Cryptocurrency and Terrorism Financing: Risks, Detection, and Compliance Requirements
Cryptocurrency is now a real part of the conversation about how terrorists get money, but a lot of people still don't understand it. Some reports make the threat sound worse than it is. Some people don't take it seriously enough. The truth is somewhere in the middle. Terrorist groups don't use crypto as their main way to get money, but they have used it for fundraising, transferring value, and operational support in ways that generate red flags compliance teams can't ignore. That makes it harder to find, not easier. Businesses need to know how terrorists use cryptocurrencies to get money, what the main warning signs are, and what rules apply in all countries. This article breaks that picture down into useful terms for people who work in compliance.
- How Terrorists Use Cryptocurrency: The Reality vs The Hype
- Case Studies: How Terrorist Organizations Have Used Crypto
- Crypto TF Typologies: How Funds Flow
- Red Flags: Detecting Crypto TF Activity
- Regulatory Framework: What VASPs Must Do
- The Travel Rule and Crypto TF: What It Means in Practice
- Why You Need Both Blockchain Analytics and Traditional Screening
How Terrorists Use Cryptocurrency: The Reality vs The Hype
People now often talk about cryptocurrency and funding terrorism at the same time. That's understandable, but it can also change the picture. A 2024 academic study of 121 cases of terrorist financing around the world found that only 7% of them used cryptocurrency, while 93% used traditional payment methods. This is the most recent data that points in a more measured direction. Yes, it is true that terrorists use cryptocurrency to get money. But no, it's not the main channel that headlines sometimes make it out to be. This is a more accurate view: Cryptocurrency is still a small part of the market, but it is growing, it has already been used in serious cases, and regulators are becoming stricter about it. A strong Counter Terrorist Financing (CTF) program now needs coverage for both traditional and crypto currencies, not just one.
People often think of anonymous crypto wallets moving money across borders when they hear the term "terrorist financing." The truth is less like a movie. Most of the money that terrorists get still comes from regular sources, like bank transfers, money transmitters, cash, trade, and informal value transfer systems. That's why the above study from 2024 is so important. It tells compliance teams not to go too far in fixing things. If a company puts all of its focus on crypto and doesn't put enough money into traditional controls, it might end up working harder on the smaller problem than the bigger one.
It would also be a mistake to ignore crypto. The 2024 National Terrorist Financing Risk Assessment from the U.S. Treasury says that terrorist groups still prefer traditional financial products and services. However, it also says that groups like Hamas and the Islamic State of Iraq and Syria (ISIS) have learned more about virtual assets and used them to raise money and move it around. Financial Action Task Force’s (FATF) 2025 update on virtual assets says the same thing: Jurisdictions have made progress, but there are still gaps in implementation, especially when it comes to following the Travel Rule and supervising cross border transactions. That mix is important. It means that the channel is still smaller than people say it is, but the risk is getting harder to ignore.
That balance is the one that compliance teams can use. Financing terrorists with cryptocurrency is only part of the problem. It is one part of the issue. Also, it tends to show weaknesses quickly when controls aren't linked up because it has to do with sanctions, customer onboarding, wallet screening, transaction monitoring, and Travel Rule data. The right message is simple: Don't make crypto terrorist financing seem like a bigger problem than it is, but don't make a CTF program that treats it as a side issue either.
Case Studies: How Terrorist Groups Have Used Crypto
The Al Qassam Brigades, which is the military wing of Hamas, is the most well known example. U.S. officials have found evidence of Bitcoin fundraising campaigns that lasted for years and used websites, social media, and Telegram channels to ask for money. The US Department of Justice stated in 2020 that it had shut down three cyber campaigns that were financing terrorism, one of which was linked to the Al Qassam Brigades. At the time, it was the biggest seizure of cryptocurrency in connection with terrorism. Financial Crimes Enforcement Network’s (FinCEN) October 2023 Hamas alert made the same point even stronger by telling banks to keep an eye out for known or suspected virtual currency addresses that are linked to terrorism fundraising campaigns. The network's problems didn't come from the fact that crypto was magically traceable in every case. Instead, they came from the fact that public fundraising infrastructure, sanctions exposure, wallet intelligence, and law enforcement investigation all ended up in the same place. The lesson about compliance is clear: Public wallet addresses, designated identifiers, and wallet clustering all matter.
