This summer, Roman Storm, co-founder of the notorious cryptocurrency mixer Tornado Cash, was convicted in New York federal court of conspiring to operate an unauthorized money transfer business.
While prosecutors celebrated Storm’s conviction as a major victory in the fight against crypto money laundering, the reality is more complicated.
For years, regulators have treated mixers like Tornado Cash as the ultimate money laundering threat. It’s easy to believe that these tools, which are anonymous, opaque, and seemingly made for criminals, are driving much of the crypto money laundering. But the numbers tell a different story.
The most popular crypto money laundering engines are not cash mixers, but centralized exchanges. A leading branded trading platform that is licensed, regulated and openly connected to the global banking system. These exchanges appear to be highly regulated and well-supervised, touting compliance teams and “Know Your Customer” (KYC) verification checks. But in reality, they facilitate criminal activity and serve as the main entry and exit points for dirty cryptocurrencies.
To truly combat crypto money laundering, regulators need to focus on tightening KYC requirements and cracking down on centralized exchanges where most money laundering takes place.
Centralized exchanges are laundering hubs
According to a 2025 Chainalysis report, throughout 2024, the majority of illicit crypto funds were sent to centralized exchanges.
Centralized exchanges are where criminals turn to convert dirty crypto into easy-to-spend cash. These are the final steps in most money laundering schemes, the point at which illicit funds are exchanged for dollars, euros, or yen and transferred to real banks.
Criminals are drawn to these platforms for the same reasons as legitimate traders: liquidity, speed, and global reach. Mixers like Tornado Cash can obfuscate funds on-chain, but they cannot turn the funds into cash and move them to a bank account. Only exchanges with deep liquidity and ties to fiat currencies can do that. Centralized exchanges often rely on compliance programs that are under-resourced, poorly enforced, or undermined by permissive jurisdictional rules, allowing illegal transactions to slip through the cracks.
High-profile law enforcement cases have revealed how systemic the problem is. A 2023 settlement between the US Department of Justice and Binance revealed that the prominent exchange processed transactions related to ransomware, darknet markets, and sanctioned entities. The exchange has since stepped up its compliance efforts, spending $213 million on the department in 2023. BitMEX similarly pleaded guilty to violating the Bank Secrecy Act and was sentenced to a $100 million fine. (BitMEX founders and former executives Arthur Hayes, Ben Dello, and Samuel Reid pleaded guilty to related charges and were later pardoned by US President Donald Trump.)
Concentrating regulatory energy on mixers while leaving exchanges the primary fiat gateways for illicit funds is like locking the windows while leaving the front door wide open.
KYC is not the silver bullet we tout
Know Your Customer (KYC) rules are the cornerstone of cryptocurrency compliance. On paper, it promises to weed out bad actors by verifying identities, inspecting transactions, and flagging suspicious activity. In reality, these are often box-checking exercises, a veneer of diligence to give regulators the illusion of safety and for sophisticated criminals to find ways around it.
Weak KYC processes are one of the problems. Some exchanges accept low-quality identity documents or rely on automated systems that can be tricked with deepfakes or stolen data. Some companies outsource compliance entirely, turning it into a contractual checkbox rather than an active safeguard. Even if the process worked, it wouldn’t stop determined money launderers from using mules, straw accounts and shell companies to get their first checks through.
But the bigger flaw is structural. KYC is designed to scrutinize individual accounts and is designed to detect laundering patterns at scale. A licensed entity may never be able to open an account in its own name. Instead, they end up distributing trades across dozens of intermediaries, routing funds through layers of seemingly legitimate accounts until they reach an exchange that converts them into fiat currency. By the time funds reach the compliance team’s radar, they often pass through many hands, making the paper trail feel cleaner.
This is why enforcement actions against major exchanges continue to reveal the same uncomfortable truth. Compliance does not fail because there are no rules. They are failing because the systems that enforce them are reactive, under-resourced, and easily manipulated.
Strengthening centralized exchanges against money laundering
Centralized exchanges are always an attractive target for launderers because they sit at the intersection of cryptocurrencies and fiat currencies. Enforcement is therefore not just a policy issue, but a design issue. Real progress means moving beyond symbolic KYC checks to systems that detect laundering patterns in real time across accounts and jurisdictions.
It starts with ensuring your compliance team is resourced to match the scale of the platforms you monitor. That means closing loopholes in the law that allow exchanges to operate from permissive jurisdictions while serving high-risk markets, and holding executives personally liable for wrongdoing when controls fail. Regulators must require and verify that exchanges share actionable information with each other and with law enforcement so that criminals cannot simply move from one platform to another undetected.
This is much more difficult than targeting cash mixers.
None of this is easy, but it’s the only way to tackle laundering where it’s actually happening. Until exchanges are strengthened at a structural level, enforcement actions will remain reactive and billions of dollars in illicit funds will continue to slip through the gates.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
