KuCoin, one of the world’s largest cryptocurrency exchanges, has pleaded guilty in the Southern District of New York to conspiracy to operate an unlicensed money-transmitting business. The exchange has agreed to pay $297.4 million in combined penalties and to exit the U.S. market for at least two years. Its founders, Chun Gan and Ke Tang, have been required to step down as part of a deferred prosecution agreement.
The DOJ’s charges, originally filed in March 2024, alleged that KuCoin — operating through its parent entity PEKEN Global Limited — knowingly served U.S. customers without registering with FinCEN, implementing a BSA compliance programme, or conducting meaningful know-your-customer checks. The exchange earned approximately $184.5 million in fees from U.S. users alone during the relevant period.
The admitted facts are comprehensive. From 2017 through at least 2023, KuCoin had no effective KYC programme. Until August 2023, users could create accounts and trade with nothing more than an email address. The exchange did not file a single suspicious activity report in the United States — despite processing what the DOJ estimates at over $5 billion in suspicious transactions, including funds from darknet markets, ransomware operations, and sanctioned-jurisdiction wallets.
KuCoin’s approach to U.S. regulations was not passive ignorance. According to the complaint, the exchange’s leadership was aware of BSA requirements and made a deliberate decision to avoid compliance because implementing KYC would drive away users and reduce trading volume. Internal communications show discussions about how to market to U.S. customers while publicly claiming the exchange did not serve them — a dual approach that mirrors the strategy DOJ identified in the Binance case.
The resolution requires KuCoin to implement a comprehensive compliance programme, retain an independent compliance consultant, and provide DOJ with periodic reporting for a three-year probationary period. The founders’ exit from the company is a notable personal consequence that goes beyond financial penalties.
Another crypto exchange, another deliberate compliance failure
The KuCoin plea is the latest in a now-familiar pattern: a major offshore crypto exchange deliberately avoids U.S. AML requirements, profits from the regulatory gap, and eventually faces criminal liability when enforcement catches up. The sequence — Binance ($4.3B, 2023), BitMEX ($100M, 2021/2024), and now KuCoin ($297M, 2025) — establishes that the DOJ has both the appetite and the toolkit to pursue offshore exchanges that serve U.S. customers.
What continues to strike me, case after case, is the deliberateness. KuCoin did not accidentally fail to implement KYC. It chose not to, because compliance would have reduced its competitive advantage. This is the same calculation Binance made. It is the same calculation BitMEX made. And in each case, the exchange was aware of the legal requirements and made a conscious decision that the revenue from unverified users was worth the regulatory risk.
From a BSA compliance standpoint, the “email-only” account creation is particularly egregious. A financial services platform that allows users to transact with nothing more than an email address has, by definition, no ability to conduct customer due diligence, screen against sanctions lists, or identify suspicious activity. The entire compliance architecture depends on knowing who your customer is. Without that foundation, everything else is performative.
The $5 billion in suspicious transactions is a number that deserves attention. It suggests that a significant portion of KuCoin’s volume was illicit or at minimum suspicious — and that the exchange was either unable or unwilling to identify and report it. For the victims of ransomware attacks, darknet market fraud, and other crimes whose proceeds flowed through KuCoin, the exchange’s decision to forgo compliance was not a regulatory abstraction. It was a direct enabler of the crimes committed against them.