Solutions
AcademyAbout us
Request DemoLogin
All
AML Compliance
Digital identity
Crypto Compliance
News
Glossary
About usOur AcademyAutomated & collaborative case managementAll-in-one compliance solutionWeb3 compatibilityCustomer verificationBusiness verificationWallet screeningTransaction Monitoring
Request demoLogin
Croce
AcademyAML Compliance
Cutting Off the Flow: How Crypto Firms Can Fight Terrorist Financing
Author
Natalia Latka
Natalia Latka
Head of Regulatory Affairs
Sommaire
IN THIS ARTICLE
Example H2
Example H3
AML Compliance
10/6/2025
.
X
min

Cutting Off the Flow: How Crypto Firms Can Fight Terrorist Financing

Natalia Latka
Written by
Natalia Latka
Cutting Off the Flow: How Crypto Firms Can Fight Terrorist Financing

Terrorist Financing: How AML Frameworks Expanded After 9/11

Money laundering has long been the central focus of financial crime regulation. But the attacks of September 11, 2001, reshaped the global conversation. Suddenly, policymakers saw with brutal clarity how the financial system could be abused not just to hide the proceeds of crime, but to fund violence and terror directly.

In the United States, the response was immediate. The USA PATRIOT Act of 2001 dramatically expanded the scope of anti-money laundering obligations, placing terrorist financing on equal footing with money laundering as a core financial crime risk. Banks and financial institutions were required not just to stop illicit funds being cleaned, but to actively prevent their systems from being used to raise, move, or store funds for terrorist groups.

Internationally, the same shift occurred. The Financial Action Task Force, which had set the global standard against money laundering since 1989, broadened its mandate in October 2001 to explicitly include the fight against terrorist financing. FATF issued Special Recommendations on Terrorist Financing, which later became part of its global 40 Recommendations that now form the backbone of AML/CFT regimes worldwide.

The result was a transformation of the financial crime compliance framework. Where AML had once been about preventing criminals from enjoying their illicit profits, the focus now included stopping terrorists from acquiring the resources to plan, recruit, and carry out attacks. Every financial institution, large or small, was called to play a role in cutting off the financial lifelines of terrorism.

Crypto and Terrorist Financing: An Emerging but Secondary Channel

For decades, terrorist groups have relied on traditional methods to move and store funds - cash couriers, informal hawala networks, front charities, and abuse of banks or money service businesses. Multiple national risk assessments and FATF intelligence reports continue to confirm that these conventional channels remain the dominant routes for terrorist financing.

Still, crypto has increasingly entered the picture. Its features - borderless transfers, pseudonymous wallets, rapid settlement, and accessibility without relying on banks - make it an attractive alternative channel for certain terrorist actors. Though still limited compared to traditional channels, documented cases show that terrorist organizations have experimented with crypto in different ways. The methods broadly mirror the logic of terrorist financing more generally - raising money, moving it across borders, and spending it on operations - but adapted to the features of crypto assets.

The important point is not to overstate the role of crypto in terrorism financing - but neither to ignore it. While it is not the main lifeline for terrorist groups today, it represents a parallel vector of risk. If left unmonitored, it could grow in importance, particularly as some groups adapt faster to new technologies. Regulators and compliance teams are therefore expected to treat crypto as part of the terrorism financing landscape: not as the biggest threat, but as one that requires active attention and controls alongside traditional risks.

How Terrorist Groups Use Crypto: Fundraising and Donations

The most visible typology is fundraising through online campaigns. Several terrorist groups have openly called on supporters to donate crypto, using social media, encrypted messaging apps, and even dedicated websites. The appeal is simple: crypto allows individuals to send funds directly without relying on banks or money transfer companies. Blockchain addresses are often displayed in posts or QR codes, sometimes accompanied by claims that the donations are untraceable.

