Child Sexual Abuse Websites Double in One Year, Driven by Profit and Easy Access

TL;DR: The number of commercial child sexual abuse websites rose to 15,031 in 2025, a 114% increase from 7,028 in 2024, while reports of sextortion against minors climbed 127% year‑over‑year.

The Internet Watch Foundation (IWF) compiled the figure after scanning public web pages and social media platforms for commercial child sexual abuse material.

An unnamed analyst involved in the report said that the worst categories of content can be located on any major platform with as little as one search term and two clicks, contradicting the belief that such material is hidden in dark corners.

In 2025, 5% of the identified sites required direct payment for access, up from 2% in 2024, indicating a growing monetisation model.

Prices for individual items ranged from $12 to $120, with cryptocurrency serving as the primary payment method, supplemented by money‑transfer services and card payments.

Sixteen percent of sites used legal‑looking façades to mask illegal content, and analysts described the revenue flow as a pyramid scheme driven by affiliate links and advertising clicks.

These findings show that abusive material is increasingly present in plain sight on mainstream services, reducing the technical barrier for both consumers and perpetrators.

Concurrently, reports of sextortion involving victims under 18 rose by 127%, suggesting offenders are using stolen imagery to extort additional payments or further exploitation.

Defenders should monitor financial flows for known CSAM‑related wallet addresses and flag rapid micro‑payments to newly created crypto addresses as a potential indicator of illicit sales.

Implementing URL‑filtering rules that detect legal‑looking redirects to prohibited content can catch the disguised sites, while sharing hash‑sets of confirmed abusive images with platforms enables automated detection under MITRE ATT&CK technique T1041 (Exfiltration Over C2 Channel) adapted for content sharing.

The IWF urges payment processors to adopt mandatory screening of transaction links, and recommends that firms using end‑to‑end encryption integrate client‑side scanning tools that meet privacy safeguards to prevent abuse of encrypted channels.

Watch for upcoming UK regulatory proposals that would impose compulsory reporting duties on payment processors and social media firms, as well as advances in AI‑based classifiers designed to detect new variants of abusive material without compromising user privacy.