The CryptoCubed Newsletter: Top 5 AML Crypto Fines in 2025

👋 Welcome back to CryptoCubed! Instead of our usual monthly crypto news round-up, this month, we are highlighting the top 5 AML crypto fines in 2025. This year, Anti-Money Laundering (AML) charges in the cryptocurrency sector surpassed $1 billion globally, with the average penalty for each crypto firm rising to $3.8 million in the first half of 2025.

In the US, regulators have taken a firm stance in penalizing crypto firms for compliance failures, with leading names such as OKX and KuCoin facing significant repercussions. We also see global hotspots such as Canada’s Cryptomus in the headlines this year. Can you guess the top 5 largest crypto compliance fines of 2025? Check them out below.

1. OKX Historic AML Fine

OKX, $505 million fine (February 24, 2025) — Leading cryptocurrency exchange OKX was fined over $505 million by the US Department of Justice (DOJ). This marks the most significant penalty in crypto history, with the firm being penalized for severe AML failures. The Seychelles-based platform processed $5 billion in unmonitored transactions linked to high-risk jurisdictions.

OKX violated the US Bank Secrecy Act (BSA), potentially facilitating illicit transactions and illegal activities on the platform. Additionally, the DOJ found that OKX enabled users to bypass Know Your Customer (KYC) checks, with employees assisting customers in falsifying their IDs and using VPNs to evade IP bans.

Outcome and Lesson Learnt:

• OKX agreed to criminally forfeit $420.3 million and pay a criminal fine of approximately $84.4 million.

• US cryptoasset firms must adhere to the FinCEN’s Travel Rule for VASPs, including having a strong Suspicious Activity Report (SAR) submission process.

• Businesses in regulated industries are mandated to implement robust sanctions and watchlist screening, followed by geofencing, to block high-risk users effectively.

For more on this story, click here. 

2. KuCoin Connection to Illicit Funds

KuCoin, $300 million fine (January 27, 2025) — Peken Global Ltd., operating as KuCoin, pleaded guilty to violating the BSA. Founded in 2017, KuCoin is one of the largest global crypto exchanges, with over billions in trading. KuCoin was charged for running an unlicensed exchange operation, bypassing critical AML and KYC controls, and failing to submit SARs.

The US DOJ and Securities and Exchange Commission (SEC) exposed the firm for enabling customer trading without adequate identity verification, enabling users to transact money anonymously. KuCoin processed over $4 billion in suspicious transactions, potentially enabling illicit flows to fraud and sanctions evasion.

Outcome and Lesson Learnt:

• KuCoin agreed to forfeit $184.5 million and pay a criminal fine of approximately $112.9 million. Its co-founders, Gan and Tang, had to forfeit approximately $2.7 million in funds received.

• Cryptoasset firms in the US must adhere to stringent Customer Identification Programs (CIPs), collecting robust customer data, including full name, date of birth, and address.

• Under FinCEN, companies operating in the US must register as a money transmitting business and file required SARs promptly.

For more on this story, click here. 

3. BitMEX Evasion of Key AML Laws

BitMEX, $100 million fine (January 15, 2025) — BitMEX, operating under HDR Global Trading Limited, entered a guilty plea in July 2024 and was sentenced to a $100 million fine this year for breaching AML and KYC laws. Under registration with the Commodity Futures Trading Commission (CFTC), BitMEX is required to implement robust AML and KYC programs, but chose to evade them.

BitMEX enabled its customers to trade on the platform with merely an email address, which was insufficient in preventing money laundering and other financial crimes under US law. Additionally, the firm lied to a bank about the purpose and nature of a subsidiary to continue generating millions of revenue from its US operations.

Outcome and Lesson Learnt:

• BitMEX was fined $100 million and placed on two years of probation. Its three founders and executives, Hayes, Delo, and Reed, paid $10 million in civil monetary penalties to the CFTC.

• Founders must prioritize governance over growth by appointing dedicated risk management teams and conduct annual audits to evade repercussions.

• Under the BSA, email-only registration is deemed inadequate. Businesses must implement complete KYC processes and ongoing monitoring to detect high-risk users.

For more on this story, click here. 

4. Cryptomus Record-Breaking Canada Fine

Cryptomus, $127 million fine (October 22, 2025) — Cryptomus, known formerly as Certa Payments LTD, was fined C$176.96 million by the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC). Cryptomus, the cryptocurrency payment platform, was found breaching the Proceeds of Crime (Money Laundering) and Terrorist Financing Act.

The firm breached Canada’s AML laws, including failing to submit 1,068 suspicious transaction reports that were potentially linked to child abuse material, fraud, and sanctions evasion. Additionally, Cryptomus failed to report large virtual currency transfers of over $10,000 and ignored high-risk transactions linked to Iran.

Outcome and Lesson Learnt:

• FINTRAC imposed a record C$176.96 million administrative penalty, marking the largest in crypto fine in Canadian history.

• Under Canadian law, cryptoasset firms are required to have adequate senior compliance oversight on all AML and KYC programs.

• Proactive risk assessments and timely sanctions reporting are crucial in preventing lapses by bad actors.

For more on this story, click here.

5. Paxos Partnership with Binance Exposed

Paxos, $48.5 million fine (August 6, 2025) — Paxos Trust Company received a $48.5 million penalty for systematic AML deficiencies. Founded in 2015, Paxos is a regulated blockchain infrastructure provider in the crypto sector, offering stablecoins such as PAX. The firm was fined after the New York Department of Financial Services (NYDFS) found critical gaps in its compliance programs.

The NYDFS launched investigations in 2023 after uncovering severe AML and KYC failures related to Paxos’ partnership with Binance, who were charged $4.3 billion in 2024 for violating AML laws. Paxos was found to have weak due diligence controls, allowing $1.6 billion in illicit funds to flow. Additionally, it had weak transaction monitoring processes.

Outcome and Lesson Learnt:

• Paxos was charged a $26.5 million penalty by the New York State and was mandated to pay $22 million to remediate its compliance program.

• Cryptoasset firms are required to conduct ongoing due diligence on all businesses and partnerships, including exchanges.

• Automated transaction monitoring is crucial for detecting and escalating high-risk transactions to senior executives promptly.

For more on this story, click here.

Time for Your Monthly CryptoCubed Poem

So you’ve made it to the end of our newsletter. It’s time to enjoy a little satire, worthy reader, you’ve earned it.

🔥 THE CRYPTO CUBED POEM: DECEMBER 🔥

In 2025, the sleigh bells ring,

While regulators take their full swing.

Crypto firms try to audit with care,

As they try to ensure compliance everywhere.

Wallets hum a jingle bright,

As fines fall softly through the night.

This year’s gift, a costly sign,

Peace on Christmas, but not crypto trading online.

Click here to learn more about how ComplyCube supports cryptocurrency firms in maintaining global AML and KYC compliance.

Stay tuned for our next newsletter and have a happy holiday season!