Tracing firms say Binance’s claims of improving financial crime left out key crime stats
Analytics firm Chainalysis said a Binance report claiming illicit activity on the platform plummeted failed to factor in funds stolen through hacks and ransomware.
After the International Consortium of Investigative Journalists revealed hundreds of millions of dollars worth of suspect cryptocurrency landed in Binance accounts, the exchange claimed illicit activity on its platform had dropped sharply since 2023. But leading crypto analytics firm Chainalysis now says that Binance did not include key crime data in these figures.
Last month, ICIJ released The Coin Laundry, a global investigation with 37 media partners into dirty money in the cryptocurrency industry. The investigation’s findings included an examination of Binance’s activities while the firm was under U.S. court-mandated monitoring for its anti-money laundering practices. On Nov. 17, the day ICIJ’s investigation published, Binance released a report of its own that showed a stunning two-year drop in illicit funds on its platform. It cited data from two cryptocurrency analytics and tracing firms, including Chainalysis, the field’s most prominent.
But late last month, Chainalysis said that the Binance report and a subsequent Binance press release had omitted certain categories of crime, including funds stolen through hacks.
“Chainalysis did not conduct the analysis,” the analysis firm said in a statement on its website. “The data Binance used for their analysis does not appear to include all categories of illicit activity that Chainalysis tracks.”
The world’s largest cryptocurrency exchange, Binance has a history of allowing hundreds of millions in dirty money to flow through its accounts. In 2023, the firm pleaded guilty to violating U.S. money laundering laws. The Coin Laundry found that, even after its guilty plea, Binance accounts took in more than $400 million from the Huione Group, a firm based in Cambodia that the U.S. Treasury Department has flagged for large-scale money laundering. An additional $900 million flowed into Binance deposit accounts this year from a different platform that North Korean hackers were using to launder stolen funds, the investigation found.
In a statement to ICIJ, Binance said it stands behind its financial crime figures as presented in its recent publications. The company said it was transparent about the fact that Binance conducted the analysis independently of the firms it had received the data from. Binance said that the “analysis did not include every category of illicit activity,” such as funds from ransomware and hacks. The firm said that those “categories require different methodologies and are not uniformly defined across data providers.”
Binance told ICIJ that it is open to working with analytics firms to “include additional categories in future, more comprehensive reviews.”
Crypto exchanges like Binance let users set up accounts to deposit funds and trade cryptocurrency. These platforms also allow users to quickly convert cryptocurrency to traditional money. Crypto-reliant criminals have also used them to move billions of dollars worth of funds.
To address financial crimes on their platforms, Binance and other exchanges have joined with analytics firms like Chainalysis that specialize in collecting and assessing data on blockchains, the public ledgers of cryptocurrency transactions. Chainalysis and its competitors supply crypto companies with tools that help identify the ownership of cryptocurrency wallet addresses — the crypto equivalent of bank account numbers. That information is crucial for exchange compliance departments, which are tasked with detecting suspect funds flowing through their platforms.
In its Nov. 17 report, Binance cited Chainalysis data to assert that the firm had reduced “its direct exposure to illicit flows” by at least 96 percent since early 2023. Binance also said that in June 2025, only 0.007 percent of its transaction volume was “directly linked to wallets associated with illicit activity,” citing its interpretation of select Chainalysis data.
The exchange cited data from Chainalysis and tracing firm TRM Labs in stating that Binance had the lowest exposure to criminal funds compared to six of its biggest competitors.
In response to questions about Binance’s claim that it had the lowest ratio of crime-linked funds, Ari Redbord, head of policy at TRM Labs, said that “comparisons to other exchanges were not part of our analysis.” Redbord said that TRM’s comments on the matter are “consistent with Chainalysis’ public statement.”
Chainalysis declined to respond to ICIJ’s questions about Binance’s use of its data. The firm also declined to name what, if any, other categories of illicit activity besides cyber heists and ransomware may have been excluded from Binance’s numbers.
Redbord said that a figure Binance attributed to TRM Labs — that Binance transaction volume in June saw only 0.016% direct exposure to illicit sources — did not include funds stolen from hacks.
Redbord said that the statistics behind that figure covered “limited categories.” This included “illicit goods and services, scams, terrorist financing and sanctions,” he said, adding that ransomware funds would have been included as a subset of these categories.
Binance told ICIJ that the numbers, limited as they may be, demonstrate considerable improvements. “The decrease in illicit activity on our platform is a testament to the significant investments we have made in compliance staffing, advanced tooling, and robust controls over recent years,” a Binance spokesperson said. “We have also been clear that other categories exist and are important, and we are open to expanding future analyses to include them, using consistent definitions.”
Redbord also said that the number was a snapshot based on data that could evolve over time and that “may adjust as additional intelligence emerges, which is a normal part of blockchain analysis.”
Because crypto wallet addresses often appear as anonymous blocks of code in blockchain data, estimates of illicit activity on exchanges can increase over time as analysis firms discover the ownership of more wallets.
Blockchain analysis firms position themselves as both watchdogs and boosters of the crypto industry. Policy makers and law enforcement look to these firms as authoritative sources of information about fast-evolving intricacies of how criminals use cryptocurrency. But the analytics companies also maintain major contracts with cryptocurrency ventures that have been associated with large-scale crypto crime. This has placed the analysis firms in sometimes uncomfortable situations when crypto scandals are related directly to their own clients.
Last week, ICIJ published a story about the crypto giant Tether, in which the company appeared to cast doubt on Chainalysis and TRM’s finding that a crypto wallet address responsible for moving more than a billion Tether tokens over a matter of weeks was owned by the Huione Group. Tether has partnered with both firms to address crime.
Chainalysis and TRM both told ICIJ that they stood by their findings on the wallet address.