Author: Beosin

On March 3, 2026, the Financial Action Task Force (FATF) released the "Stablecoins and Non-Custodial Wallets: P2P Transactions" report. Based on case studies, industry research, and data analysis submitted by FATF global network members, this report delves into the risks of stablecoins in money laundering, terrorist financing, and proliferation financing. It reveals how different types of criminal organizations use stablecoins to transfer and launder funds, repeatedly emphasizing that the greatest risk comes from P2P (peer-to-peer) transactions without any regulated intermediaries. When funds flow between multiple self-custodial wallets, regulators and financial institutions have virtually no way to trace the true identities of the transacting parties. The FATF did not release any new mandatory standards this time, but rather reiterated that its existing recommendations (especially Recommendation 15) must apply to all participants in the stablecoin ecosystem, including issuers and intermediaries. This article by Beosin will interpret the core content of the report to help readers quickly grasp the risk and threat trends in the stablecoin field and improve their awareness and ability to respond to stablecoin-related risks.

I. Current Status of the Stablecoin Market

1. Explosive growth in scale

The report points out that the scale and adoption rate of stablecoins have experienced explosive growth in the past few years. As of mid-2025, there will be over 250 stablecoins in circulation, with a market capitalization exceeding $300 billion. Among them, fiat-backed stablecoins pegged to the US dollar and centrally managed account for 95% of the market share, with USDT and USDC becoming the mainstream. The stablecoins' price stability, high liquidity, and cross-chain interoperability have made them increasingly popular in legitimate payments and investments.

2. Abused by illegal activities

According to data disclosed by the FATF, 84% of the $154 billion in illicit virtual asset transactions globally in 2025 were completed through stablecoins. Stablecoins have surpassed Bitcoin to become the preferred asset for cybercrime-related transactions, and are widely used for money laundering, terrorist financing, and financing of large-scale weapons proliferation. The following are various crime cases from the report:

North Korean hackers: For example, Lazarus Group attacked an exchange in February 2025, stealing nearly $1.5 billion, which was then transferred layer by layer through mixers, cross-chain bridges and different wallet addresses, and finally exchanged for fiat currency through OTC.

Drug trafficking: According to the Canadian FIU, a criminal group exchanged the proceeds from drug trafficking for ETH through a Virtual Asset Service Provider (VASP), and then exchanged the ETH for USDT and USDC on decentralized exchanges (DEX) and cryptocurrency exchange platforms. These funds were then transferred to wallets controlled by a shell Canadian import and export company. After being transferred through multiple layers of wallets, the funds were finally monetized through OTC and VASP.

Terrorist financing: Terrorist organizations such as the Islamic State (ISIL) and al-Qaeda raise funds through encrypted social media platforms, using stablecoins to split funds and transfer them across blockchains to circumvent sanctions. A case study shows that a French VASP (Vendor Investor Service Provider) discovered through on-chain analytics tools that a client was frequently transferring small amounts of stablecoins to wallets suspected of belonging to terrorist organizations, ultimately submitting a suspicious transaction report to TRACFIN.

Human Trafficking and Fraud Parks: Indian nationals working in Southeast Asian fraud parks are using a Southeast Asian payment service provider to convert USDT into cash and transfer it to family and friends in India. Indian financial intelligence agencies have investigated hundreds of cases involving IP addresses concentrated in these fraud parks.

II. Existing Risks of Stablecoins

The report divides the stablecoin lifecycle into three stages: issuance, circulation, and redemption, and points out the risk points in each stage:

1. Non-custodial wallets and peer-to-peer transactions

Non-custodial wallets, because users have complete control over their private keys and do not rely on any regulated VASPs or financial institutions as intermediaries, naturally place peer-to-peer transactions outside the regulatory scope of anti-money laundering obligations. Criminals are exploiting this characteristic by frequently creating new addresses through multi-layered transfers and then discarding them, thus fragmenting and dispersing funds. This makes it difficult for law enforcement to determine whether a peer-to-peer transaction is a legitimate transfer by an ordinary user or an illegal activity by a criminal network or sanctioned entity. This address proliferation tactic greatly increases the complexity of on-chain tracking. Publicly available blockchain data alone is insufficient to form an effective chain of evidence; it is necessary to combine off-chain intelligence, address tag libraries, and advanced analytical tools to penetrate the anonymity layers.

