channels are settled do a few aggregated entries hit the public ledger. This extra layer of anonymity is attracting misuse. Likewise, Ethereum’s new rollup networks (Optimistic and ZK-rollups like zkSync or Starknet) can mask transaction details. Zero-knowledge proof systems allow transfers to be verified without revealing parties or amounts. If such layer‑2 privacy tech gains wider adoption, tracing illicit flows will become even more complicated. In effect, these Layer‑2 solutions act as decentralised mixers at the protocol level – but fall outside many existing monitoring regimes.
  5. Compliance blind spots and diversification – The combined effect of the above trends is a widening blind spot for AML compliance. Criminals are no longer relying on a single method but diversifying their laundering across multiple services and layers. A ransomware cell might split proceeds, sending some through a coin mixer, some via a cross-chain DEX swap, and some into Lightning channels – all in parallel – before reconverging into a safe asset. Cross-chain crime has evolved into a critical blind spot for traditional traceability tools and jurisdictional enforcement. Many AML frameworks were designed for single-chain analysis and KYC’d exchange withdrawals; they struggle when faced with decentralised, multi-hop schemes. Without holistic oversight, each hop or off-chain transfer is an opportunity to lose the scent. The ease of access to these obfuscation methods is also unprecedented – even low-skilled criminals can now launder funds by paying for plug-and-play swap services. The result is an increasingly diffuse laundering ecosystem that is harder to monitor or disrupt by any single authority.

Why this matters

  • Erosion of traceability – These trends directly undermine the “follow the money” approach in crypto investigations. When illicit funds flow through a tangle of blockchains and off-chain networks, the audit trail can effectively vanish. Transactions that disappear into private channels or obscure tokens are invisible to on-chain analytics. Investigators are left with partial data – for instance, seeing only that funds left Chain A but not where they went on Chain B. This erosion of transparency makes it far harder to identify the provenance of funds, attribute crimes, or freeze assets before they dissipate. In the long term, the trust in cryptocurrency’s traceability – often cited as an AML advantage – is at risk of being significantly diminished.
  • Regulatory and compliance gaps – AML regulations have not kept pace with these new laundering avenues. Many of these activities fall outside the scope of traditional oversight. For example, Travel Rule requirements mostly apply to VASP-to-VASP transfers on a base blockchain. They rarely cover layer‑2 channel payments or cross-chain hops that occur through unhosted wallets. Law enforcement can typically seize illicit crypto only if it passes through compliant exchanges or custodians; when criminals remain in decentralised or peer-to-peer realms, authorities are often powerless. This regulatory lag creates a safe haven for bad actors. The FATF and national regulators are now scrambling to update guidance – debating how to address unregulated nested services and require reporting on cross-chain transfers – but implementation is slow. In the interim, launderers are exploiting every unguarded seam between jurisdictions and technologies.
  • Strain on investigative tools – The complexity of multi-chain crime is straining the capabilities of even advanced blockchain forensic tools. Most analytics platforms were initially built to trace funds on a single chain, or between known entities. Few offer seamless tracing across dozens of blockchains in one view, let alone integrate off-chain data. Cross-chain movement often requires painstaking manual analysis, extracting data from multiple block explorers and linking them together – a time-consuming process prone to error. Some firms have introduced holistic tracing features, but such solutions are still emerging. Layer‑2 networks pose an even greater challenge: monitoring Lightning or rollups may require entirely new methodologies. The upshot is that investigations into such laundering schemes demand more resources, new skills, and innovative tools, delaying responses compared to more straightforward cases.
  • Increased risk to VASPs – For crypto exchanges and other VASPs, these laundering tactics translate into heightened exposure. Illicit funds that have been chain-hopped or swapped through unregulated services may eventually land at a compliant exchange to be cashed out – but with their origin effectively masked. Without robust cross-chain tracing in place, a VASP might unknowingly process tainted deposits, leading to AML program failures. The reputational and legal consequences can be severe: regulators have signalled that claiming ignorance is no excuse if an exchange becomes a conduit for laundered crypto. Moreover, the surge in Lightning usage and layer‑2 activity creates new touchpoints where VASPs might interface with illicit funds without recognising it. In short, compliance teams must expand their vigilance beyond the main blockchains, or else risk unwittingly facilitating financial crime.
  • Threats to sanctions and national security – The rise of these obfuscation methods carries implications beyond ordinary crime, potentially enabling sanctions evasion and terrorist financing on a larger scale. The fact that dozens of sanctioned actors have turned to cross-chain and layering techniques underscores a dangerous reality: rogue state cybercriminals and extremist groups can move wealth covertly in the crypto ecosystem, despite global efforts. By chain-hopping and using privacy layers, such actors seek to evade detection by FIUs and counter-terror units, undermining the impact of sanctions lists. This is not merely a cryptocurrency compliance issue but a broader national security concern – highlighting that financial intelligence must adapt quickly to avoid critical blind spots in combating organised crime and state-sponsored threats.

