The Financial Action Task Force (FATF) has released a significant report addressing both the growing use of stablecoins and their vulnerabilities. The document, titled "Targeted Report on Stablecoins and Unhosted Wallets - Peer-to-Peer Transactions," delves into how stablecoins are rapidly becoming central to payment ecosystems while also being exploited for illicit activities. Here's a closer look at the key findings and implications.

A Booming Market with Growing Scrutiny

Stablecoins introduced their first US-dollar-pegged variant in 2014, and their market has exploded since. By July of last year, there were 259 unique stablecoins in circulation, amassing a combined market capitalization of $316 billion by October 2025. Daily trading volumes in this sector reached $156 billion, triple that of Bitcoin during the same period.

Most stablecoins are fiat-backed, with 97% pegged to the US dollar. Only 3% are crypto-backed, and just 0.2% are algorithmic. Furthermore, 90% are centralized due to the inherent volatility of decentralized approaches. Their ease of use for trading, low fees, 24/7 availability, and fast settlements make them popular among retail and institutional investors. However, this popularity has also caught the attention of regulators.

Stablecoins in Illicit Financial Activity

Money Laundering and Criminal Abuse

The report underscores that 84% of cryptocurrency-related illicit activities involved stablecoins, owing to their liquidity, ease of use, and price stability compared to volatile cryptocurrencies like Bitcoin. Bad actors employ unregulated virtual asset service providers (VASPs), over-the-counter brokers, mixers, and methods like chain hopping to obscure transactions. Examples include:

• Romance scams and sextortion schemes
• Synthetic drug purchases, with stablecoins converted to fiat for further production
• Crypto casino abuses and fraudulent refund schemes

State-Level Misuse

Entities in countries like North Korea (DPRK) and Iran have leveraged stablecoins increasingly for sanctioned activity. For example, the Lazarus Group, a North Korean-linked hacking collective, laundered funds from large-scale cyberattacks such as a $1.4 billion theft from a crypto exchange.

North Korea used stablecoins to procure raw materials for weapons of mass destruction programs. Meanwhile, Iranian groups utilized billions in stablecoins to fund operations, ranging from weapon purchases to supporting sanctioned actors.

Terrorist Financing

Organizations like ISIS also exploit stablecoins, using them for internal fund transfers and donations. To avoid detection, these groups employ techniques like breaking transfers into smaller amounts and frequently rotating wallet addresses across multiple platforms.

Vulnerabilities Throughout the Stablecoin Life Cycle

The report identifies vulnerabilities across three main stages of stablecoin operation—issuance, circulation, and redemption.

1. Issuance

Issuers often establish operations in jurisdictions with lax regulatory oversight, creating challenges such as "regulatory arbitrage." Multi-issuance schemes, where multiple entities across nations collaborate on a single stablecoin, further complicate compliance. These arrangements split KYC responsibilities between issuers, making tracing illicit funds difficult.

2. Circulation

The active trading of stablecoins relies heavily on the integrity of VASPs. However, compliance varies significantly across platforms. Some lack anti-money laundering (AML) and countering the financing of terrorism (CFT) measures altogether. This inconsistency results in gaps where illicit activity can flourish.

3. Redemption

While the FATF requires regulated institutions to comply with AML/CFT rules, criminals bypass these measures by using unlicensed brokers, peer-to-peer platforms, or informal networks. This allows them to convert crypto assets into fiat currencies or other tradable goods with little scrutiny.

Unhosted Wallets and Cross-Border Transactions

Unhosted wallets—those not managed by regulated entities—pose another problem. Transactions between such wallets circumvent regulatory oversight, making them attractive for criminal use. Additionally, the borderless nature of stablecoins complicates enforcement, as instantaneous settlements leave little time for authorities to intercept illicit transfers.

FATF’s Proposed Mitigation Measures

The report offers various recommendations to curb stablecoin misuse and strengthen oversight:

1. Mandatory KYC Across Ecosystems: VASPs would need to collect data on both senders and receivers of transactions, even in peer-to-peer scenarios.
2. Enhanced Analytical Tools: The private sector should employ blockchain analytics backed by AI and machine learning to identify suspicious activity. While these tools have limitations, they provide valuable insights when combined with human oversight.
3. Stronger Global Cooperation: Regulators and private sector actors should collaborate across borders, employing strategies like supervisory colleges to share information and coordinate action.
4. Proactive Measures: Beyond blacklisting suspicious wallets, whitelisting known trusted addresses could proactively reduce risk. However, this would require comprehensive user identification upfront.
5. Controlled Transaction Limits: Implementing caps on daily transaction amounts or requiring approval for high-risk transfers could enhance compliance.

Implementation Challenges

The FATF acknowledges that enforcement of stablecoin regulation is complex. Stablecoins operate in a multi-layered ecosystem involving issuers, secondary markets, and intermediaries like custodians. Current standards require issuers to enforce customer due diligence, maintain transaction records, and report suspicious activity. However, in secondary markets, compliance is weaker. Suggested tools like smart contracts for freezing or burning assets could enhance enforcement but raise concerns over financial privacy.

Practical Takeaways for Regulators and Stakeholders

• Striking the Right Balance: Regulators must enforce rules without stifling growth. For instance, overly strict whitelisting requirements could deter adoption.
• Training Technical Expertise: Effective oversight demands regulators with deep technical understanding of blockchain ecosystems.
• Fostering Public-Private Partnerships: Stablecoin companies and financial authorities should work together to set best practices and share information in real time.
• International Coordination: Given the cross-border nature of cryptocurrencies, a unified global regulatory framework is essential to close loopholes exploited by bad actors.

The Road Ahead for Stablecoins

The FATF’s report highlights both the promise and perils of stablecoins. While they offer transformative benefits like faster transactions and low fees, their misuse in money laundering, terrorist financing, and sanctions evasion demands immediate attention. If implemented effectively, the suggested regulations could mitigate risks while allowing the stablecoin industry to flourish under responsible oversight.