Why CEX-Sourced Crypto Is Considered Clean

In crypto compliance there is an unspoken rule: if funds come from a large centralized exchange (CEX), they are treated as clean. AML services, such as Chainalysis, Crystal, or AMLBot, usually mark such transactions in green and assign them a low risk score.

However, this logic looks counterintuitive once you start following the news of the last few years. The biggest CEXs regularly appear in investigations about money laundering, sanctions evasion, and terrorism financing. Some of these cases end with guilty pleas, massive fines, and even prison sentences.

So why does the crypto economy still treat these exchanges as guarantors of clean funds, despite proven involvement in shady schemes? Let’s try to figure that out. I will briefly revisit the most high profile cases, draw some parallels with the banking sector, and look at how AML systems actually work.

I also have another article on Medium about AML in crypto: AML terrorism. If you’re interested in this topic, feel free to subscribe.

What are CEXs accused of?

To understand the scale of the paradox, we need to look at how serious the accusations against the very platforms that now serve as sources of clean crypto actually are.

Case 1: The Coin Laundry investigation by ICIJ

The International Consortium of Investigative Journalists (ICIJ), in its Coin Laundry project, gives a detailed picture of how criminals use crypto exchanges. The investigation focuses in particular on how hundreds of millions of dollars connected to cybercrime and drug trafficking have flowed through major exchanges like Binance and OKX.

In essence, the accusations boil down to exchanges ignoring their own anti-money-laundering rules. Chasing liquidity and user growth, they allegedly look the other way when it comes to suspicious transactions, allowing mixers* and darknet marketplaces to freely deposit and withdraw funds. The investigation stresses that exchanges are not just passive bystanders but function as actual laundromats where dirty crypto gets mixed with clean coins and loses its digital trace.

*I would like to stress that personally I do not think merely passing through mixers is enough to call crypto “dirty”. But the AML policies of many crypto platforms are built on the opposite assumption.

Screenshot by @mattmcman_s

The investigation showed in particular that Binance received at least 408 million dollars worth of crypto from Huione Group, a company accused of ties to criminal organizations involved in human trafficking and large scale fraud. Funds continued to flow to Binance even after its management admitted to breaking AML rules in November 2023, and even after the US Treasury in May 2024 officially labeled Huione a “primary money laundering concern”. OKX also received more than 226 million dollars from the same source after its own guilty plea in February 2024.

Case 2: A lawsuit over terrorism financing

An even more alarming case is a recent lawsuit filed by families of victims of the Hamas attack in Israel on October 7, 2023. The lawsuit targets Binance. According to Bloomberg, the plaintiffs claim that the exchange knowingly facilitated transactions linked to Hamas and other groups designated as terrorist organizations in the United States.

The claim argues that the exchange provided a platform for terrorism financing by failing to block accounts connected to these organizations despite clear red flags. This accusation strikes at the most publicized pillar of AML — combating the financing of terrorism (CFT).

If an exchange is accused of letting terrorist money through, why do funds coming off that same platform light up in a reassuring green in an AML checker?

Three hypotheses: Why exchange funds remain clean

These are not the only scandals of this sort. Yet CEXs still enjoy privileged status inside AML systems. I see three main reasons why this might be the case.

1. The alternative would be AML paralysis

CEXs are giant pools of liquidity. When dirty coins hit an exchange hot wallet, they effectively get mixed with millions of clean coins belonging to other users. They all end up on common exchange addresses, and every withdrawal from the exchange is a withdrawal from that shared pool.

Tagging an entire hot wallet as dirty just because hackers sent money there would cripple the whole screening system. In today’s crypto economy, CEXs act as financial hubs. A huge share of all financial flows runs through them. If such hubs were labeled High-Risk, most of the crypto in circulation would have to be treated as dirty. That would completely undermine the point of AML checks.

Over time, almost all cryptocurrency would become contaminated except for those coins that never trade on exchanges. AML for the major blockchains would essentially lose its meaning. And AML is not a charity initiative — it is a business. Which AML provider would willingly kill their own business?