Looking ahead

  • Continuous evolution of laundering tactics – We can expect criminals to further innovate their methods as enforcement catches up. Atomic swaps and emerging decentralised mixing protocols on alternative chains may see greater use if current channels get policed. Threat actors are likely to adopt new privacy-enhancing cryptocurrencies or even tokenise illicit funds into NFT or gaming assets to blur their trail. The cat-and-mouse dynamic will continue: each time authorities close a loophole, we anticipate launderers to pivot swiftly to the next technology or jurisdiction that offers anonymity. Staying ahead of this curve will require constant monitoring of underground forums for chatter about “safer” laundering tricks.
  • Regulatory focus on cross-chain and L2 – Regulators and standard-setters are poised to address these blind spots in the near future. Industry experts are urging measures such as mandatory cross-chain transaction reporting by VASPs, standardised guidance for tracing layer‑2 activity, and categorising certain coin swap services as high-risk under global AML standards. The Financial Action Task Force (FATF) has already revised its Recommendation 16 guidance to clarify that instantly convertible crypto movements across networks must carry compliance info, although enforcement of this in practice remains uneven. Going forward, we may see jurisdictions implement licensing or geoblocking of known coin-swapping websites and require exchanges to screen incoming funds for layer‑2 origins. Regulators are also increasingly collaborating across borders, a trend likely to strengthen in order to tackle inherently transnational, multi-chain crimes.
  • Advances in blockchain analytics – On the industry side, significant R&D is being poured into next-generation blockchain analytics tools to keep pace with these threats. We anticipate new solutions that can visualise and trace funds moving through multiple blockchains in one interface, flagging risky hops in real time. Research is ongoing into monitoring Lightning Network flows – for example, by analysing public channel data and routing patterns to infer private payment activity – which could eventually feed into compliance dashboards. Zero-knowledge proof analytics is another emerging field: firms are exploring ways to gain insights from ZK-rollup contract states without breaking their cryptographic privacy. By late 2025 and beyond, AML software used by exchanges and banks will likely integrate cross-chain risk scoring, whereby a deposit that has traversed an anonymising bridge or swap raises automatic red flags. In short, expect the gap between criminal tactics and forensic capability to narrow as AI and broader data integration are applied to crypto tracing.
  • VASPs adapting and collaborating – Facing the new laundering landscape, legitimate crypto businesses will need to adapt their compliance programs proactively. This includes upgrading transaction monitoring systems to ingest data from multiple chains and layer‑2 networks, retraining staff on recognising novel red flags, and establishing policies for when to pause or refuse funds that have ambiguous origins. We foresee more exchanges joining information-sharing consortia to swap intelligence about suspected illicit addresses or swapping services – much like banks share data on fraud rings. Travel Rule protocols are also evolving: new interoperability solutions may emerge to attach beneficiary information even to layer‑2 or off-chain transfers in a secure way. The net effect will be a gradually closing ring around launderers, as VASPs extend their oversight to cover what were once unmonitored pathways. Those that move early on this will not only avoid regulatory penalties but also help choke off avenues for criminals, contributing to a safer crypto ecosystem.
  • Education and skilling up – Finally, the shift in laundering techniques underscores a need for continual education among compliance professionals and investigators. Blockchain forensics is no longer a niche skill – it’s becoming essential for any AML analyst dealing with crypto. Organisations will invest in training their teams on topics like multi-chain tracing, Lightning forensics, and deciphering smart contract mixers. We anticipate more cross-training between traditional finance AML experts and crypto-native analysts, fostering a hybrid skill set. Law enforcement agencies are similarly ramping up crypto crime units with expertise in these domains. The learning curve is steep, but necessary: combatting “Laundering 2.0” will require a workforce fluent in both conventional financial crime techniques and the intricacies of blockchain technology. In addition, a greater public-private exchange of knowledge is on the horizon to ensure that threat intelligence on these new methods is widely disseminated rather than siloed.

