ChipMixer, an unauthorised cryptocurrency mixer that started operations in August 2017, was shut down by a consortium of European and American law enforcement authorities.
“The ChipMixer software blocked the blockchain trail of the funds, making it attractive to cybercriminals seeking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking, ransomware attacks, and payment card fraud,” Europol stated.
In addition to shutting down the clearnet and darknet sites connected to ChipMixer, the coordinated operation also netted authorities $47.5 million in Bitcoin and 7 terabytes of data.
Mixers, also known as tumblers, provide complete anonymity for a fee by mixing the bitcoin of many users in a way that makes it difficult to track the source of the cash.
An tempting alternative for criminals wishing to cash out and swap the contaminated money for fiat currency is to combine many contributions into a single pool before dividing up each amount and distributing it to chosen receivers.
In 2022, mixers processed $7.8 billion, 24% of which came from illicit addresses, and “the vast majority of illicit value processed by mixers is made up of stolen funds, the majority of which were stolen by North Korea-linked hackers,” according to a report published by Chainalysis in January 2023.
The biggest centralised crypto mixer service, ChipMixer, is suspected of laundering at least $3.75 billion (152,000 BTC) for use in nefarious endeavours.
According to Elliptic, a blockchain analytics business, approximately $844 million in Bitcoin tied to criminal activities was laundered using ChipMixer.
According to Tom Robinson, co-founder and chief scientist of Elliptic, “ChipMixer was one of a variety of mixers used to launder the proceeds of hacks perpetrated by North Korea’s Lazarus Group.”
This includes the Axie Infinity Ronin Bridge and Harmony Horizon Bridge breaches from last year, as well as the KuCoin heist from September 2020.
Many well-known companies, not only the Lazarus Group, have utilised this service to cover their financial footprints. Ransomware groups including LockBit, Sodinokibi (aka REvil), Zeppelin, Mamba, Dharma, and SunCrypt are also major players.
More than $200 million in Bitcoin associated with transactions made on darknet marketplaces, including $60 million from users of the defunct Hydra, are believed to have been drawn to ChipMixer.
The United States Department of Justice (DoJ) claims that the cryptocurrency mixer platform was used by the Russian-affiliated APT28 hacking organisation (also known as Fancy Bear or Strontium) to acquire infrastructure utilised in conjunction with the Drovorub malware.
The Department of Justice (DoJ) has also filed charges against 49-year-old Vietnamese citizen Minh Quc Nguyn for his part in developing and maintaining ChipMixer’s internet infrastructure and promoting the site’s services.
U.S. Attorney Jacqueline C. Romero said that “ChipMixer enabled the global laundering of cryptocurrency, specifically Bitcoin, aiding nefarious actors and criminals of all kinds in evading detection.”
“platforms like ChipMixer undermine public confidence in cryptocurrencies and blockchain technology because they are designed to conceal the sources and destinations of staggering amounts of criminal proceeds.”
This comes after “penal procedures” were begun against alleged core members of the DoppelPaymer ransomware group a few weeks ago, and is the latest in a line of law enforcement operations conducted by countries throughout the globe to confront cybercrime.
Following the closure of Bestmixer, Blender, and Tornado Cash—the latter two of which were sanctioned by the U.S. Treasury Department last year for aiding Lazarus Group and other threat actors in laundering ill-gotten proceeds—ChipMixer is the fourth mixer service to be banned in recent years.