The report further emphasizes that there is no legal obligation for parties involved in peer-to-peer transactions between non-custodial wallets to submit Suspicious Transaction Reports (STRs) to financial intelligence agencies. While compliant VASPs adhere to travel rules and monitor transactions when customers transfer funds to their non-custodial wallets, once funds leave the VASP's sight and circulate through multiple layers of non-custodial wallets, the VASP becomes unable to track them, allowing criminals to evade regulatory networks. This could be a structural loophole in anti-money laundering regulations in the virtual asset space. When funds are completely outside the purview of licensed institutions, traditional "person-based" regulatory models become ineffective. In the future, regulators may require VASPs to implement stricter due diligence measures for non-custodial wallet transactions and may even push for technological solutions (such as smart contracts with built-in blacklists and whitelists).

Original content

2. Cross-chain transaction activities

Compared to other virtual assets, blockchain networks and developers are prioritizing cross-chain interoperability for stablecoins. This technology allows stablecoins to circulate freely across multiple blockchains (such as Ethereum, Solana, and TRON) and different jurisdictions, enabling efficient cross-border transfers. However, cross-chain transactions increase traceability difficulties, weaken the ability of stablecoin issuers to exercise control, and cause related stablecoin transactions to escape the regulatory framework.

Market analysis shows that sanctioned entities and other threat actors are increasingly leveraging cross-chain activity to use stablecoins. They employ "chain hopping" technology, splitting a transaction into multiple segments and repeatedly transferring them between different blockchain networks to fragment fund flows and complicate tracking paths. Each blockchain operates independently and is inherently unable to interact with other blockchains. When funds are transferred through cross-chain bridges, tracking tools on the original chain become ineffective. Furthermore, cross-chain interoperability may weaken one of the most critical controls for stablecoin issuers—the ability to freeze or blacklist funds.

The report specifically mentions that when centrally issued stablecoins are "wrapped" into new tokens on another chain via cross-chain bridges (e.g., crossing USDC from Ethereum to Solana, becoming "wormhole-wrapped USDC" on the Solana chain), these wrapped tokens often fall outside the direct control of the original issuer. Orders to freeze assets on the original chain may not be transmitted to the wrapped assets on other chains. Beosin believes stablecoin issuers should closely monitor the circulation of their tokens within the cross-chain ecosystem. Where feasible, issuers should establish cooperation mechanisms with cross-chain bridge projects to ensure that freeze orders are transmitted to the wrapped assets as much as possible. VASP and compliance teams should also deploy analytics tools that support multi-chain tracking and cross-chain attribution, maintaining high vigilance regarding transactions involving cross-chain bridges and wrapped assets.

Original content

3. Data gap

The blockchain architecture of stablecoins serves both as a supplement and an obstacle to anti-money laundering/counter-terrorist financing regulation. While all transactions are immutably recorded on a public blockchain, these records lack crucial off-chain information. This is precisely why FATF Recommendations 10 and 15 (regarding customer due diligence) are so important: law enforcement agencies must be able to obtain customer identity and geographic location information from VASPs and financial institutions. Without this off-chain information, it is impossible to identify suspects based solely on on-chain data. Furthermore, the lack of geographic location information for the underlying wallets severely weakens international cooperation between law enforcement agencies worldwide. When the flow of funds is unclear, and even the jurisdiction in which it occurred is unknown, information sharing and joint law enforcement become impossible.

Relying solely on publicly available data from blockchain explorers only reveals the flow of funds, but not who is behind it or where they are located. This is precisely why criminals dare to act recklessly on public blockchains; they know that as long as cash isn't withdrawn through KYC-compliant exchanges, the addresses on the chain are essentially "safe havens."

Secondly, not all transactions occur on-chain. When two users transfer funds within the same exchange, it's essentially an off-chain transaction. Asset changes are only recorded on the exchange's internal ledger and are not actually broadcast or confirmed on the blockchain. These transactions are often faster and cheaper (no mining fees), but at the cost of being completely out of the public blockchain's sight. If the exchange is unlicensed or unregistered, the situation spirals out of control. There are no regulated intermediaries collecting customer identification information, and no one submits suspicious transaction reports. Law enforcement agencies are completely unaware that the transaction occurred and have no way to investigate. This is a replica of the traditional financial "underground bank" problem in the virtual asset field. Off-chain transactions create a regulatory "dark forest." Funds are controllable when flowing within licensed institutions, but once they enter the internal ledger system of unlicensed institutions, they completely disappear from regulatory view. Criminals only need to deposit funds into an unlicensed exchange, let them circulate on the internal ledger a few times, and then exit, completely cutting off on-chain tracking. In response to the data gaps revealed by the FATF, Beosin suggests that efforts to crack down on unlicensed and unregistered exchanges should be intensified to cut off criminals' channels for laundering funds through off-chain transactions. For licensed institutions, customer due diligence information is not only a compliance requirement but also a firewall to protect themselves from being exploited by criminals. Institutions should also establish a robust internal accounting monitoring system to identify abnormal internal transaction patterns.