A well-documented case came in 2020, when the al-Qassam Brigades - the military wing of Hamas — launched a fundraising campaign urging supporters to send Bitcoin. The group used Telegram channels, official websites, and videos to circulate QR codes linked to their wallets. At one stage, they even generated a new Bitcoin address for every donor, in an attempt to make tracing more difficult. Despite these efforts, blockchain analytics and law enforcement were able to track the flows: U.S. authorities later seized dozens of accounts and funds linked to the campaign.

How Terrorist Groups Use Crypto: Charities and NGOs as Fronts

Terrorist groups have a long history of abusing charities and NGOs as fundraising fronts. By presenting themselves as humanitarian organizations, they can solicit donations under the guise of supporting refugees, widows, or medical aid — while diverting the funds to terrorist activities. The use of crypto adds a new layer to this tactic.

Crypto assets allow these so-called charities to reach donors globally, often through websites, social media, and encrypted messaging apps, while avoiding many of the chokepoints in traditional finance. A crypto wallet can be spun up instantly and advertised as a “donation address”. The danger of this typology lies not only in the deception of donors but also in the difficulty of intervention. Unlike traditional charities, which can be deregistered or have their bank accounts frozen, a crypto-based front can shut down one website and reopen another with a new wallet address in a matter of hours.

Law enforcement has already uncovered several cases. In 2020, U.S. authorities dismantled a network of websites that claimed to raise funds for humanitarian relief in Syria but were actually run by al-Qaeda and ISIS affiliates. These sites solicited crypto donations under the banner of “charity,” with wallets listed for supporters to send funds. Blockchain analysis later showed that the assets were routed to accounts controlled by terrorist operatives.

How Terrorist Groups Use Crypto: Purchase of Supplies

Terrorist groups have also turned to crypto to buy supplies directly, ranging from weapons and equipment to other operational necessities. Much of this activity has been linked to darknet markets, where a wide range of illicit goods and services are traded for digital assets. These marketplaces often advertise firearms, explosives, forged documents, and hacking tools, all payable in Bitcoin, Monero, or other cryptocurrencies. 

A notable example came in 2017, when Europol reported that jihadist actors in Europe had attempted to use Bitcoin on darknet markets to purchase weapons and false documents. Although the attempts were intercepted before the supplies reached their destination, the case demonstrated how terrorist supporters were experimenting with crypto to access critical resources while bypassing traditional cash couriers or front companies.

Understanding Typologies and Embedding Red Flags

The starting point for crypto firms in countering terrorist financing is awareness. Terrorist groups use crypto in ways that echo traditional methods - fundraising, cross-border transfers, supply purchases, and front charities - but adapted to the digital environment. Compliance teams need to understand these typologies in detail, because that knowledge shapes how monitoring frameworks are designed.

From there, it is about embedding red flags into day-to-day monitoring. Terrorist financing through crypto rarely announces itself. Instead, it appears in patterns that, when pieced together, tell a story of risk. Common indicators include:

  • Small, repeated donations flowing into the same wallet cluster.

  • Wallets or QR codes promoted openly on social media or websites linked to extremist causes.

  • Accounts posing as charities or NGOs with vague missions, unverifiable beneficiaries, or links to conflict zones.

  • Transfers involving newly created wallets or high-risk jurisdictions, particularly when funds are quickly cashed out.

  • Transactions routed through mixers, CoinJoin, privacy coins, or darknet markets.

  • Rapid conversions between tokens and stablecoins to obscure flow.

  • Use of prepaid vouchers to fund wallets..

Building these indicators into a firm’s rules engine — and updating them as new risks emerge — ensures that typologies are not just known in theory but actively operationalized in practice.

Sanctions Screening: The Baseline Defense

When it comes to terrorist financing, sanctions screening is the first line of defense. Terrorist groups and their affiliates are widely designated under international sanctions regimes. Hamas (al-Qassam Brigades), Hezbollah, al-Qaeda, and the Islamic State of Iraq and Syria (ISIS) all appear on the U.S. OFAC list, the EU’s restrictive measures, and UN Security Council resolutions. Increasingly, agencies also designate specific crypto wallets linked to these groups - such as the Bitcoin addresses tied to Hamas fundraising campaigns or ISIS-linked donation drives.

