When the Coin Laundry investigation first surfaced through the International Consortium of Investigative Journalists, the public saw headlines about a Cambodian conglomerate called Huione Group. But what the headlines didn’t immediately reveal was the second half of the system, the indispensable role played by cryptocurrency exchanges around the world.
- Every laundering network needs an entry point.
- Every laundering network needs an exit.
Exchanges provided both. A failure of compliance, of regulation, and sometimes simply of speed. Because in the Coin Laundry scandal, speed was everything.
Binance — The Largest Entry Point in the Laundering Pipeline
Binance had always been the gravitational centre of the crypto economy. But in the Coin Laundry data sets, it became clear that Binance was also the gravitational centre of illicit flows.
The newsroom behind the project uncovered something staggering:
Over $408 million in tether (USDT) flowed from Huione-connected wallets to Binance customer accounts between July 2024 and July 2025. What shocked investigators even more was that this happened during the period when Binance was operating under court-appointed compliance monitors following its 2023 guilty plea and $4.3 billion penalty for anti–money laundering violations. The system was supposed to be airtight. Instead, about $1 million a day slipped through.
When I spoke to compliance professionals who reviewed the flows, many admitted that Binance’s architecture, built for scale and speed, was nearly impossible to police in real time. One analyst put it bluntly: “The criminals weren’t hiding. They were outrunning us.”
Binance denied intentional wrongdoing, but the blockchain trail remains one of the most disturbing elements of the entire investigation.
OKX — A Guilty Plea Followed by a Second Wave of Illicit Funds
Like Binance, OKX had its moment of reckoning. In February 2025, it pleaded guilty in the United States for operating as an unlicensed money transmitter and agreed to pay over $504 million in penalties. The exchange also accepted a court-mandated compliance consultant.
Yet the ICIJ’s blockchain analysis revealed something regulators never anticipated:
More than $226 million from Huiong-linked wallets has still been entered into OKX customer accounts, including over $161 million after the U.S. Treasury officially labelled Huiong a “primary money laundering concern” under Section 311.
OKX stated that it took steps once questions were raised, but those steps followed the investigation, not preceded it. For many observers, OKX became a symbol of how even punished exchanges fail to stop sophisticated laundering networks.
Coinbase — The “Clean” Exchange That Still Became a Highway
Coinbase promotes itself as the safe, regulated alternative to offshore exchanges. It holds licenses, complies with U.S. laws, and works closely with agencies like the Department of Justice and FinCEN.
Yet even Coinbase appeared in the Coin Laundry flows. Investigators found that over $700,000 linked to the Sinaloa Cartel’s operations reached Coinbase accounts. These funds were deposited through customer wallets, then routed to Binance to disappear into more complex laundering clusters. Coinbase’s compliance team wasn’t asleep; the issue was structural.
When customers open accounts with forged documents and instantly forward funds to offshore networks, even the cleanest exchange becomes a temporary gateway.
The public’s reaction was swift. Search volumes spiked for:
- “Is Coinbase really safe?”
- “Can regulated exchanges still be used in laundering?”
The uncomfortable answer is yes, safety is relative.
Kraken — The Cash Desk Conduit
Kraken’s role in the scandal was distinct. It wasn’t implicated in cartel flows or pig-butchering scams directly. Its issue was high-volume crypto-to-cash intermediaries.
One Toronto-based Telegram cash desk known as “001k” had two-way activity with Kraken:
- A Kraken-linked wallet sent over $2.1 million to the cash desk.
- The same desk later sent over $13 million into Kraken accounts.
This did not mean Kraken collaborated.
It meant criminals saw Kraken as:
- compliant, but not intrusive,
- liquid, but not oversized,
- international, but not overly bureaucratic.
In other words: the perfect midpoint.
HTX (Huobi) — The Chosen Exchange for Sanctioned Actors
HTX, formerly Huobi, had long been on the radar of global regulators. Its compliance standards were repeatedly criticised by agencies monitoring flows tied to Russia, Iran, and North Korea.
The Coin Laundry investigation revealed that a Russian launderer who handled funds for North Korea’s weapons program maintained an active HTX account. Those funds came from fentanyl trafficking networks traced back through Huione-adjacent wallets.