Original content

Issuers and regulators should proactively monitor the circulation of stablecoins in the secondary market based on risk assessment. Beosin's Stablecoin Monitoring system monitors the total issuance, minting, and burning of stablecoins in real time during the issuance phase, dynamically presenting changes in supply. During the circulation phase, it conducts in-depth analysis of the number of holders, holder types (such as exchanges, institutions, and individuals), and entity affiliation, mapping anonymous addresses to off-chain entities to identify high-risk VASPs. This monitoring system supports statistics on daily trading volume and active addresses, providing insights into the true market demand. Combined with price volatility and peg analysis, the system can promptly detect de-pegging risks caused by market manipulation or liquidity crises, indirectly identifying potential money laundering activities. The system possesses cross-chain activity tracking capabilities, enabling the tracking of fund flows across different blockchains, solving the problem of tracking funds through "cross-chain jumps," and filling data gaps in the "off-chain ledgers" of centralized exchanges through address association and behavioral pattern analysis, inferring the potential scale and trends of off-chain transactions. During the redemption phase, the system will proactively detect holders converting stablecoins into fiat currency through unofficial channels by identifying and clustering OTC trading platforms and peer-to-peer transaction addresses. Once funds are detected flowing to high-risk platforms, the system will issue real-time alerts to help stakeholders in the ecosystem intervene promptly and break the money laundering chain.

III. Stablecoin Regulation, Risk Response and Recommendations

1. Regulatory Practice

In response to the financial risks associated with stablecoins, the report shares the regulatory practices of various countries and regions regarding stablecoins and recommends that stablecoin issuers embed functions such as "whitelists/blacklists" or "freeze/destroy" in their smart contracts to control illicit funds in the secondary market as required by law enforcement. Beosin believes that these technologies are becoming a key bridge connecting decentralized technology and centralized regulation, providing a practical solution to the regulatory challenges posed by non-custodial wallets.

The report points out that stablecoin issuers can set up permission lists through smart contracts, allowing only pre-approved entities or wallet addresses to hold, receive, or transfer the stablecoin. This functionality is achieved by adding an access control list to the smart contract; any transaction initiated by an address not on the whitelist will be automatically rejected. The whitelist mechanism represents a proactive compliance approach. Essentially, it establishes an "access barrier" requiring identity verification within a decentralized blockchain environment through technological means. While this approach may limit openness to some extent, it is an effective means for stablecoin projects pursuing high compliance standards to ensure ecosystem security and prevent exploitation by criminals.

Original content

2. Blockchain analytics tools

The report explicitly states that blockchain analytics tools are of significant value in identifying money laundering, terrorist financing, and proliferation financing risks within the stablecoin ecosystem. The FATF has repeatedly analyzed and encouraged the use of such tools, and international organizations such as the UN Security Council's Counter-Terrorism Committee have adopted similar stances. The report specifically mentions that technological advancements in artificial intelligence, machine learning, and big data analytics are significantly enhancing the capabilities and application potential of these tools. This means that blockchain analytics tools are no longer limited to simple address tagging and transaction tracking, but can uncover more covert criminal patterns through intelligent algorithms. Given the surge in stablecoin trading volume and frequent cross-chain activities, manual review alone is simply insufficient to cover the massive volume of transactions. With the help of AI, machine learning, and blockchain analytics tools (such as Beosin KYT), institutions can achieve automated identification and early warning of suspicious activities, analyze and track over 120 complex cross-chain protocols and coin mixing transactions, significantly improving regulatory efficiency.

Original content

Beosin believes that different analytical tools have their own strengths, and using them in combination can mutually verify each other and compensate for each other's weaknesses. On-chain evidence needs to be corroborated by off-chain intelligence and physical world investigations; technical outputs provide clues, while human insights provide conclusions. VASPs should establish tool evaluation mechanisms and avoid blindly relying on a single vendor. At the same time, they should increase investment in training talent for virtual asset investigation and build a composite professional team that understands both blockchain technology and financial compliance.

This FATF report conveys a clear and pragmatic message: blockchain analytics tools are powerful weapons in the fight against money laundering. True regulatory effectiveness stems from the organic combination of advanced technological tools, traditional methods, and professional talent. Beosin will continue to deepen its expertise in blockchain security and compliance, providing regulatory agencies and industry clients with comprehensive on-chain and off-chain solutions. To date, Beosin KYT has accumulated over 4.9 billion on-chain address tags, covering 29 high-risk categories including sanctions, terrorist financing, coin mixing, fraud, hacking, dark web, gambling, and phishing. Through advanced technologies such as machine learning, it helps over 300 institutions conduct real-time assessments of on-chain counterparty addresses and transaction risks, including those related to stablecoins.

