Authorities seize popular crypto platform ChipMixer, accuse owner of laundering $3 billion in illegal funds
US and European authorities – led by a team of federal investigators from Philadelphia – dismantled what they described Wednesday as the world’s most popular cryptocurrency service used by online drug traffickers, North Korean hackers and Russian military intelligence to launder more than $3 billion in illicit funds. revenue since 2017.
The site – which operated under the name ChipMixer – drew thousands of users from the darker corners of the internet, the US Justice Department said, including parties responsible for a series of headline-grabbing bitcoin heists and recent ransomware attacks that have plagued healthcare. and municipal governments in the United States and abroad.
In addition to seizing two of ChipMixer’s domain names, back-end servers and more than $46 million in cryptocurrency from the service, authorities also charged founder Ming Quoc Nguyen โ a Vietnamese national last known to live in Hanoi โ on Wednesday. They accused him of openly breaking financial rules while disguising his true name under a series of stolen and fictitious identities.
“ChipMixer facilitated the laundering of cryptocurrency, specifically Bitcoin, on a large international scale, helping nefarious actors and criminals of all stripes to avoid detection,” US Attorney Jacqueline C. Romero said in a statement. “We cannot and will not allow criminals’ exploitation of technology to threaten our national and economic security.”
The coordinated law enforcement strike against ChipMixer is the latest in a series of actions by law enforcement agencies worldwide aimed at identifying and shutting down the increasingly sophisticated methods online criminals use to anonymously make off with billions of dollars from their misdeeds.
ยป READ MORE: Tracing Stolen Crypto Is a Booming Business: How Blockchain Scouts Recover Digital Loot
But federal court documents unsealed Wednesday in Philadelphia describe an equally complex, global investigation โ one that began with investigations into ransomware attacks in Eastern Pennsylvania, moved through a series of servers set up under false names in Eastern Europe and ultimately led to Nguyen, 49, who earned a PhD in electronic engineering in Taiwan in 2016, only to launch what would become a vital resource for the electronic underworld in less than a year.
Although ChipMixer’s Service relied on a detailed understanding of the blockchains that underpin the decentralized and anonymous world of cryptocurrency, its core purpose was simple.
“If you want to hide who you are,” Nguyen reportedly wrote, touting his platform on a popular crypto message board in 2017, “ChipMixer is the perfect way.”
Because blockchain transfers are publicly visible and have been used by governments to link supposedly anonymous cryptocurrency transactions back to individual users, mixers like Nguyen’s aim to prevent this by coming up with different streams of potentially identifiable bitcoin or other digital currencies to hide their origins .
Users would deposit bitcoin with ChipMixer, and when they returned to withdraw the money, the service ensured that the total amount was transferred from addresses of other users that cannot be traced back to the original customer.
For example, when a U.S. municipal government — which prosecutors did not identify in court papers Wednesday — paid a $42,500 ransom to cyberattackers who had seized its servers in August 2020, the criminals sent the funds through ChipMixer to ensure they could not be traced back to the source.
And after US and European law enforcement shut down several competitor websites between 2019 and 2021, ChipMixer took over their illegal market share and became a leader in the field, prosecutors said.
Investigators estimate that between 2017 and 2021, the site helped “clean” about $700 million stolen by hackers, $17 million extorted through ransomware attacks and more than $200 million associated with darknet markets selling drugs, stolen identities, malware, hacking tools and fake cash.
One of the biggest sources of those funds, according to authorities, was Hydra Market, the Russian-based marketplace that had been the largest and longest-running illegal online bazaar in the world until US and German authorities shut it down last year.
The platform was also allegedly used to launder approximately $46 million of the $370 million stolen from crypto exchange FTX shortly after it filed for bankruptcy in November, according to crypto analysis firm Elliptic Enterprises Ltd.
Other prolific users, according to prosecutors, included a unit of the Russian military intelligence service, which had previously been linked to attempts to interfere in the 2016 US presidential election. It used ChipMixer, they said, to conceal funds used for to purchase infrastructure for a malware tool it designed and implemented in attacks in 2020.
A North Korean military intelligence group that has been linked to a series of bank and cryptocurrency robberies also laundered about $700 million in stolen bitcoin through the website between 2020 and last year, prosecutors said.
“Criminals have long attempted to launder the proceeds of their illegal activity in a variety of ways,” said Jacqueline Maguire, head of the FBI’s Philadelphia field. “However, technology has changed the game, with a site like ChipMixer and a facilitator like Nguyen enabling bad actors to do it at scale with ease.”
But just as adept as Nguyen was at helping others anonymize their online financial transactions, he proved just as adept, authorities said, at hiding his own involvement.
According to the charging documents in his case, he created and operated the electronic infrastructure used by ChipMixer through a series of domain names and hosting services registered under false names or identities stolen mainly from US residents in the 60s and 70s.
Search warrants for email accounts linked to Nguyen revealed documents filled with passwords, credit card numbers, driver’s license details and other identity documents linked to hundreds of victims.
Despite the charges against him — which included counts of money laundering, identity theft and operating an unlicensed money transfer business that could send him to prison for up to 40 years — Nguyen was not in custody Wednesday, U.S. Justice Department officials said.
His whereabouts remained unknown and attempts to reach him at email addresses listed in his charging documents were unsuccessful.
His website has since gone dark. Where ChipMixer’s logo once appeared alongside boasts of its effectiveness in hiding transactions from law enforcement, a simple banner has replaced it below the logos of US German, Swiss and Polish law enforcement.
It says: “THIS SITE HAS BEEN SEIZED.”
