2025 Crypto Crime Report: See the key trends that shaped the illicit crypto market over the past year. Read the report

Request a demo
Search
Search
Insights
May 21, 2025

Sextortion, Deepfakes, and the Financial Infrastructure Behind Digital Exploitation

TRM BlogInsights
Sextortion, Deepfakes, and the Financial Infrastructure Behind Digital Exploitation

The Take It Down Act: A landmark step

On May 19, 2025, US President Donald Trump signed the Take It Down Act into law, creating the first federal criminal penalties for distributing non-consensual explicit imagery. This includes artificial intelligence (AI)-generated deepfakes, which can be used for sextortion, and revenge porn. 

The law mandates swift content takedowns by online platforms and empowers the Federal Trade Commission to enforce compliance. It reflects growing bipartisan recognition that generative AI (genAI) has amplified the scale and severity of digital abuse, particularly against women and minors.

The role of cryptocurrency in sextortion

Sextortion, in its current form, increasingly involves bad actors using AI-generated explicit images or videos to coerce victims — often adolescents, women, or public figures — into paying to avoid public exposure. These schemes can begin with cybercriminals scraping victims’ photos from social media, then using AI tools to process them and fabricate convincing, though false, intimate content. The bad actors then threaten to publicly share the content unless victims pay a ransom, often in cryptocurrency.

The payments are often fragmented and structured to avoid detection. Addresses associated with known sextortion rings can exhibit patterns — multiple incoming payments in small denominations, followed by rapid outbound transfers.

In some cases, TRM has observed ransom payments sent to addresses with limited obfuscation — including two that led directly to centralized exchange deposit addresses, and a third that was only two hops away. This pattern suggests that some sextortion scams are operationally simple and may offer clear, actionable leads for investigators. Rather than relying on advanced laundering techniques, these schemes often prioritize speed and accessibility, creating opportunities for early intervention at key financial exit points. This underscores the importance of timely reporting and strong compliance protocols at virtual asset service providers (VASPs).

TRM’s Graph Visualizer shows sextortionist addresses. The first receives funds and then deposits at an exchange in two hops, and the other two addresses are deposit addresses at exchanges. This shows the sextortionists’ unsophisticated obfuscation techniques.

How romance scams and sextortion intersect

TRM has found that many sextortion incidents are scams in which perpetrators pose as romantic partners to obtain intimate images, later using those images to extort victims. Although most cases to date involve real content shared voluntarily, genAI is lowering the barrier to entry for fabricating convincing explicit imagery, and increasing the potential scale and psychological impact of these schemes. Furthermore, AI is reshaping how abuse is carried out, making scams more scalable, persuasive, and difficult to detect.

Deepfakes and the industrialization of exploitation

As covered in TRM’s AI-enabled fraud report and our TRM Talks episode with Dr. Hany Farid, the combination of genAI and pseudonymous payment systems has industrialized sextortion. Threat actors no longer rely on real content; the line between what is authentic and what is fabricated is increasingly irrelevant. The psychological leverage remains the same, and the resulting financial transactions continue to drive demand.

Groups running these schemes now operate with playbooks. They use scalable AI tools to generate deepfakes, encrypted messaging platforms to distribute threats, and cryptocurrency infrastructure to extract and launder payments. The model is low-cost, high-yield, and resilient — especially when it intersects with cash-out points that do not enforce strong compliance standards such as cryptocurrency platforms with lax or no Know Your Customer (KYC) standards.

How the act aims to help victims take back control

The Take It Down Act marks a significant shift in how victims can assert control over nonconsensual explicit imagery. Crucially, it removes the need to prove a victim’s age — now, any individual can request takedown of content simply by affirming that it was shared without consent. This lowers the barrier for legal recourse and could increase pressure on major adult content platforms, especially as cases like the ongoing lawsuit against Pornhub draw attention to systemic failures in consent verification. However, there are still challenges: victims need to locate the content online, and when AI-generated media is involved, legal action may hinge on whether the imagery is both convincing and clearly tied to an identifiable individual.

The need for complementary action

The Take It Down Act directly targets the dissemination of harmful content and creates new legal tools to hold perpetrators accountable. However, addressing the financial dimension of sextortion will require coordinated, sustained efforts from law enforcement and the private sector.