For crypto firms, this means sanctions screening cannot stop at names and entities. It must extend to wallet addresses, transaction flows, and associated clusters that may not yet appear on official lists but are clearly linked to sanctioned groups. Here, blockchain analytics plays a crucial role, providing attribution beyond what governments publish.

Screening must extend beyond customer names to include:

  • Wallet and address screening, checking against official lists and blockchain analytics providers.

  • Counterparty screening, to capture indirect exposure where funds flow through intermediaries.

  • Real-time monitoring, so that transfers to or from sanctioned actors can be blocked or frozen before they move further into the system.

Sanctions screening sets the baseline: it ensures that firms do not knowingly facilitate transactions for groups that governments have formally prohibited. But it is only the starting point.

Transaction Monitoring: Capturing Typologies and Red Flags

Sanctions lists tell firms who they must not deal with — but they don’t capture the full picture. Terrorist groups are adaptive, often creating new wallets, masking their activity through charities, or experimenting with darknet markets. This is where transaction monitoring becomes essential.

By embedding typologies and red flags into their monitoring systems, firms can detect terrorist financing risks even if addresses do not appear on sanctions lists. Relevant indicators include:

  • Small, repeated donations flowing into the same wallet cluster.

  • Wallets promoted online in extremist forums, social media posts, or Telegram channels.

  • Charities or NGOs with vague missions, unverifiable beneficiaries, or operations in conflict zones.

  • Cross-border transfers involving newly created wallets or affiliates in high-risk regions.

  • Purchases through darknet markets, or use of obfuscation techniques like mixers, CoinJoin, or privacy coins.

Building these red flags into monitoring rules ensures that suspicious patterns are escalated for review rather than slipping through until formal sanctions designations catch up. In effect, transaction monitoring provides the proactive layer, complementing the reactive certainty of sanctions lists.

The Humanitarian Dilemma: Balancing Security and Aid

Efforts to combat terrorist financing do not exist in a vacuum. They overlap with another critical policy goal: ensuring that legitimate humanitarian activity can continue in conflict zones and fragile states. This tension has grown sharper in recent years, as financial institutions - including crypto firms - grapple with the risk of inadvertently facilitating terrorism while also avoiding the “de-risking” of legitimate charities and NGOs.

FATF and the United Nations have both highlighted this challenge. On the one hand, terrorist groups have a long record of abusing humanitarian fronts to raise and move funds. On the other hand, overly restrictive compliance policies can cut off legitimate aid organizations from financial services, leaving communities without essential support. This creates a vicious cycle: when formal channels are closed, NGOs may be pushed toward informal or less transparent mechanisms, which actually increases risk.

For crypto firms, the lesson is clear: policies must be risk-based, not blanket bans. That means:

  • Differentiating between legitimate humanitarian organizations and suspicious fronts.

  • Embedding enhanced due diligence measures for high-risk regions or sectors.

  • Working closely with regulators to clarify what constitutes acceptable risk.

By calibrating controls in this way, firms can contribute to the fight against terrorist financing without becoming an obstacle to humanitarian relief.

Emerging Geographies of Risk

Terrorist financing risks are not evenly distributed. They reflect the geography of conflict and the vulnerabilities of financial systems. While global hubs remain a concern, recent FATF and UN assessments highlight new epicentres of risk: regions where weak regulation, fragile governance, and active terrorist groups intersect.

The Sahel region has become a particular focus. Groups linked to al-Qaeda and ISIS are active across Mali, Burkina Faso, and Niger, often operating in areas with minimal state control. In these environments, cash-based economies, porous borders, and unregulated money service providers make oversight difficult. The emergence of crypto exchanges and peer-to-peer markets in such regions adds another layer of risk, providing a potential bridge between local actors and global financial networks.