Our perspective

  • Anticipating adversarial adaptation – The ongoing shift from mixers to coin swaps and layer‑2 obfuscation highlights how quickly threat actors adapt to pressure. This evolution reinforces the need for a proactive intelligence-led approach to crypto compliance. At Toralya, we treat the dark web and underground channels as early warning systems – by monitoring forums, Telegram groups, and illicit marketplaces, we often detect brewing trends before they become mainstream. Staying ahead of criminal innovation is imperative; waiting to react after the fact means constantly playing catch-up.
  • Holistic monitoring across ecosystems – We believe that effective blockchain risk management must break out of siloed views. Holistic monitoring is now the gold standard: connecting data from multiple blockchains, layer‑2 networks, P2P markets, and even fiat off-ramps to see the full picture. Our analysts utilise a blend of on-chain analytics and off-chain intelligence – for instance, correlating a suspicious address cluster with chatter about a “guaranteed mixer” service on a forum. This multi-source, multi-layer approach is what enables us to uncover complex laundering schemes that would elude a single-dataset analysis. In an era where criminals hop freely between ledgers, such breadth of vision is key.
  • Balancing privacy and security – The rise of privacy-enhancing crypto technologies is a double-edged sword. Toralya’s perspective is that financial privacy and security can co-exist, but it requires responsible implementation and oversight. We support calls for clear ethical guidelines on dual-use tech: for example, zero-knowledge protocols should potentially include opt-in auditability for regulated entities. The goal is not to stifle innovation – layer‑2 scaling and privacy features have legitimate benefits – but to ensure they are not purely exploited as crime havens. Transparency to users about risks and collaboration with developers of such tools can create a middle ground where user privacy doesn’t equate to carte blanche for criminals.
  • Closing regulatory loopholes – A core part of our mission is to highlight where policy has not kept pace with reality. The current gap around coin swap services and layer‑2 transactions is one such area. Toralya advocates for regulators to update AML frameworks in light of these trends – for instance, explicitly bringing cross-chain facilitators under AML obligations or extending travel rule coverage to certain off-chain movements. We contribute to industry discussions and working groups to help shape pragmatic regulations that address illicit finance risks without hindering technological progress. Our view is that international cooperation will be vital here: criminals are leveraging global networks, so regulators must similarly coordinate to avoid simply pushing the problem into less regulated jurisdictions.
  • Empowering compliance professionals – Ultimately, technology and regulation are only as effective as the people enforcing them. We emphasize training and empowerment for compliance teams dealing with crypto. Toralya regularly provides workshops, detailed reports, and case studies to crypto exchanges, banks, and law enforcement units, sharing insights on the latest laundering typologies. From tracing techniques for a Lightning channel closure to recognising patterns of a cross-chain “loop” transaction, our goal is to make cutting-edge knowledge accessible. By demystifying complex schemes and offering actionable guidance, we help investigators and analysts build confidence in tackling these challenges. In our experience, an informed and agile compliance function – one that continuously learns and adapts – is the best defense against even the most sophisticated illicit finance operations.

Trend analysis as of Q4 2025 shows that the criminal crypto laundering landscape is undergoing a fundamental shift. What was once a straightforward path through mixers has splintered into a web of swaps, bridges, and off-chain networks, pushing the boundaries of investigators’ reach. As a threat intelligence provider, Toralya continuously tracks these adversarial developments across both open and clandestine sources, enabling our clients to anticipate changes before they hit them. We work closely with crypto compliance professionals to translate these insights into stronger controls – whether it’s adjusting an exchange’s monitoring rules to flag cross-chain anomalies or advising regulators on emerging typologies. In a context where money launderers leverage every technological edge to hide their tracks, investing in proactive, multi-layered defenses is no longer optional; it is paramount to safeguarding the integrity of the digital asset ecosystem. By staying informed and collaborating across the public-private divide, the crypto community can rise to the challenge of this new era of laundering and ensure that the innovations of Web3 are not co-opted by its darkest elements.

Key Sources and References

Elliptic Enterprises Ltd. (2025). The State of Cross-Chain Crime 2025.

Chainalysis Inc. (2025). Crypto Crime Report – Midyear Update.

TRM Labs. (2025). Illicit Crypto Ecosystem Trends Q3–Q4 2025.

Europol. (2024). First Report on Encryption: Impact on Criminal Investigations.

Coingeek. (2024, August). Europol flags Bitcoin Lightning Network as growing blind spot for investigators.

Flare. (2025). Underground Coin Swap Markets: Obfuscation-as-a-Service on Telegram. Threat Intelligence Brief.

Decrypt Media Inc. (2025). ZK Rollups, Privacy Layers and the Obfuscation Risk.

U.S. Department of the Treasury – OFAC. (2022–2025). Sanctions Notices on Tornado Cash, Sinbad, ChipMixer and Related Entities.

Financial Action Task Force (FATF). (2025, June). Targeted Update on Implementation of the FATF Standards on Virtual Assets and VASPs.

CipherTrace. (2025). Layer-2 Laundering and DeFi Risks – Risk Vectors Q4 2025.

Tags:

Previous
Next

No responses yet

Leave a Reply

Latest Comments

No comments to show.

© 2026 TORALYA

Discover more from TORALYA

Subscribe now to keep reading and get access to the full archive.

Continue reading