In a second case, money was raised for al Qaeda from Syria. The Department of Justice said that al Qaeda and groups linked to it used Telegram channels and other social media sites to ask for Bitcoin donations. Sometimes they pretended to be charities while openly asking for money to carry out violent attacks. In one case, undercover agents talked to an administrator of a Syria linked fundraising effort who talked about paying for weapons and jihadist activities. That case is helpful because it shows how crypto fundraising can use humanitarian language to hide, but it doesn't really stay hidden. The blockchain trail wasn't the only weak point. It was also the people who worked around it, like channels, administrators, stories, and off ramp behavior. The lesson for compliance teams is to be careful with "charity flavored" digital fundraising when the bigger picture suggests otherwise.
The ISIS examples are more general and more complicated. The US Department of Justice's 2020 statement included a scheme linked to an ISIS facilitator who used a fake online business to sell protective gear for the pandemic, with the money supposedly going to support ISIS activities. According to the Treasury's 2024 risk assessment, ISIS and its affiliates have used virtual assets to raise money, along with hawala, cash, and other methods. The report also says that terrorists may use peer-to-peer platforms, unhosted wallets, over the counter brokers, and poorly supervised exchanges to make it harder to track them down. That doesn't mean that every ISIS crypto case is very complicated. But this simple operational model can still work by combining on chain movement with weak off chain controls.
There is also a violent extremism angle in the US, even when the amounts are smaller. FinCEN's broader guidance on terrorism and virtual currency has said many times that small amounts of money can still matter, especially when customers use virtual assets to make anonymous donations, quick purchases, or transfers linked to extremist causes. Not every case is a big deal. Sometimes they involve small purchases of supplies, travel, or help. But that's part of the problem with compliance: Small crypto activity can look like normal fan behavior until identity, destination, ideology, or counterparties change the picture.
Read more: AML and KYC Guidance for Crypto Exchanges and Wallets
Crypto TF Typologies: How Funds Flow
The most common way to fund crypto terrorists is still the simplest: Sending money directly to published wallet addresses. A campaign posts a wallet, donors send money, and the people in charge either keep the money in crypto or move it on. People keep using this model because it's easy to start and easy to explain to supporters. That's also why it's so important to check against known wallet addresses and blockchain intelligence lists. If a wallet is already linked to a campaign or a specific actor, that's the best place to start looking for it.
The next layer is mixing or tumbling services. These tools are meant to hide transaction trails by pooling and redistributing money. The FATF's 2020 “Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing” report says that services that make people anonymous are a serious risk, especially when there is no good business reason to use them. One important thing to remember is that the compliance takeaway is bigger than just one service. In 2022, OFAC named Tornado Cash as a major precedent, but the Treasury lifted those sanctions in March 2025 after changes in the law and policy. The lesson is that tools that make people anonymous can greatly increase the risk of terrorist financing, especially when they are used with high risk counterparties, poorly monitored exchanges, or at the wrong time.
Next is chain hopping. Funds move from one cryptocurrency to another, sometimes many times, making it harder to track them down and splitting up investigative work across networks. In places where there aren't many rules, adding decentralized finance (DeFi) bridges, peer-to-peer (P2P) exchanges, or over the counter (OTC) desks makes it even harder to follow the trail, even though each step looks normal. The Treasury's 2024 report says that terrorists and their helpers may use peer-to-peer transfers, unhosted wallets, over the counter brokers, and exchanges that claim to be decentralized to hide their activities. That is why it is not possible to rely on just one signal for detection. You need wallet intelligence, geographic risk, customer data, and off-ramp monitoring to all work together.
Non-Fungible Token (NFT) based value transfer is a newer type of value transfer. There isn't enough proof yet, and it would be an exaggeration to say that NFT based terrorist financing is already a common way to do business. But regulators are worried about the same things that worry them in other parts of crypto: Prices that don't make sense, quick movement across borders, and weak identity checks on counterparties. The point is not that compliance teams should look at every NFT transaction as a way to fund terrorism. That value can move in ways that don't look like "payments" as much as companies think they do.