The FATF report also outlines several risk mitigation measures currently in place across various jurisdictions and the private sector:

a. Transaction limits: Setting a "safety valve" for fund outflows.

This is the most direct and basic risk control method. By setting limits on single transactions or daily transfers to self-custodied wallets, even if a customer's account is exploited by criminals, the loss of funds and the scale of money laundering can be controlled within a certain range. In practice, many compliant exchanges have already set transfer limits to external wallets for users who have not completed advanced verification.

b. Enhanced due diligence: Penetrating to identify the actual controller of the wallet

VASP has strengthened due diligence measures for transactions involving self-custodial wallets, including verifying the identity of the beneficial owner of the self-custodial wallet. Traditional KYC only verifies the customer, but it often leaves a blind spot as to who the customer is transferring funds to (i.e., the holder of the self-custodial wallet). Requiring verification of the counterparty's identity extends compliance efforts onto the blockchain, significantly increasing the difficulty for criminals to receive funds using non-custodial wallets.

c. Blockchain analytics: Risk rating of counterparties

VASPs use blockchain analytics tools to assess the risk level of their clients' counterparties (i.e., the parties holding self-custodial wallets). This is a typical scenario of technology enabling compliance. Through analytics tools (such as Beosin KYT), VASPs can understand whether the non-custodial wallets to which clients are transferring funds have high-risk labels (such as association with mixers, darknet markets, or sanctioned addresses). If the counterparty address's risk score is too high, the system can intervene or trigger manual review (counterparty risk profiling).

d. Full lifecycle coverage: Imposing compliance obligations on self-custodied wallets during issuance and redemption.

Identity verification is required at two key points in the transaction process: when users purchase stablecoins with fiat currency (issuance) or exchange stablecoins back to fiat currency (redemption), even when using a self-custodied wallet. This effectively prevents criminals from exploiting loopholes when funds enter and leave the blockchain.

e. Source control: Refuse to issue licenses to platforms that allow transfers from self-custodied wallets.

If an exchange's business model allows users to freely transfer coins to any self-custodied wallet without verification, regulators can simply withhold its license, effectively barring it from the compliant market. Beosin can assist regulators in identifying non-compliant platforms through on-chain monitoring and auditing. While this measure is stringent, it fundamentally eliminates the risks associated with this channel.

 Original content

3. Summary of Recommendations

The report also concludes with several recommendations for various jurisdictions and the private sector to prevent the misuse of stablecoins, including:

● Apply FATF Recommendation 15 to the entire stablecoin ecosystem, define the AML/CFT responsibilities of issuers, VASPs and other participants, and impose corresponding compliance requirements based on risks, such as requiring stablecoin holders to complete due diligence in advance (whitelist).

● Issuers are required to have the technical capability to burn, freeze, and redeem stablecoins in the secondary market, conduct due diligence on customers during the redemption phase, and restrict issuance activities on high-risk blockchains; consideration should be given to requiring issuers to implement whitelist and blacklist mechanisms; and a strict pre-issuance and pre-authorization supervision and compliance review mechanism should be established to prevent money laundering/terrorist financing risks related to stablecoins in advance.

● Strengthen the technical capabilities of regulatory agencies and law enforcement agencies, cultivate their understanding of emerging risks, crime patterns, business models, smart contract functions and cross-chain transaction mechanisms, and enhance their ability to effectively utilize blockchain analytics tools.

This can be achieved through in-depth technical exchanges with blockchain analytics tool service providers and regular research into emerging criminal methods in the market.

● Provide regulatory and law enforcement agencies with the necessary tools to quickly collaborate with corresponding domestic and international institutions, including facilitating the rapid exchange of stablecoin-related information through established channels, MOUs, and legal provisions.

● Consider establishing a public-private partnership mechanism to strengthen cooperation among regulatory agencies, law enforcement agencies, and stakeholders in the stablecoin ecosystem regarding crime patterns, risk indicators, and emerging threats; establish partnerships when necessary, especially in investigations involving off-chain transactions or the freezing/burning of stablecoins.

Conclusion

A FATF report indicates that the illicit misuse of stablecoins has become a global regulatory focus, with peer-to-peer transactions via non-custodial wallets, cross-chain activities, and data gaps being key vulnerabilities. The FATF recommends that all jurisdictions apply FATF Recommendation 15 to all participants in the stablecoin ecosystem, clarifying the compliance obligations of issuers, VASPs, and other stakeholders, strengthening the programmable control of smart contracts (such as blacklists/whitelists, freeze/destroy functions), enhancing the application of blockchain analytics tools, and establishing public-private partnership mechanisms to strengthen the regulation of stablecoins and balance their innovative value with financial security.