Crypto ‘Mixer’ Laundered $700M for Clients, Including Russian and North Korean Spies, DOJ Says
An international law enforcement operation has taken down ChipMixer, a dark web “mixer” that helped criminals launder more than $700 million, Europol and other law enforcement agencies announced Wednesday. Among the users were North Korean hackers and Russian spies, according to the Ministry of Justice.
ChipMixer charged a small fee to take in clients’ cryptocurrency and spread it across various accounts, to complicate law enforcement tracking of criminal proceeds, police said. In total, it processed $3 billion, nearly $1 billion of which has been traced to crimes including ransomware incidents and drug sales on the darknet market, the DOJ said.
ChipMixer domains have been taken down, nearly $50 million seized, and the DOJ has charged Minh Quốc Nguyễn, 49, of Hanoi, Vietnam, for allegedly running the service since 2017.
Tom Robinson, founder of cryptocurrency tracking company Elliptic, said it was a “very significant” takedown. “Chipmixer was the largest centralized mixer in operation,” he said Forbes. He pointed to the use of the Lazarus Group, one of North Korea’s most notorious hacking groups, accused of major crypto thefts. That included a breach of Axie Infinity’s Ronin Bridge last year, where $540 million was stolen, and a hack of Harmony’s Horizon Bridge in 2020, when $100 million went missing.
The DOJ also claimed that Russia’s GRU intelligence agency was a ChipMixer user. In a complaint filed on Wednesday against Nguyễn, the agency’s APT28 group, also known as Fancy Bear, “used ChipMixer to obscure the origin of the funds used to purchase infrastructure for their ‘Drovorub’ malware. The Defense Department previously analyzed the malware and said that it was for persistent monitoring of an infected device.Among APT28’s previous victims is the Democratic National Committee (DNC), which was infamously hacked in the run-up to the 2016 election.
According to the FBI, $17 million in ransomware revenue linked to 37 different groups is traced to ChipMixer’s services. Over $800,000 in bitcoin laundered through the mixer was from a ransomware strain known as Sodinokibi, otherwise known as REvil. The most significant breach came in 2021 when it targeted customers of IT software provider Kaseya, with as many as 1,500 businesses breached and $70 million ransom demanded.
“ChipMixer facilitated the laundering of cryptocurrency, specifically bitcoin, on a large international scale, helping nefarious actors and criminals of all stripes evade detection,” said US Attorney Jacqueline Romero. “We cannot and will not allow criminals’ exploitation of technology to threaten our national and economic security.”
But cutting off one head often causes others to grow. The shutdown of ChipMixer is likely to cause users to move to competing platforms, Robinson said. He pointed to Sinbad, which is believed to be a new version of Blender, a mixer also sanctioned for helping North Korea’s Lazarus Group funnel tens of millions in ill-gotten bitcoin. An international law enforcement operation has taken down ChipMixer, a dark web mixer that helped criminals launder more than $700 million, Europol and other law enforcement agencies announced Wednesday. Among the users were North Korean hackers and Russian spies, according to the Ministry of Justice.
ChipMixer charged a small fee to take in clients’ cryptocurrency and spread it across various accounts, to complicate law enforcement tracking of criminal proceeds, police said. In total, it processed $3 billion, nearly $1 billion of which has been traced to crimes including ransomware incidents and drug sales on the darknet market, the DOJ said.
ChipMixer domains have been taken down, nearly $50 million seized, and the DOJ has charged Minh Quốc Nguyễn, 49, of Hanoi, Vietnam, for allegedly running the service since 2017.
Tom Robinson, founder of cryptocurrency tracking company Elliptic, said it was a “very significant” takedown. “Chipmixer was the largest centralized mixer in operation,” he said Forbes. He pointed to the use of the Lazarus Group, one of North Korea’s most notorious hacking groups, accused of major crypto thefts. That included a breach of Axie Infinity’s Ronin Bridge last year, where $540 million was stolen, and a hack of Harmony’s Horizon Bridge in 2020, when $100 million went missing.
The DOJ also claimed that Russia’s GRU intelligence agency was a ChipMixer user. In a complaint filed on Wednesday against Nguyễn, the agency’s APT28 group, also known as Fancy Bear, “used ChipMixer to obscure the origin of the funds used to purchase infrastructure for their ‘Drovorub’ malware. The Defense Department previously analyzed the malware and said that it was for persistent monitoring of an infected device.Among APT28’s previous victims is the Democratic National Committee (DNC), which was infamously hacked in the run-up to the 2016 election.
According to the FBI, $17 million in ransomware revenue linked to 37 different groups is traced to ChipMixer’s services. Over $800,000 in bitcoin laundered through the mixer was from a ransomware strain known as Sodinokibi, otherwise known as REvil. The most significant breach came in 2021 when it targeted customers of IT software provider Kaseya, with as many as 1,500 businesses breached and $70 million ransom demanded.
“ChipMixer facilitated the laundering of cryptocurrency, specifically bitcoin, on a large international scale, helping nefarious actors and criminals of all stripes evade detection,” said US Attorney Jacqueline Romero. “We cannot and will not allow criminals’ exploitation of technology to threaten our national and economic security.”
But cutting off one head often causes others to grow. The shutdown of ChipMixer is likely to cause users to move to competing platforms, Robinson said. He pointed to Sinbad, which is believed to be a new version of Blender, a mixer also sanctioned for helping North Korea’s Lazarus Group funnel tens of millions in ill-gotten bitcoin.
It may also be unlikely that Nguyễn will ever appear in court. The United States has no extradition treaty with Vietnam. Prosecutors have to hope he turns up in a pro-America country to have any chance of getting him to face their charges in person.
Follow me on Twitter. check out my website. Send me a safe tip.