2 hours ago
6
Crypto hackers are now moving stolen funds in as little as two seconds after an attack begins. In most cases, they shift assets before victims even disclose the breach.
That is the clearest finding from Global Ledger’s 2025 analysis of 255 crypto hacks worth $4.04 billion.
Blink and It’s Gone: Crypto Laundering Now Starts Before Disclosure
The speed is striking. According to Global Ledger, 76% of hacks saw funds move before public disclosure, rising to 84.6% in the second half of the year.
How Fast Crypto Hackers Move Stolen Funds. Source: Global LedgerThis means attackers often act before exchanges, analytics firms, or law enforcement can coordinate a response.
However, speed tells only part of the story.
While first transfers are now near-instant, full laundering takes longer.
On average, hackers needed about 10.6 days in the second half of 2025 to reach final deposit points such as exchanges or mixers, up from roughly eight days earlier in the year.
In short, the sprint is faster, but the marathon is slower.
This shift reflects improved monitoring after disclosure. Once incidents go public, exchanges and blockchain analytics firms label addresses and increase scrutiny.
As a result, attackers break funds into smaller pieces and route them through multiple layers before attempting cash-out.
Hacking Speed Increased, but Crypto Laundering Speed Became Slower. Source: Global Ledger
Bridges, Mixers, and the Long Road to Cash-Out
Bridges have become the main highway for that process. Nearly half of all stolen funds, about $2.01 billion, moved through cross-chain bridges.
That is more than three times the amount routed via mixers or privacy protocols. In the Bybit case alone, 94.91% of stolen funds flowed through bridges.
At the same time, Tornado Cash regained prominence. The protocol appeared in 41.57% of hacks in 2025. Its usage share jumped sharply in the second half of the year, following sanctions changes cited in the report.
State of Crypto Theft and Money Laundering. Source: Global Ledger Meanwhile, direct cash-outs to centralized exchanges fell sharply in the second half. DeFi platforms received a rising share of stolen funds. Attackers appear to avoid obvious off-ramps until attention fades.
Notably, nearly half of all stolen funds remained unspent at the time of analysis. That leaves billions sitting in wallets, potentially waiting for future laundering attempts.
The scale of the problem remains severe. Ethereum accounted for $2.44 billion in losses, or 60.64% of the total.
Overall, $4.04 billion was stolen across 255 incidents.
Yet recovery remains limited. Only about 9.52% of funds were frozen, and 6.52% were returned.
Taken together, the findings show a clear pattern. Attackers now operate at machine speed in the first seconds after a breach.
Defenders respond later, forcing criminals into slower, staged laundering strategies. The race has not ended. It has simply entered a new phase—measured in seconds at the start, and days at the finish.
The post Crypto’s 2-Second Laundering Era: Hackers Now Move Before Victims Speak appeared first on BeInCrypto.
![XRP Community Day [Live] Updates: Ripple CEO To Soon Address XRP’s Future, Longevity and Institutional Adoption](https://image.coinpedia.org/wp-content/uploads/2026/02/05161327/XRP-Price-Drops-10-as-Leverage-Dries-Up-and-Whale-Activity-Remains-Absent-1024x536.webp)
English (US) ·