Cryptocurrency’s rise has brought opportunity and risk, thrusting AML measures into the spotlight as regulators and platforms scramble to keep illicit funds at bay. 

This guide unpacks AML’s role in crypto, from its basics to global regulations like the Travel Rule, offering beginners a clear path through the maze of compliance. 

Anti-Money Laundering (AML) refers to a set of laws, regulations and procedures designed to prevent criminals from disguising illegally obtained funds as legitimate income. 

In the context of cryptocurrency, AML aims to curb the misuse of digital assets for illicit activities such as money laundering, terrorism financing and fraud.​ Money laundering typically involves three steps: placing dirty money into the system, layering it through complex transactions to obscure its origin, and integrating it back as clean funds. 

Cryptocurrencies, with their pseudonymous nature, can make this easier, but regulations are in place to fight back. Implementing robust AML measures helps ensure the integrity of financial systems and fosters trust among users and regulators.

Cryptocurrencies can be attractive for money laundering due to:

Criminals might convert illicit funds into crypto, move them through multiple wallets or exchanges to obscure the trail, and then convert them back, sometimes using privacy coins like Monero (XMR) or nested services for added anonymity.

The Bybit hack on Feb. 21, 2025, saw hackers steal $1.5 billion in Ether (ETH) from a cold wallet, making it the largest crypto heist ever.

The Travel Rule is a global regulation from the Financial Action Task Force (FATF) that requires cryptocurrency businesses — like exchanges and wallet providers — to share identifying information about senders and receivers for certain transactions. 

Think of it as a digital passport check: When you send crypto worth more than a set amount (e.g., $3,000 in the US), both the sending and receiving platforms must exchange details like names and addresses. 

Introduced in 2019 as part of FATF’s Recommendation 16, it’s a key piece of AML efforts to stop money laundering and terrorism financing by linking anonymous blockchain transactions to real people. 

In AML, the Travel Rule strips away crypto’s pseudonymity, making it harder for criminals to move dirty funds unnoticed, for example, by shuffling Bitcoin (BTC) through exchanges. It also challenges the industry with tech hurdles and privacy debates and has seen spotty compliance as of March 25, 2025.

Global AML cryptocurrency regulations vary by jurisdiction, often built on FATF recommendations. 

Below is a detailed breakdown for key countries, including regulatory bodies, laws, affected entities and implementation status of the Travel Rule.

The EU’s Recast TFR  (Regulation (EU) 2024/1620), part of the latest AML Package, is set to revolutionize how crypto transactions are tracked. Starting July 10, 2027, it will enforce the Travel Rule — aligned with FATF Recommendation 16 — requiring CASPs to share detailed originator and beneficiary info for all transfers above €1,000. This updates the patchy framework of the 5AMLD, which has been in place since 2020 but varies widely across EU countries.

• • Crypto platforms must conduct customer identification and verification.
  • Crypto exchanges are required to report suspicious activities to authorities.
  • Switzerland follows the Travel Rule for cryptocurrency transactions, as per FATF recommendations.

• Crypto businesses must comply with AML/KYC regulations under the Anti-Money Laundering and Counter-Terrorist Financing (Financial Institutions) Ordinance (AMLO). The Travel Rule applies to transactions above HK$8,000.
• While India’s cryptocurrency regulations are still evolving, the Enforcement Directorate has begun applying AML principles to crypto exchanges under the Prevention of Money Laundering Act (PMLA). The Travel Rule is not yet fully implemented but is expected to align with FATF standards.
• The Financial Services Commission (FSC) enforces AML/KYC requirements under the Act on Reporting and Use of Specific Financial Transaction Information. South Korea also adheres to the Travel Rule for crypto transactions exceeding 1 million Korean won. 

Blockchain analysts linked the Bybit hack to North Korea’s Lazarus Group, who laundered over $400 million of the stolen ETH within days using decentralized exchanges and crosschain bridges, outpacing all of their 2024 crypto thefts combined ($1.34 billion), as reported by Chainalysis. 

AML rules reshape how users interact with crypto. Exchanges now demand KYC — think ID scans and address proof — slowing onboarding but boosting legitimacy. Transaction monitoring might flag large or odd transfers, delaying trades or triggering SARs, especially for non-domiciled users with US ties facing IRS scrutiny via Form 1099-DA. 

The Travel Rule adds friction to cross-border swaps, requiring personal data that clashes with crypto’s privacy ethos. While this curbs illicit use, it raises costs for platforms (potentially passed on to users) and could push some to unregulated DeFi — though regulators are eyeing that space too.

Whether you’re a trader, a non-domiciled investor or just crypto-curious, understanding AML isn’t just smart, it’s essential. With enforcement tightening and incidents like Bybit’s 2025 hack highlighting the risks, compliance serves as the compass guiding crypto users toward safer shores in the digital landscape.