Law enforcement agencies must be equipped with the capacity and technical support to trace ransom payments, intervene early in laundering pathways, and coordinate across jurisdictions. At the same time, VASPs — particularly those functioning as cash-out nodes — must implement and enforce robust compliance programs. That includes customer due diligence, transaction monitoring, and proactive engagement with investigators when red flags emerge.

Compliance and enforcement at these financial exit points are essential to disrupting the profitability of these schemes. While content takedowns are critical to victim protection, long-term deterrence depends on disabling the monetization infrastructure that sustains the abuse.

Conclusion

The Act represents a significant step forward in combating the spread of nonconsensual explicit material, particularly as new technologies amplify both the scale and sophistication of these attacks. But sextortion is not only a content problem; it is also a financial crime.

Addressing this threat effectively will require more than legislation. It will demand collaboration across the digital asset ecosystem — between regulators, compliance teams, law enforcement, and blockchain intelligence firms — to track illicit flows, identify actors, and close the financial channels that incentivize abuse. 

TRM Labs continues to support those efforts through intelligence, analytics, and investigative support to help protect victims and restore accountability in a rapidly evolving threat landscape.

This is some text inside of a div block.
Subscribe and stay up to date with our insights
arrow right
May 7, 2025

AI-enabled Fraud: How Scammers Are Exploiting Generative AI

arrow right
March 28, 2025

The Evolving CSAM Landscape: Vendors Increasingly Leveraging AI As They Return to the Dark Web

arrow right
March 21, 2025

Thai Police Arrest German National For Selling CSAM in the Dark Web Based on Tip from HSI

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
No items found.
A judge's gavel rests beside a stack of gold-colored cryptocurrency tokens, including Bitcoin, Dogecoin, Ethereum, and others, symbolizing the intersection of digital assets and regulatory or legal oversight.
REGULATORY ACTION TRACKER
Stay updated on the latest crypto-linked regulatory actions available in the public domain
Check it out →
Screenshot of the splash page used by law enforcement agencies following the takedown of Garantex, with bold red lettering reading, "This domain has been seized," along with the logos of various international law enforcement agencies involved in the action.
BLOG
Learn more about the global law enforcement operation that took down Garantex
Read the post →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
2025 Crypto Crime Report: Explore how the crypto crime landscape evolved over the past year
DIG IN NOW →
Bright blue fiber optic cables on a dark blue background, with flashes of white sparks interspersed throughout.
REPORT
As AI technology becomes more sophisticated, so will the ways in which criminals use it. See what TRM is doing to counter AI-enabled crime.
FIGHT AI WITH AI →
Illustration of cryptocurrency crime on a dark blue background featuring bright blue and white blockchain symbols (including Bitcoin and TRON), financial graphs, and a hacker icon.
REPORT
The crypto crime landscape saw significant shifts in 2024, including decreases in illicit volumes. Dig into the data here.
PREVIEW THE CRYPTO CRIME REPORT →
Cork board with mugshots of Heather "Razzlekhan" Morgan and Ilya Lichtenstein, with their names written in handwritten script below their photos, and push pins on the board connected by red string.
DOCUMENTARY
Stream “Biggest Heist Ever” and get a behind-the-scenes peek from the TRM team
CHECK IT OUT →
A light blue two dimensional circle (representing a stablecoin) floating against dark blue and white curved lines (representing waves), with thin dotted blue and white lines overhead to represent wind.
REPORT
Explore the macro trends and jurisdictional developments that shaped the global crypto policy landscape in 2024
READ THE REPORT →
Illustration on a dark blue background showing a bug and exclamation mark (representing illicit activity), a globe with pin points, a coin, and a bar chart.
REPORT
See the countries with the highest rates of crypto adoption — and the highest rates of exposure to illicit activity
READ THE REPORT NOW →
A blue rectangle with geometric shapes in the background and dots connected by thin lines in the foreground, representing connections on the bockchain.
WHITE PAPER
Explore four ways TRM improves compliance in the modern sanctions enforcement era
Download the white paper →
Illustration of a pig butchering chart featuring various cryptocurrency logos in each section, with a bright blue sheriff's badge on top, symbolizing law enforcement's role in combating fraud.
CASE STUDY
See how Deputy District Attorney Erin West and the REACT Task Force are fighting back against pig butchering
WATCH THE VIDEO →
Illustration of an eye, skull and crossbones, and a pie chart on a light blue background, symbolizing the dangers of crypto scams and financial fraud.
REPORT
Explore the key trends that shaped that the illicit crypto economy in 2023
GET THE REPORT →
Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT