Treasury report links crypto and VPNs to rising money laundering threat in UK gambling

Crypto casinos, VPN circumvention, and AI-generated identity fraud are contributing to the UK casino sector’s upgraded money laundering (ML) risk, according to the UK Treasury’s 2025 National Risk Assessment (NRA).

The report warns that both licensed and illegal platforms are being exploited, especially through crash games prevalent in crypto gambling, even as UK regulations prohibit such operations domestically. Operators with weaker geo-blocking and anti-money laundering (AML) systems remain particularly exposed.

Online gambling growth and laundering methods

The Treasury attributed the increased ML risk classification—from low to medium—to the growth of online gambling and post-pandemic behavioral shifts.

The report cites a surge in online casino transactions and new laundering typologies involving gambling as a method to obscure illicit funds. Criminals use gambling platforms both to spend criminal proceeds and to deliberately launder money by gambling and then withdrawing through legitimate payment channels.

Crash games and crypto casinos

Crash games, characterized by rapid gameplay and quick cash-outs, are identified as an emerging laundering risk. The Treasury noted these games are common in crypto casinos, which remain illegal if accessible within the UK, but some licensed operators have begun offering them.

“The increased interest from the regulated casino market in crash games may pose an opportunity to launder criminal funds through GB-regulated operators,” the report states. “As there is an incentive for legitimate customers to use these games in a similar way as may be useful to criminals, criminals could conceal the high-risk behaviour of cashing out quickly with limited gameplay within the context of the crash game (where these behaviours are inherently more common).”

White-label risks and VPN abuse

White-label partnerships, where third parties operate under a licensee’s platform, remain a concern. Although less common, the Treasury noted that risks persist when providers manage numerous websites, potentially extending vulnerabilities across multiple platforms if AML controls fail.

The report also cited the use of VPNs to disguise user locations, enabling access to UK-licensed platforms from high-risk jurisdictions. Platforms with less robust geo-blocking and AML systems are more susceptible to such abuse.

There is also a noted increase in the use of false identities and AI-generated documents to bypass onboarding checks. Additionally, 12.5% of remote casinos failed to meet customer due diligence (CDD) standards in 2024, up from 7% in 2023. Enhanced due diligence (EDD) was not applied on a risk-sensitive basis by 41% of operators, compared to 11% the prior year.

The report also noted that remote slot game income increased 52% since 2020, reaching £3.6 billion.