The U.S. Department of Justice (DOJ) has accused ChipMixer of facilitating money laundering for various illegal activities, including ransomware, darknet markets, fraud, and state-sponsored actors.
A Joint Force
According to the European Union Agency for Law Enforcement Cooperation (Europol), authorities from Germany and the U.S. have seized around 44 million euros ($46.3 million) from ChipMixer, a well-known cryptocurrency mixer.
This move is part of a coordinated international takedown of ChipMixer, a darknet cryptocurrency “mixing” service that has laundered over $3 billion worth of cryptocurrency between 2017 and the present. This service has been involved in various activities, including ransomware, darknet market, fraud, cryptocurrency heists, and other hacking schemes.
As part of the operation, the U.S. federal law enforcement seized two domains that directed users to the ChipMixer service and one Github account. Meanwhile, the German Federal Criminal Police (the Bundeskriminalamt) seized the ChipMixer back-end servers and over $46 million in cryptocurrency. The Justice Department announced this operation today, highlighting the involvement of both U.S. and German authorities.
This move against ChipMixer is a significant development in the fight against cryptocurrency-related crimes. The seizure of cryptocurrency from such a large-scale operation shows that authorities are taking a more proactive approach to combatting illicit activities in the digital asset space. It is hoped that this operation will serve as a deterrent to those engaged in similar activities and help to further regulate the cryptocurrency industry.
According to the complaint, ChipMixer was popular among criminals and played a crucial role in obscuring and laundering funds from various criminal schemes. From August 2017 to March 2023, the platform processed:
- $17 million in bitcoin for criminals linked to around 37 ransomware strains, including Sodinokibi, Mamba, and Suncrypt.
- Over $700 million in bitcoin linked to wallets marked as stolen funds, including those associated with heists by North Korean cyber actors from Axie Infinity’s Ronin Bridge and Harmony’s Horizon Bridge in 2020 and 2022, respectively.
- More than $200 million in bitcoin associated with darknet markets, including over $60 million in bitcoin processed for customers of Hydra Market, the biggest and longest-running darknet market until its closure in April 2022 by U.S. and German law enforcement.
- More than $35 million in bitcoin connected to “fraud shops,” which are utilized by criminals to purchase and sell stolen credit cards, hacked account credentials, and data obtained through network intrusions.
- Bitcoin used by the Russian General Staff Main Intelligence Directorate (GRU), 85th Main Special Service Center, military unit 26165 (also known as APT 28) to acquire infrastructure for the Drovorub malware. The malware was first revealed in a joint cybersecurity advisory released by the FBI and National Security Agency in August 2020.
The authorities took down the platform’s infrastructure, seizing four servers, 7 terabytes of data and 1909.4 bitcoins (BTC) ($47.7 million), Europol said on Wednesday. The seizure was also supported by Belgium, Poland and Switzerland.
Ransomware Groups Involvement
The U.S. Department of Justice (DOJ) has accused ChipMixer of facilitating money laundering for various illicit activities, including ransomware, darknet markets, fraud, and state-sponsored actors. The platform is alleged to have laundered 152,000 BTC, equivalent to approximately $3.8 billion at current prices, since 2017, with a significant portion connected to ransomware groups, child sexual exploitation, and illicit goods trafficking.
Minh Quốc Nguyễn, one of the operators of ChipMixer from Hanoi, Vietnam, was charged on Wednesday in Philadelphia with identity theft, operating an unlicensed money transmitting business, and money laundering, according to the DOJ.
ChipMixer enabled criminal activities such as the laundering of over $700 million in bitcoin associated with wallets marked as stolen funds, including those linked to heists by North Korean cyber actors. The platform was also used by the Russian General Staff Main Intelligence Directorate (GRU) to purchase infrastructure for Linux-based malware Drovorub.
The allegations against ChipMixer reveal the significant role played by the platform in enabling criminal activities, as well as the importance of coordinated international efforts to bring such operations to justice. The charges against the operator of ChipMixer, along with the coordinated efforts of law enforcement agencies from the U.S. and Germany, demonstrate a commitment to disrupting the infrastructure and networks that facilitate illicit activities in the cryptocurrency space.
Mixing services gained increased prominence in August 2022 when Ethereum-based mixer Tornado Cash was sanctioned by the U.S. Treasury Department’s Office of Foreign Asset Control for facilitating North Korea’s money-laundering operations. Shortly after that, Tornado Cash’s web developer Alexey Pertsev was arrested.
The big question now is, will this affect the crypto market generally or only the crypto mixing niche?