A coalition of law enforcement agencies from Europe and the United States have announced the successful takedown of ChipMixer, an unlicensed cryptocurrency mixer that has been operating since August 2017.
“The software used by ChipMixer effectively blocked the blockchain trail of funds, making it an attractive option for cybercriminals looking to launder the proceeds of illegal activities such as drug trafficking, weapons trafficking, ransomware attacks, and payment card fraud” Europol stated.
Other than dismantling both the clearnet and dark web websites associated with ChipMixer, the operation also saw the seizure of $47.5 million worth of Bitcoin and 7 terabytes of data.
Mixers, also known as tumblers, provide users with full anonymity in exchange for a fee by mixing cryptocurrency from different sources – including legitimate and illegally obtained funds – in a way that makes it difficult to trace their origins. The process involves combining different payments into a single pool before splitting them up and transmitting them to their intended recipients. As a result, criminals have found it to be an attractive option for laundering illicit funds and exchanging them for fiat currency.
According to a report by Chainalysis in January 2023, mixers were used to process a total of $7.8 billion in 2022, with 24% of that amount coming from illicit sources. The vast majority of the illicit value processed by mixers was made up of stolen funds, most of which were stolen by hackers linked to North Korea.
ChipMixer is estimated to have laundered at least $3.75 billion worth of digital assets, including 152,000 Bitcoin, to further a range of criminal schemes. Blockchain analytics firm Elliptic reported that the service has been used to launder over $844 million in Bitcoin that can be directly linked to criminal activity.
“ChipMixer was one of a variety of mixers used to launder the proceeds of hacks perpetrated by North Korea’s Lazarus Group,” Elliptic’s co-founder, Tom Robinson, stated.
The Lazarus Group is not the only notorious actor that has utilized the services of a cryptocurrency mixing platform to conceal their financial tracks. LockBit, Sodinokibi (also known as REvil), Zeppelin, Mamba, Dharma, and SunCrypt, are among the other prominent ransomware gangs that have availed themselves of the same service.
Last year’s Axie Infinity Ronin Bridge and Harmony Horizon Bridge hacks, as well as the KuCoin theft in September 2020, are some of the notable instances in which cryptocurrency mixing services have been utilized.
ChipMixer, the platform in question, is reported to have attracted over $200 million in Bitcoin, with $60 million coming from customers of the now-defunct Hydra, a darknet marketplace. According to the United States Department of Justice (DoJ), the mixing service has also processed cryptocurrency used by the Russia-linked APT28 hacking group (also known as Fancy Bear or Strontium) to obtain infrastructure used in conjunction with the Drovorub malware.
In conjunction with the crackdown, the DoJ has also indicted a 49-year-old Vietnamese national, Minh Quốc Nguyễn, for his role in the creation and operation of ChipMixer’s online infrastructure and advertising of its services.
“ChipMixer facilitated the laundering of cryptocurrency, specifically Bitcoin, on a vast international scale, abetting nefarious actors and criminals of all kinds in evading detection,” U.S. Attorney Jacqueline C. Romero said in a press release.
“Platforms like ChipMixer, which are designed to conceal the sources and destinations of staggering amounts of criminal proceeds, undermine the public’s confidence in cryptocurrencies and blockchain technology.”
With the dismantling of ChipMixer, the world’s largest centralized cryptocurrency mixer service. This move comes just weeks after suspected core members of the DoppelPaymer ransomware gang were targeted with “penal procedures.”
Governments around the world are continuing their efforts to combat cybercrime, with the latest development being the dismantling of ChipMixer, the world’s largest centralized cryptocurrency mixer service. This move comes just weeks after suspected core members of the DoppelPaymer ransomware gang were targeted with “penal procedures.”
ChipMixer is not the first mixer service to face legal action in recent years. Bestmixer, Blender, and Tornado Cash have all been disrupted, with the latter two sanctioned by the U.S. Treasury Department in 2022 for their role in helping the Lazarus Group and other threat actors launder their illicit proceeds.