“For covert operations, the misconception that crypto is inherently ‘anonymous’ is hazardous… Instead, crypto provides the potential for non-attribution or deliberate exposure, depending on the type of operation.”
In the current landscape of strategic competition and irregular warfare, the ability to operate covertly in the financial domain is a critical component of mission success. As nations and non-state actors compete for influence, the tools of unconventional warfare increasingly extend beyond the kinetic. Crypto has rapidly grown as a method to store and transfer value, providing speed, global reach, and 24/7 availability. For Special Operations Forces (SOF) tasked with enabling partner elements, conducting stabilization activities, or executing sensitive missions in politically complex environments, it offers an additional tool – provided crypto’s advantages and vulnerabilities are understood and effectively managed.
This article focuses on the use of crypto at the operational and tactical level, assessing three specific requirements: (1) covert payments to civilian populations, guerrillas, and other stakeholders; (2) nonstandard acquisitions for equipping and sustaining forces; and (3) deception operations.
It explains how – despite widely held perceptions – crypto is not “anonymous,” meaning unprotected use of crypto can inadvertently reveal SOF networks and operations. Recognizing this, the article sets out methods to enhance non-attribution, considerations for selection of crypto by special operators at the field level, and the advantages of a centralized SOF capability to support effective tactical action.
Snapshot: Crypto Economy Size
As of April 2026, the total volume of crypto in circulation (“market cap”) is estimated at $2.3 trillion and 24-hour trading volumes are $83.6 billion (date: April 7, 2026). To provide a reference point, the crypto market cap is comparable with the total value of U.S. dollars in circulation, which was $2.44 trillion in 2025.
The most actively traded cryptocurrencies, meaning those with high demand and liquidity, are Bitcoin (BTC), Ethereum (ETH), and Tether (USDT). Thousands of other cryptocurrencies also exist, contributing to the overall market size.
Crypto Adoption
While the global crypto economy overall is valued at trillions of dollars, adoption varies between countries and locations within them. Higher adoption often correlates with: (1) political and economic uncertainty which destabilizes traditional currencies, creating demand for alternatives such as stablecoins; (2) lack of traditional financial infrastructure, providing a “market need” which crypto can fill; and (3) economic sanctions, which restrict access to the legitimate financial system and drive financial flows towards alternatives like crypto. Other factors influencing adoption include the regulatory environment, “crypto-fluency” among younger populations, a desire for diversified investments from wealthier individuals, and government-imposed capital controls.
The significance for SOF is that for crypto to be a useful tool, it must be widely accepted within the local area of operations. If it is not, attempts to use it may be declined or may attract unwanted attention.
While measures of adoption vary, some of the countries with the highest levels of crypto adoption are operationally significant for special operations, such as Ukraine and Venezuela, both of which are in the “top 10” for crypto adoption in 2025.
Anonymity vs Pseudonymity
Contrary to widely held perceptions, most cryptocurrencies are not anonymous. Instead, activity is “pseudonymous,” meaning that it uses “digital aliases” rather than real-world identifiers.
The technology that underpins many cryptocurrencies – including those with the highest traded volumes (Bitcoin, Ethereum, and Tether) – is called the “blockchain.” The blockchain is public and it shows the sending wallet (a unique alphanumeric sequence comparable with a bank account number), the receiving wallet, the transaction amount, and the date/time. This is visible for all transactions that have ever occurred, making it straightforward to identify networks of wallet addresses and to follow sequences of payments.
Although the wallet addresses on the blockchain are alphanumeric and do not identify the real-world identity that owns them, technical analysis can be used to make this link in some circumstances.
Attribution of wallets to real-world identities can also be uncovered using non-technical methods. In the irregular warfare context, examples of situations where wallet addresses can be attributed to an actual person include: (1) a person is compromised and reveals their wallet address to an adversary; (2) a person is subject to investigation by law enforcement who seize records or acquire details of their wallets during questioning; or (3) there is a data breach or hack and information is disclosed on wallet owner identities. Additionally, in some circumstances, an owner may openly disclose the details, such as a terrorist network that publishes their wallet address when seeking donations.
Pseudonymity: Implications for SOF Operations
The pseudonymity (rather than anonymity) of crypto has several implications for SOF covert operations. These can be illustrated using a scenario.
A SOF operator is using crypto to pay a network of guerrillas. One of the guerrillas is compromised and reveals his wallet address to an adversary. The adversary can now find his wallet on the blockchain and uncover the associated activity: the wallet that paid the guerrilla (which is the SOF operator’s wallet), the other wallets that also received payment from the SOF wallet, how much, and how often. The number of wallets receiving payments indicates the size of the guerrilla network. The date of the first payments within the network reveal when the operation commenced. And if the location of one of the real-world identities is uncovered, the location of the overall operation is also exposed.
For nonstandard acquisitions, the exposure of a SOF network could reveal the financial value of purchases, timing, and other patterns. This may expose preparations for an operation.
Importantly, an adversary can search for similar patterns elsewhere on the blockchain to identify other SOF operations. Although the wallets may be pseudonymous, identification of the network on the blockchain enables an adversary to target their efforts to attribute the wallets to real-world identities.