And in the end, most of the time, there is the off ramp: Crypto into fiat through Virtual Asset Service Providers (VASPs) with weak controls. That's usually where the part of the story that isn't real meets the part that is. It is easier for crypto terrorists to turn their money into cash or regular payment access if a VASP has bad Customer Due Diligence (CDD), weak sanctions controls, or inconsistent implementation of the Travel Rule. This is also where Sanction Scanner's value fits in perfectly: Blockchain analytics can show you where funds moved on-chain, but screening and customer risk controls can tell you who is behind them when identity data is available.
Red Flags: Detecting Crypto TF Activity
Transactions that involve wallet addresses that blockchain analytics tools say are linked to terrorism or terrorist fundraising are still the biggest red flag. FinCEN's alert about Hamas says that banks and other financial institutions should keep an eye on transactions that involve known or suspected virtual currency addresses linked to terrorism financing campaigns. It also says that suspicious digital asset addresses can be included as cyber indicators in a filing. If your controls don't take in this kind of wallet data, you won't be able to see the most direct signal in the channel.
Another strong sign is using tools that make you anonymous without a good reason. FATF's virtual asset indicators show that mixers, tumblers, privacy-focused behavior, and other ways to hide things are red flags. This is especially true when they are used with unusual geography or high-risk counterparties. That doesn't mean that being private means you're guilty. It does mean that unexplained privacy layering should make things heat up quickly when it comes to terrorist financing.
A third pattern is quickly changing crypto into fiat and then taking it out right away. Just looking at chain movement doesn't always tell you much. But the risk picture changes if the cryptocurrency is quickly cashed out through an exchange that is not well controlled, especially if it is sent to a place near a conflict or to a customer profile that doesn't fit. FATF and FinCEN both want organizations to read things in context instead of just looking at one signal at a time.
Other red flags that are helpful include: transactions through VASPs in places with weak Anti Money Laundering (AML) and CTF controls; Internet Protocol (IP) data linked to places that are under sanctions or in conflict zones; repeated small donations to campaign wallets; and structuring that is meant to get around Travel Rule or reporting thresholds. The FATF's 2025 update says that the limit for occasional virtual asset transactions and transfers is USD/EUR 1,000. The U.S. Bank Secrecy Act (BSA) Travel Rule obligations are still at $3,000 under the current federal framework. In real life, that threshold gap matters because people who are up to no good can and do take advantage of uneven implementation.
Regulatory Framework: What VASPs Must Do
The regulatory picture is no longer theoretical. In most major markets, crypto firms face live AML/CTF obligations.
|
Jurisdiction |
Core rule set |
What crypto firms must do |
|
FATF standard |
Recommendation 15 and the 2021 updated guidance |
If you need to, get a license or register, use risk-based AML/CTF controls, do Customer Due Diligence (CDD), keep records, report any suspicious activity, and follow the Travel Rule for virtual asset transfers. |
|
United States |
FinCEN guidance + Bank Secrecy Act (BSA) obligations + OFAC sanctions |
Many people who exchange or manage convertible virtual currency are considered Money Services Businesses (MSBs). They must register with FinCEN, have anti-money laundering (AML) programs in place, keep records and report them, and screen for sanctions. FinCEN's terrorism alerts also mention virtual currency addresses in particular. |
|
European Union |
Markets in Crypto Assets Regulation (MiCA) + Transfer of Funds Regulation (TFR) |
MiCA will be fully in effect on December 30, 2024. Some member states that choose the full grandfathering option will have transitional periods that last until July 1, 2026. The TFR adds Travel Rule style information requirements to crypto transfers. The Anti Money Laundering Authority (AMLA) took over AML/CFT duties from the European Banking Authority in January 2026. |
|
United Kingdom |
Financial Conduct Authority (FCA) registration under the Money Laundering Regulations |
Companies that deal in cryptoassets and offer services in the UK must register with the FCA and follow the UK's anti money laundering and counter terrorism financing rules. FCA materials were updated again in February 2026. |
|
Singapore |
Payment Services Act and MAS AML/CFT notices |
Singapore's laws and regulations govern digital payment token service providers. They must also follow the rules set out by the Monetary Authority of Singapore (MAS) in Notice PSN02 and other related documents. |
The key point across jurisdictions is not that every rulebook looks identical. It does not. The key point is that the direction of travel is the same almost everywhere: less room for regulatory ambiguity, more pressure on identity controls, more pressure on sanctions compliance, and more pressure on crypto firms to behave like serious financial institutions rather than software projects that happen to move value.