So the industry defaults to a pragmatic compromise: major CEX clusters are trusted by default, otherwise the entire screening ecosystem collapses.

2. Exchanges are improving

The situation with crypto exchanges is not unique. It closely mirrors how the traditional financial system (TradFi) operates. There, financial hubs are banks, and the biggest of them regularly land in the middle of money laundering scandals. But one of the most striking differences between bank scandals and exchange scandals is the difference in consequences.

In 2012, HSBC was caught laundering at least 881 million dollars tied to drug cartels and facilitating transactions for sanctioned countries such as Iran, Cuba, Libya, and Sudan. The punishment was severe: a 1.9 billion dollar fine. But the CEO avoided criminal charges, and the bank continued operating as usual.

Nine years later, in 2021, HSBC was fined again — 63.9 million pounds — for weaknesses found in its AML systems. Again, only a fine, with no one going to prison.

When Binance’s management admitted to similar violations in November 2023, the outcome was qualitatively different. The fine came to 4.3 billion dollars — the largest in the history of the US Treasury. And that was only the beginning. CEO Changpeng Zhao paid a separate 50 million dollar fine, had to step down, and was sentenced to four months in prison followed by two years of probation. The company continued operating under the supervision of court appointed monitors tasked with checking whether its operations comply with AML laws.

And exchanges are scared. The ICIJ investigation shows that they have not completely stopped processing dirty crypto. Nevertheless, other reports indicate that the share of illegal activity on centralized exchanges has recently fallen to a record low. (Yes, I understand that the source of this data is Binance itself. But that doesn’t mean the people running AML labeling systems ignore it — at the very least they take it into account.)

3. We misunderstand what clean really means

Compliance teams at organizations receiving crypto are not interested in the moral purity of incoming coins. They don’t even care that much whether the funds once passed through criminal hands or whether that’s only a suspicion. What they care about most is their own cleanliness in the eyes of the police and regulators.

What if law enforcement shows up and asks where this crypto came from? Will they be able to pass the buck to someone else, or will they end up holding the bag?

If the crypto arrived from an address known to belong to a CEX, there is no problem with redirecting the questions: “The funds came from them, so talk to them. We are clean.” But if the address the crypto came from raises questions, then compliance departments at any serious organization working with crypto need answers. If there are answers, the crypto is clean. If there are no answers, there is a risk it is dirty.

That is the sense in which crypto received from CEXs is treated as clean. The recipient can remain clean in the eyes of the police because they can point law enforcement further down the chain.

A few years ago, I personally had a case where bitcoins I sent from Kraken to another platform triggered questions from the recipient. They told me that, according to their AML system, the risk level of those coins was High. Most likely, the address Kraken used for that withdrawal had not yet been recognized as belonging to the exchange. I had to provide proof that the bitcoins came from Kraken. After that, the recipient processed the deposit.

Conclusion

I think all three hypotheses are partly true.

• CEXs have become too big for AML monitoring providers to risk labeling them as dirty. Doing so would effectively bury AML in crypto.
• CEXs do try to ensure that the bulk of dirty funds does not arrive directly from crimes. Typically, such funds are first routed through several bridges, mixers, and DEXs.
• The paradox that even funds from CEXs caught violating the rules are considered clean is explained by the pragmatism of the financial system. In AML, clean does not mean the sender is flawless — it means the sender is identifiable. If the sender is known, all further questions are addressed to them.

What if you swap not on a CEX but on rabbit.io? Many users choose us because our swaps are as simple as possible, require no registration, and offer the best rates. But the address you receive crypto from is unknown to AML systems and is not automatically labeled as clean. Could that be a problem?

No.

When you make a swap on rabbit.io, you will see a page URL in your browser that contains all the information about this swap. It looks like this: https://rabbit.io/order/****-******-****

Nobody but you knows this link. But if someone asks you to explain where your crypto came from, you can simply send them this URL. If you lose the link, you can still find it in your browser history. The order page shows the amount [1], the address [2], the time of the swap [3], and the TxID [4].

As you can see, it is easy to verify the source of funds. And just like with CEXs, it is perfectly clear who should get the follow-up questions if they ever arise.