Afghanistan is another hotspot. After the Taliban takeover in 2021, the formal financial system contracted sharply under international sanctions. This has created a fertile ground for alternative value-transfer systems, including crypto. Reports suggest that digital assets have been used both for remittances and for operational funding, blurring the line between humanitarian flows and potential terrorist financing.

Other regions flagged in recent assessments include parts of East Africa, Southeast Asia, and conflict zones in the Middle East, where local affiliates experiment with crypto to bypass international isolation.

Public-Private Partnerships: Sharing Intelligence, Building Capacity

No single actor can tackle terrorist financing alone. Terrorist groups exploit gaps between jurisdictions, move across borders, and adapt faster than regulations can keep up. That is why public-private partnerships (PPPs) have become a central pillar of global counter-terrorist financing strategy.

FATF and the UN Security Council consistently highlight PPPs as essential to improving both intelligence sharing and operational effectiveness. Governments hold classified information about threats and actors, while private institutions - including crypto firms - have visibility into real-time transaction flows. When these two perspectives are combined, the picture of terrorist financing risk becomes far clearer.

In practice, PPPs can take many forms:

  • Information-sharing initiatives where regulators provide updated risk indicators and typologies to the private sector.

  • Joint working groups that bring together banks, VASPs, regulators, and law enforcement to map out new threats and mitigation strategies.

  • Feedback loops where firms report suspicious activity and, in return, receive updates on how that intelligence contributed to investigations.

For crypto firms, participation in PPPs is about legitimacy and trust. By actively contributing to the collective fight against terrorist financing, firms demonstrate to regulators, policymakers, and the public that the digital asset industry is not a loophole but a partner in global security.

The message is clear: terrorist financing is a shared threat, and defeating it requires shared solutions. PPPs are the mechanism that turns fragmented data into coordinated action.

ComPilot for Counter-Terrorist Financing: Smarter Screening, Stronger Safeguards

Countering terrorist financing in crypto is not about spotting one-off anomalies. It requires piecing together multiple signals: sanctions designations, transaction patterns, behaviours, regional risks, NGO fronts -  into a coherent picture. That is where most compliance frameworks break down: the data exists, but it sits in silos, leaving compliance teams overwhelmed by noise and unable to act with confidence.

This is where ComPilot makes the difference. By aggregating identity verification, sanctions screening, wallet attribution, transaction monitoring, and case management into a single interconnected workflow, ComPilot gives compliance teams the holistic view they need. Instead of chasing fragments across different systems, firms can see:

  • How a wallet flagged for suspicious donations links back to a customer profile.

  • Whether that same profile has exposure to high-risk geographies or sanctioned entities.

  • How the customer’s activity has evolved over time, with interactions localized in relation to terrorist financing typologies.

👉 If you want to know whether your counter-terrorist financing program is truly effective, don’t hesitate to connect with our team.

Author
Natalia Latka
Head of Regulatory Affairs
These articles might interest you
Show more
Arrow
Cutting Off the Flow: How Crypto Firms Can Fight Terrorist Financing
AML Compliance
Cutting Off the Flow: How Crypto Firms Can Fight Terrorist Financing
10/6/2025
Written by
Natalia Latka
Tokenization and Trust: Embedded Compliance as the Catalyst for Adoption
AML Compliance
Tokenization and Trust: Embedded Compliance as the Catalyst for Adoption
10/2/2025
Written by
Natalia Latka
What Sanctions Compliance Means for Crypto Firms Today
AML Compliance
What Sanctions Compliance Means for Crypto Firms Today
10/1/2025
Written by
Natalia Latka
Follow our product development exclusively on
ComPilot is ISO 27001 certified. Learn more
You can verify the validity of our ISO certificate by checking our certificate number (259166) via this link
about
About usContact usAcademyPrivacyCookie policyJob Applicants Privacy Notice
solutions
Automated & collaborative case managementAll-in-one compliance solutionWeb3 compatibilityCustomer verificationBusiness verificationWallet screeningTransaction monitoring
Developers
DocumentationGithub