The Travel Rule and Crypto TF: What It Means in Practice
The Travel Rule is the one thing that makes it easier to find crypto terrorists who are using the regulated system to get money. FATF's 2021 guidance says that VASPs must set a limit of USD/EUR 1,000 for occasional virtual asset transactions and transfers. Recommendation 16 also brings payment transparency ideas into the world of virtual assets. In June 2025, FATF changed Recommendation 16 again to make payment information more consistent and to make it easier to see who is sending and receiving money.
In practice, that matters because chain data usually only shows you where money went, not who was behind it. When information about the sender and recipient has to "travel" with the transfer, screening goes beyond just checking the wallet. It focuses on screening people. That makes a big difference for controls on terrorist financing. You can check names, birth dates, addresses, identifiers, and counterparties against lists of people who are under sanctions, watchlists, bad press, and your own risk models. Without that layer, companies have to rely a lot more on wallet intelligence and behavioral inference.
However, implementation is still not consistent. The FATF's 2025 virtual assets update says that countries are making progress, but not at the same speed. The Travel Rule gaps are still one of the biggest problems with global supervision. The U.S. position is also not the same as FATF's baseline. Under the BSA framework, the current federal Travel Rule obligations are still tied to the $3,000 threshold. In the virtual asset context, FATF uses the lower USD/EUR 1,000 threshold. For bad actors, inconsistent adoption and uneven thresholds are more than just legal details. They are opportunities to do maleficent things.
Why You Need Both Blockchain Analytics and Traditional Screening
A lot of companies get the model wrong here. They think that blockchain analytics can take the place of screening or that screening can take the place of blockchain analytics. Not one of them is true.
Blockchain analytics follows the flow of funds on the chain. It helps find wallet exposure, clustering, transaction paths, mixer use, bridge use, and links to known illegal addresses. That is very helpful. It shows you where the value went and how it might have been hidden. But by itself, it usually doesn't answer the question of identity.
On the other hand, traditional screening checks people and businesses against lists of sanctions, Politically Exposed Persons (PEPs), negative news, and other risk data. When you first start using crypto and whenever you get identity data, like when you send Travel Rule messages or use a fiat off ramp, this is important. OFAC also makes it clear that sanctions lists can include digital currency addresses and that people can search for them directly. However, the Treasury warns that the addresses on the lists may not be complete. In other words, screening helps find the person or group, and analytics helps put the money trail back together. They respond to different questions.
You need both for a full crypto CTF setup. Analytics shows you that the wallet went to a risky cluster. Screening tells you if a customer, counterparty, or beneficiary is on a sanctions or bad media list. Analytics shows that money was moved between different assets. Screening shows that the off ramp is in a jurisdiction with weak control and that the customer profile doesn't make sense.
In conclusion, terrorists really do use crypto to get money. Hamas linked networks, al Qaeda linked fundraisers, ISIS facilitators, and smaller extremist groups have all used it. But the bigger truth is still the quieter one: cryptocurrency is still a small part of the payment system compared to traditional ones. That's why compliance teams need to take a balanced approach.
It is not right to panic or be complacent. It is coverage. Companies need wallet intelligence, sanctions screening, Customer Due Diligence (CDD), Travel Rule data when it's available, and monitoring that knows what jurisdiction it is in and sees crypto as part of the CTF picture, not the whole thing. The companies that do this well are not choosing between blockchain analytics and regular screening. They are using both because finding the person and following the money are two different jobs.
You need to do both of these things well when it comes to financing terrorists with cryptocurrency.
