German and US authorities, with support from Europol, have targeted the ChipMixer service, a cryptocurrency mixer well-known in the cybercriminal underworld. According to the Federal Criminal Police Office (BKA) and the Central Office for Combating Internet Crime (ZIT), the concerted action has shut down the world’s top-selling money laundering service on the Darknet.
As the investigators announced on Wednesday, in addition to the server infrastructure and data of around seven terabytes, 1909.4 bitcoins (equivalent to around 44 million euros) were also secured. This is the highest level of crypto assets secured by the BKA to date.
The operators of Chipmixer stand according to investigators among other things suspected of having operated commercial money laundering and a criminal trading platform on the Internet. The US agency FBI (Federal Bureau of Investigation) looking for the main suspect. A spokesman for the ZIT in Frankfurt did not rule out that suspects would also be identified in Germany.
Anonymity through mixing
According to the information provided, Chipmixer was a service operated from mid-2017, which primarily accepted Bitcoin with suspected criminal origins in order to pay them out again after concealment processes – the so-called “mixing”. According to the investigators, to make investigations more difficult or to prevent them altogether, the deposited crypto assets were divided into small amounts – so-called chips. The chips of the users were then mixed up and the origin of the funds was hidden in this way. The Chipmixer portal has promised its users complete anonymity.
Contrary to what is often assumed, Bitcoin does not offer anonymity without additional tools. Users are only protected by pseudonyms, payments can be traced in the publicly visible blockchain. In principle, mixing services collect transactions from those who want to mix them in a large pool and from there send the users’ money to fresh addresses. If enough participants are involved and the payouts are skilfully broken down, the flow of money can then hardly be understood by outsiders.
Popular with ransomware crooks
Investigators assume that “ChipMixer” has laundered crypto assets of around 154,000 Bitcoin or 2.8 billion euros since 2017. A large part of this money is said to come from Darknet marketplaces and from ransomware groups such as Zeppelin, SunCrypt, Mamba, Dharma or Lockbit.
The movement pattern of the prime suspect’s Android phone from September 2016 to March 2022 in Hanoi, Vietnam with nearly 150,000 connection points
(Image: Daniel AJ Sokolov/Court Record)
There is also a suspicion that parts of crypto values that were stolen in 2022 in connection with the bankruptcy of a large crypto exchange were washed via Chipmixer. According to the investigators, transactions in the millions from the Darknet platform Hydra Market could also be proven. ZIT and BKA switched off this platform last April. Hydra Market was the illegal Darknet marketplace with the highest turnover at the time.
Even government customers
The investigation has not yet been completed. The FBI is seeking tips about Chipmixer and its operators, which it is for can give rewards. The fugitive prime suspect, meanwhile, faces charges in the US District Court for Eastern Pennsylvania of money laundering, impersonation and operating an unlicensed financial transaction service. The criminal proceedings are called USA v. Minh Quoc Nguyen, Az. 23-MJ-528.
According to the FBI’s filing with the court, state services have also used Chipmixer. According to the FBI, Russian military intelligence used Chipmixer to launder cryptocurrencies used to pay for infrastructure to run Linux malware Drovorub.
North Korea is said to have laundered loot from both the heist at blockchain game Axie Infinity and the hack of cryptocurrency bridge Harmony Horizon at Chipmixer. Both break-ins are apparently the work of the state-run hacker group Lazaraus/APT38, which illegally procures foreign currency for the Democratic People’s Republic of Korea.
(sigh)