For these types of covert operations, countermeasures should be applied to conceal activity.
Countermeasures: Enhancing Non-attribution
To minimize attribution and maintain covert activity, countermeasures typically focus on breaking blockchain’s traceability, more effectively obscuring the link between wallets and real-world identities, and/or avoiding public blockchains. Examples of countermeasures include:
Burner wallets are temporary, single-use crypto addresses used for a specific transaction.
Cross-chain swaps convert funds between different cryptos (such as Bitcoin to Ethereum), blockchains, or jurisdictions, to make the transactional trail more difficult to follow.
Mixers/tumblers receive transactions from multiple users, combine them, then send them onwards (minus a processing fee), breaking the link on the blockchain between inputs and outputs.
Privacy coins have “privacy features” which are designed to conceal the sending address, receiving address, and/or transaction amount to increase anonymity and reduce traceability.
Peer-to-peer (P2P) exchanges allow users to buy and sell crypto directly with each other using minimal identifying information (such as only an email address). This contrasts with the formal identity verification processes often required by centralized exchanges.
In a special operations context, multiple layers of protection – “defense in depth” – can be applied depending on the sensitivity of the operation and the level of non-attribution required.
SOF Operations: Covert Payments and Non-Standard Acquisitions
Crypto offers an additional tool to special operators and has several advantages compared with other methods such as cash.
For covert payments and nonstandard acquisitions, crypto can avoid the logistical and security requirements associated with cash. Payments can also be made without the need for physical proximity between the special operator and the recipient or vendor.
Key considerations include the level of adoption and the types of crypto that are accepted. For example, Bitcoin is highly volatile and in extreme situations may vary in price by 50% in a single day, whereas stablecoins like Tether are “pegged” to the U.S. dollar and provide stability for purchases. Alternatively, in a cash-focused economy, individuals may still prefer payment in cash.
Where crypto is used, countermeasures should be carefully applied. While some methods can be effective at enhancing non-attribution, they may also attract attention. For example, the use of a privacy coin may signal that a transaction is associated with covert or illicit activity. A comparable real-world equivalent would be bringing a duffel bag of cash to deposit at a bank. Although the source of the cash (such as narcotics trafficking) may be obscured, the volume of cash indicates potentially illicit activity, and the bank will likely trigger an investigation. Depending on operational requirements, an operator may prefer to use a more widely accepted coin, such as Tether, alongside additional countermeasures, such as burner wallets.
SOF Operations: Deception Operations
The same characteristics that require careful countermeasures for use by SOF – such as the public nature of blockchain – also present opportunities for deception operations. Some examples of how crypto could be used for deception operations include:
A pattern of payments (similar to the guerrilla network scenario above) could be made to a large number of recipient wallets – even if they do not belong to actual guerrillas. By using public-blockchain crypto, this activity would be visible to the adversary, and could be one element of an operation designed to misrepresent that a large-scale guerrilla network is active.
A large crypto deposit could be made into a wallet associated with a key adversary individual or government official. In combination with non-crypto campaign elements, this could project a narrative that the individual is a foreign asset, triggering action by their own government. Alternatively, it could be presented that the deposit represents a bribe, which could be used to motivate activists in that country to engage in an uprising against the “corrupt” individual or administration.
For potential uses of crypto by special operations beyond the operational and tactical, refer to Cryptocurrency: Implications for Special Operations Forces or JSOU Quick Look: Cryptocurrency.
Conclusion
The character of conflict is evolving, and with it, the financial tools required to successfully prosecute irregular warfare. For SOF, crypto offers an additional resource at the operational and tactical level for three core activities: covert payments, nonstandard acquisitions, and deception operations.
While traditional methods remain valuable, crypto provides unique advantages in speed, reach, and the potential for non-attribution or deliberate exposure – depending on the type of operation. As this article has articulated, this potential can only be realized if operators understand that use of crypto must be precisely applied to match operational requirements.
For covert operations, the misconception that crypto is inherently “anonymous” is hazardous. Instead, the public visibility of blockchain transactions means that a failure to effectively manage crypto use can lead to significant operational compromise, exposing networks, partners, and campaigns to adversary analysis. Operators must understand the characteristics of crypto and the effective use of countermeasures to avoid these adverse impacts.
For deception operations, the same characteristics that are vulnerabilities for SOF operations, such as the public nature of blockchain activity, provide an opportunity. Intentionally making visible blockchain transactions can be one element of campaigns to misrepresent the size, activity, or timelines of covert operations, or to target specific adversary individuals.
Rather than placing the responsibility for managing this rapidly evolving and highly technical field onto operators already tasked with intense operational demands, SOF should consider establishing a centralized capability. This capability could deliver scale and specialization, continuously updating techniques as crypto and countermeasures evolve, and provisioning operators with technical infrastructure and instruction. This would ensure special operators would maximize the advantages of crypto while effectively managing its vulnerabilities.
Like other tools in the irregular warfare toolkit, crypto provides an additional resource for special operators which may be valuable depending on the operational, financial, and cultural context. In modern conflicts that increasingly intersect with digital and financial battlefields, an effective understanding of crypto and how to integrate it into both covert and deception operations is essential for mission success.