Inside the $120M Crypto Laundering Run That Sent Monero Surging and Forced Tether to Freeze $72 Million

A Two-Day Laundering Run in Detail

On June 11, 2026, a Tron address received 120.2 million USDT, and the entity controlling it immediately began breaking the sum apart. More than $17.5 million was sent to KuCoin deposit addresses, while another $8 million flowed to instant exchange services and cross-chain tools like Near Intents wallets . The scale of the operation was large enough to cause a visible market impact.

Later that same day, heavy Monero buy orders hit exchanges, pushing XMR from roughly $330 to about $435–$438 — a gain of 30% to 46% within 24 hours . The dramatic price move effectively broadcast the laundering attempt to every observer, even as the identity of the buyer remained hidden. As one report put it, the entity “hid its identity but broadcast its activity on every price chart” .

By June 12, ZachXBT had publicly linked the wallet to the laundering run. Tether quickly blacklisted the Tron address TBzrPEssStbZAUx2SBhD4o8Uw3FX9Ak9W, freezing 72,030,295.55 USDT . XMR consolidated near its elevated levels, trading around 5% higher than before the incident . The frozen funds represented the untouched portion of the USDT haul; the estimated $48 million gap had already been pushed through exchanges and swap services into assets where enforcement becomes extremely difficult .

The Three-Part Laundering Playbook

The incident is a textbook illustration of the laundering technique that regulators have spent years trying to dismantle:

1. Stablecoins as the entry and exit point: USDT on Tron was chosen for its speed, low fees, and liquidity . Stablecoins now function as the default settlement layer for illicit value transfer because they mimic fiat without requiring the banking system.
2. Cross-chain bridges and instant swaps as a maze: Funds were split and routed through multiple platforms and blockchains to break the on-chain paper trail. The movement encompassed centralized exchange deposit addresses, instant swaps, and cross-chain protocols, making manual tracing a race against time .
3. Privacy coins as the final sink: Once the launderer moved funds into Monero, the tracing reached a technical dead end. Monero's privacy-by-default design — ring signatures, stealth addresses, and RingCT — ensures that the destination, amount, and counterparties become unknowable to external observers.

The Regulatory Landscape Closing In

This episode didn’t happen in a vacuum. It landed at a moment of aggressive, multi-jurisdictional regulatory tightening.

EU MiCA’s final deadline: The Markets in Crypto-Assets Regulation entered full force for crypto-asset service providers (CASPs) on December 30, 2024, but a transitional grandfathering period allowed firms to continue operating under national rules. That period expires July 1, 2026 — meaning any unlicensed CASP still serving EU clients after that date will be operating illegally . MiCA's Transfer of Funds Regulation requires originator and beneficiary information for every crypto transfer, a requirement that privacy coins by design cannot satisfy .

A new enforcement authority: The EU Anti-Money Laundering Authority (AMLA) formally took over AML/CFT supervision from the EBA in January 2026 and is currently building its supervisory framework, with CASPs explicitly within its scope for direct oversight .

The Travel Rule becomes operational reality: 73% of FATF jurisdictions now actively enforce the Travel Rule, requiring virtual asset service providers to share customer information on transactions . This marks a shift from checkbox compliance to active enforcement, directly targeting the exact type of routing — through unverified instant swaps and cross-chain bridges — that the June 11 launderer used.

Stablecoin issuers as de facto enforcers: Tether has been increasingly willing to act as a frontline enforcement tool, freezing over $180 million in USDT in a single day in January 2026 alone . This turns centralized stablecoin issuers into choke points that can halt illicit flows at the settlement layer, as long as the funds remain within identifiable wallets.

Privacy coins under structural pressure: Regulators globally view anonymity-enhancing coins as a direct conflict with AML/CFT, sanctions enforcement, and tax transparency mandates . Exchanges in regulated jurisdictions are progressively delisting or restricting Monero trading pairs. MiCA doesn't explicitly ban privacy coins, but its obligation for traceability and Travel Rule compliance makes listing them economically and legally untenable for CASPs . The FATF June 2025 update further emphasized persistent gaps in Travel Rule implementation related to privacy-enhancing technologies .

The Irreducible Tension

The $120 million Monero spike surfaces a fundamental conflict that regulation hasn't resolved. The launderer successfully obscured approximately $48 million into the Monero network, where law enforcement cannot follow. But the attempt itself was so large it became visible, and Tether could still freeze the USDT that remained in the unblacklisted wallet.

Regulators are successfully closing the entry and exit points, forcing KYC at on-ramps, and turning stablecoin issuers into enforcement partners. Yet privacy coins remain the hard stop for any financial investigation. As one analysis noted, the episode was “too loud to hide” — but the portion that reached Monero is effectively gone. That asymmetry guarantees future incidents, and the regulatory response to this one is unlikely to be the last.