Anti-Money Laundering enforcement has overtaken securities violations as the leading regulatory threat facing cryptocurrency companies, according to a new report by blockchain security auditor CertiK. US authorities imposed more than $1 billion in AML-related fines on crypto firms during the first half of 2025, marking a decisive shift in how regulators are approaching the digital asset industry.

SEC Enforcement Collapses as AML Takes Center Stage

The shift marks a sharp break from the US Securities and Exchange Commission-led enforcement cycle that defined earlier years of crypto regulation. SEC crypto-specific penalties collapsed 97% in penalty value year over year, dropping from $4.9 billion in 2024 to just $142 million in 2025. Transaction monitoring and licensing failures are now drawing penalties that rival or exceed many earlier crypto securities cases.

The Department of Justice's February 2025 settlement with OKX reached $504 million, while KuCoin paid $297 million in January 2025, both for operating unlicensed money transmitting businesses and Bank Secrecy Act violations. Together, these two cases alone account for the bulk of the $1 billion-plus in AML penalties recorded in the period.

Sanctions Volume Surges as Global Regulators Align

Sanctions-related crypto volume grew more than 400% year over year in 2025, driven primarily by Russia-linked networks and state-aligned stablecoin infrastructure. The surge has forced regulators across all major jurisdictions to prioritize transaction monitoring and cross-border financial crime compliance over token classification disputes.

European AML fines surged 767% over the same period, while Asia-Pacific regulators increasingly favor license revocations and business improvement orders over monetary penalties. The enforcement pivot reflects both a change in US administration policy and a broader reassessment of the SEC's jurisdictional approach to digital assets.

Basel Rules Create Structural Divide for Institutional Adoption

The enforcement shift coincides with broader global regulatory trends. Stablecoin regulations are moving from design to implementation across major jurisdictions, with binding frameworks now operational from the GENIUS Act in the United States to the Markets in Crypto Assets regime in Europe. Prudential standards for custodians and exchanges are also tightening, with requirements now covering capital adequacy, asset segregation, liquidity management and recovery planning.

The Basel Committee's cryptoasset prudential standard, scheduled for implementation from January 1, 2026, subject to local adoption, has created what CertiK describes as a structural divide for institutional adoption. Group 2 assets, including Bitcoin and Ether, face near-100% capital charges, making them economically difficult for banks to hold on the balance sheet. Group 1 assets, such as tokenized traditional instruments and qualifying stablecoins, receive standard risk weighting.

Smart Contract Audits Move Toward Mandatory Status

CertiK's analysis of the top 100 exploited protocols found that 80% had never undergone a formal security audit before a breach, and those unaudited protocols accounted for 89.2% of total value lost. Smart contract security assessments are increasingly being folded into licensing and compliance expectations across major markets, with security audits moving from voluntary best practice toward statutory or quasi-statutory requirement within two years.

Infrastructure compromises such as private key theft and access control failures drove 76% of 2025 losses by value, as the threat landscape moved beyond code exploits. For crypto firms operating across major jurisdictions, the message from regulators is increasingly clear: operational compliance failures, not just disclosure violations, will carry the heaviest penalties going forward.