Money Laundering on the Dark Web: German Federal Criminal Police Office Shuts Down Cryptocurrency Mixer Chipmixer

German investigators have successfully cracked down on one of the largest money laundering services on the Dark Web. As announced by Germany's Federal Criminal Police Office (BKA) on Wednesday, they seized four servers of the "Chipmixer" platform based in Germany together with the Attorney General's Office in Frankfurt am Main, seizing about 7 terabytes of data and the current value of bitcoins equivalent to about 44 million euros (about 1909.4 Bitcoins).

For investigators, this is a huge success: it is the largest number of cryptocurrency assets seized by BKA to date.

Cryptocurrency Mixer Chipmixer

ChipMixer is an unlicensed cryptocurrency mixer founded in mid-2017 that specializes in mixing or cutting services related to virtual currency assets.ChipMixer software blocks the blockchain trail of funds, making it attractive to cybercriminals looking to launder illicit proceeds from criminal activities such as drug trafficking, arms trafficking, ransomware attacks, and payment card fraud. Deposited funds are turned into "chips" (small tokens of equal value), which are then blended together - thus anonymizing the trail of all initial funding sources.

ChipMixer is a service available on both the open and dark web, offering their customers complete anonymity. This type of service is typically used before criminals transfer laundered cryptocurrency assets to cryptocurrency exchanges, some of which also serve organized criminal activity. At the end of the laundering process, the "cleaned" cryptocurrencies can be easily exchanged for other cryptocurrencies or directly into fiat currency via ATMs or bank accounts.

Here's how Chipmixer works: deposited cryptocurrency assets are divided into small, uniform amounts - so-called "chips". These chips are then mixed together to disguise the origin of the funds. Because Bitcoin, Ether, and most other public blockchains are transparent, this form of "privacy" is difficult to achieve. In this way, Chipmixer assures its customers of complete anonymity.

The dark web marketplace Hydra Market and the collapsed exchange FTX are among Chipmixer's "customers"

BKA estimates that since 2017, Chipmixer has laundered approximately 152,000 bitcoins or €2.73 billion in cryptocurrency assets, a significant portion of which are linked to dark web marketplaces, ransomware syndicates, illicit commodity trafficking, the procurement of child sexual exploitation material, and stolen crypto assets.

Among other things, investigators are looking into the suspicion that some of the cryptocurrency stolen from the insolvent U.S. cryptocurrency exchange FTX, which filed for bankruptcy last November and caused a huge shockwave in the cryptocurrency market, was also laundered here.

Police have found that the dark web platform "Hydra Market" laundered millions of euros worth of transactions through Chipmixer, the illegal dark web marketplace that BKA shut down in April 2022 for trafficking drugs, stolen data, or forged documents. Ransomware participants such as Mamba, Dharma, or Lockbit also use Chipmixer's services to launder the ransoms they receive.

Cryptocurrency Mixer builds anonymity

The cryptocurrency mixer service itself is not illegal. By mixing the cryptocurrencies of many users to disguise the origin and ownership of funds, mixers create anonymity, a kind of "financial privacy" that is also important for people living under repressive regimes.

However, BKA generally warns against the use of cryptocurrency blenders because these services may support money launderers. Users should rather rely on approved cryptocurrency exchanges that comply with money laundering regulations.

Criminals are particularly interested in blenders because they can use them to disguise the connection between the cryptocurrency wallets holding funds derived from hacks and frauds and the wallets used to exchange them for fiat currency. In this way, they can avoid triggering money laundering warnings.

U.S. authorities are cracking down

According to cryptographic forensics experts at Chainalysis, nearly a quarter of the $7.8 billion that passed through blenders in 2022 was used for illicit purposes. For some time, U.S. authorities have been particularly concerned about these services.

In May 2022, the U.S. Treasury Department's Office of Foreign Assets Control (OFAC) imposed sanctions on crypto blender Blender.io, followed by sanctions on ethereal blender TornadoCash in August. Both have been linked to North Korean hackers, who, according to the FBI, have carried out multiple cryptocurrency hacks. The use of both blenders has since been banned and prosecuted.

Back in 2021, the U.S. Department of Justice (DoJ) arrested the operator of Bitcoin Fog and charged him with money laundering, among other charges. The operator of Bitcoin Mixer Helix admitted to the money laundering conspiracy and agreed to have over 4,400 Bitcoins confiscated.

BKA Wants Further Investigation to Track

There was also close communication between the BKA, the Department of Justice, the FBI, the Department of Homeland Security, and Europol during the investigation of Chipmixer.

Apparently, no arrests were made in Germany. However, the alleged prime suspect was identified and placed on a wanted list by the FBI, and a reward was offered for his head. The German Federal Criminal Police Office now wants to use the confiscated data set to develop further investigative methods to advance further investigations into cybercrime.

Europol facilitates the exchange of information between national authorities and supports the coordination of operations. Europol also provides analytical support, linking available data to various criminal cases within and outside the EU, and supporting investigations through operational analysis, encrypted tracing, and forensic analysis. Europol's Joint Cybercrime Action Task Force (J-CAT) also supports the operation. This permanent action group consists of cybercrime liaison officers from different countries who work on high-profile cybercrime investigations.

National authorities involved

Belgium: Federal Police
Germany: Federal Criminal Police Office and Frankfurt Office of the Attorney General
Poland: Central Cybercrime Bureau
Switzerland: Cantonal Police of Zurich
United States: Federal Bureau of Investigation, Homeland Security Investigations, Department of Justice