Cryptocurrency has become a popular way to conduct transactions online, but it has also become a popular tool for cybercriminals. One of the ways they have been able to use crypto to their advantage is through the use of cryptocurrency mixers. These mixers are designed to obscure the origin of digital assets, making it difficult for law enforcement to track down the source of illegal activity.
One of the largest cryptocurrency mixers in the world is, or rather was, ChipMixer. ChipMixer was an unregulated mixer that had been in existence since 2017. It is estimated to have laundered more than $3 billion worth of digital assets to further a wide range of criminal schemes, according to the United States Justice Department.
The mixer was recently shut down by a coalition of law enforcement agencies across Europe and the U.S. The operation included the court-authorized seizure by German authorities of two domains, a GitHub account belonging to ChipMixer, and more than $46 million in cryptocurrency.
U.S. Attorney Jacqueline C. Romero for the Eastern District of Pennsylvania discussed the landmark case:
"ChipMixer facilitated the laundering of cryptocurrency, specifically Bitcoin, on a vast international scale, abetting nefarious actors and criminals of all kinds in evading detection. Platforms like ChipMixer, which are designed to conceal the sources and destinations of staggering amounts of criminal proceeds, undermine the public's confidence in cryptocurrencies and blockchain technology.
The Justice Department also shared that ChipMixer attracted some intriguing clientele and transactions, which included:
- $17 million in Bitcoin for criminals connected to approximately 37 ransomware strains, including Sodinokibi (REvil), Mamba, and Suncrypt
- Over $700 million in Bitcoin associated with wallets designated as stolen funds, including those related to heists by North Korean cyber actors from Axie Infinity's Ronin Bridge and Harmony's Horizon Bridge in 2022 and 2020, respectively
- More than $200 million in Bitcoin associated either directly or through intermediaries with darknet markets, including more than $60 million in Bitcoin processed on behalf of customers of Hydra Market
- More than $35 million in Bitcoin associated either directly or through intermediaries with "fraud shops," which are used by criminals to buy and sell stolen credit cards, hacked account credentials, and data stolen through network intrusions
- Bitcoin used by the Russian General Staff Main Intelligence Directorate (GRU), 85th Main Special Service Center, military unit 26165 (aka APT 28) to purchase infrastructure for the Drovorub malware, which was first disclosed in a joint cybersecurity advisory released by the FBI and National Security Agency in August 2020
In connection to the case, Minh Quốc Nguyễn, 49, of Hanoi, Vietnam, was charged in Philadelphia with money laundering, operating an unlicensed money transmitting business, and identity theft connected to the operation of ChipMixer, and faces a maximum prison sentence of 40 years.
The national authorities involved in this operation that led to the shutdown of ChipMixer included the Belgium Federal Police, Germany's Federal Criminal Police Office, Poland's Central Cybercrime Bureau, Switzerland's Cantonal Police of Zurich, and the U.S. FBI, Homeland Security, and DOJ.
Follow SecureWorld News for more stories related to cybersecurity.