HTX denied direct links, but the blockchain data told another story, one where sanctioned ecosystems used HTX as a bridge into global liquidity.
KuCoin — The Quiet Middle Layer
KuCoin rarely makes headline scandals, but in illicit finance, silence can mean efficiency.
The ICIJ investigators found that KuCoin frequently appeared as a middle-layer exchange. Funds would hop from Huione-linked wallets into KuCoin before being sent to major platforms like Binance.
This “buffer” role made detection harder. The objective wasn’t to hide forever, only to blur the trail.
KuCoin insisted it complies with AML standards, but the flows reveal how easily even mid-tier platforms become part of global laundering chains.
Bybit — Laundering After the Largest Heist in Crypto History
In early 2025, Bybit became the victim of the largest crypto heist ever recorded, allegedly orchestrated by North Korean hackers. Roughly $1.5 billion was stolen.
After the hack, funds began appearing in the Coin Laundry data. Hackers used ThorChain, Binance, and Bybit-linked wallets to cycle stolen funds through a maze of jurisdictions. The troubling part was that Bybit wasn’t just a victim; it became a node in the laundering cycle.
WhiteBIT — The Cash Desk Powerhouse
Among all exchanges named in the investigation, WhiteBIT arguably had the most surprising role.
The 001k cash desk, the same one connected to Kraken, sent over $1.1 billion to WhiteBIT accounts.
This made WhiteBIT the largest exchange involved with crypto-for-cash operations.
Unlike Binance or Coinbase, WhiteBIT wasn’t the centre of global trading. That made it far less monitored and far more valuable to laundering networks.
ThorChain — The Laundering Freeway
ThorChain, a decentralised swapping network, became one of the most powerful laundering tools because of its architecture.
- There is no central operator.
- No compliance desk.
- No mandatory KYC.
Criminal networks used it to obscure the origins of funds from both the Bybit hack and Huion-connected wallets. ICIJ found that ThorChain facilitated over $900 million in swaps linked to illicit flows.
For regulators, ThorChain is a nightmare: a protocol designed to move assets across chains without friction.
The 27 Indian Exchanges — The First Stop for Stolen Money
Perhaps the most unsettling chapter of the Coin Laundry story was India’s unexpected role.
Between January 2024 and September 2025:
- 2,872 Indian victims
- ₹623.63 crore in stolen funds
- 27 domestic exchanges are involved as transit points
The Cyber Crime Coordination Centre (I4C) documented these flows as part of a national laundering pipeline.
The exchanges varied in scale; some were major domestic platforms, others were small regional apps, and a few barely had functioning compliance teams.
Most weren’t complicit, but the infrastructure was weak enough that stolen funds passed through easily.
India responded aggressively:
- FIU-IND issued notices to 25 offshore platforms for operating illegally
- CERT-In mandated cybersecurity audits for all VDA service providers
- The Enforcement Directorate froze assets across multiple laundering cases
The Coin Laundry investigation exposed not just global crime but a national vulnerability.
Why Almost Every Exchange Failed
The takeaway from the Coin Laundry files is not that exchanges are corrupt.
It is that exchanges are outmatched.
Criminal networks are:
- faster
- more coordinated
- spread across multiple jurisdictions
- supported by forced-labour scam compounds
- funded by human trafficking operations
- enabled by the absence of uniform global regulation
Exchanges, even the biggest, richest ones, operate under fractured rules.
A former U.S. Treasury official told ICIJ investigators that crypto laundering thrives on “regulatory mismatches”, the cracks between governments.
Criminals live in those cracks.
The Numbering Begins
The Coin Laundry scandal has forced governments to respond:
- The United States issued designations and penalties, then pulled back enforcement in 2025.
- The European Union rolled out MiCA, the strongest global crypto rulebook to date.
- Japan tightened its Travel Rule and AML checks.
- Singapore raised licensing barriers.
- India imposed mandatory audits and tightened PMLA reporting.
But the laundering machine is years ahead. Billions of dollars have already passed through it.
Coin Laundry isn’t a one-time scandal. It’s a blueprint of how global laundering now works. And unless exchanges, governments, and regulators move at the same speed as criminals, this blueprint will keep expanding.
