Bad actors in North Korea, Russia sent record funds to crypto mixers
Despite the volatility of cryptocurrencies, bad actors sent a record amount of money to services that obscure the source and destination of digital assets, according to research by a blockchain analytics firm.
The total amount sent to cryptocurrency mixers reached a record high of $51.8 million in April 2022, including a significant portion from sanctioned and state-backed players, a report last week by Chainalysis showed. The blockchain analytics firm tracked a 30-day moving average of all funds sent to mixers over time, and found April’s number to be roughly double the value from the same period last year.
“This spike is 100% related to North Korean hacking,” Kim Grauer, head of research at Chainalysis, said in an interview with Discard. “A hacking incident is not a trend, it’s a one-off,” he said. “And so, whereas with other types of crime like the darknet market or fraudulent activity, you can see consistent use over time, the hacking happens in an instant and the money laundering happens almost as quickly.”
“This spike is 100% to do with North Korean hacking.”
– Kim Grauer, head of research at Chainalysis
Mixers allow clients to add their cryptocurrency to a common pool and withdraw the same amount minus a fee in different tokens than the ones they contributed. This makes it extremely difficult to trace the flow of money, which makes it very attractive to those engaged in illegal activity in an industry where everything is recorded on the blockchain.
“Mixers are a tool for cybercriminals trading in cryptocurrency, and therefore one of the most important types of cryptocurrency services for investigators and compliance professionals to understand,” the Chainalysis team said in the report.
See related article: Hold on to your crypto bags, the regulators are coming
The blockchain analytics firm found funds originating from illegal addresses accounted for 23% of all funds sent to mixers in the first half of this year, compared to just 12% throughout 2021. Furthermore, the report identified that almost 10% of all illicit funds are sent through a mixer service, while no other type of service reached more than a mixer sending share of 0.3%.
“Because of the gravity of the situations and the bad actors involved, it’s really become almost overwhelming that law enforcement has to deal with this problem,” Grauer said.
The laundry
When the Ronin sidechain was hacked in March for $600 million, the hackers moved at least 500 Ether worth about $1.5 million at the time through Ethereum mixer Tornado Cash in the days immediately following the hack.
The Ronin sidechain hosts the popular play-to-earn game Axie Infinity, and the hack of 173,000 Eth and 25.5 million USDC was among the largest ever recorded in the industry.
“They have exploited the fundamental value of cryptocurrency,” Grauer said, explaining that many criminals use crypto to circumvent know-your-customer (KYC) requirements. “If anything, it just proves the value [proposition] of crypto, which is that it is very efficient at moving money around the world instantly.”
Illegal activity accounted for $14 billion worth of transactions in 2021 – a 44% increase from the previous year, according to Chainalysis’ 2022 Crypto Crime Report. But when taking into account the growth of the crypto industry as a whole, these fraudulent transactions make up 0.2% of the total, which is a 75% drop from the previous year.
The recent rise of mixers as a service shows that this recent surge in their use may just be the beginning, said Bryan Tan, a Singapore-based partner at law firm Reed Smith LLP, who specializes in transactions and anti-money laundering in the digital asset industry , told Discard in an interview.
“People usually want to test these tools before committing to large amounts of money,” Tan said. “And what you’ll see is that over time, more and more funding will be sent to such tools as people become more aware.”
See related article: Hackers Received $602 Million in Cryptocurrency Ransoms in 2021: Report
While crypto may allow bad actors to bypass KYC requirements, it also records all transactions on the blockchain, leading bad actors to use mixers to try to cover their tracks.
However, this perception of security can grow increasingly detached from reality; Grauer says Chainalysis is getting better at “de-mixing” these transactions and is working closely with law enforcement agencies to aid investigations where possible.
Grauer declined to share Chainalysis’ methods of unmixing.
Money spinner
Bad actors can also use mixers on the front end of their attacks.
In January, non-fungible token (NFT) marketplace OpenSea suffered a front-end attack worth 332 Eth (US$800,000 at the time), carried out using wrapped wETH initially sent through Tornado Cash.
What is different this year is the emergence of sanctioned and/or state actors using these services.
Nearly $500 million was sent from sanctioned addresses in the second quarter of 2022, more than 50% of which came from one source alone — the Russian darknet marketplace Hydra, Chainalysis said. This group was sanctioned in April 2022 for selling drugs, conducting money laundering, cryptocurrency theft and ransomware attacks, it added.
Another 48.8% was sent by two groups affiliated with the North Korean government: Lazarus Group and Blender.io.
The Lazarus Group is a cybercrime organization acting on behalf of the North Korean government that is believed to have stolen more than $1 billion this year alone, while Blender.io is a mixer itself linked to both the Lazarus Group and the North Korean government.
However, despite their continued use in criminal activity, mixers are not illegal.
The US Financial Crimes Enforcement Network (FinCEN) has determined that mixers are money transmitters under the Bank Secrecy Act, forcing them to maintain an anti-money laundering and reporting regime.
In 2020, FinCEN penalized Bitcoin mixers Helix and Coin Ninja for operating unregistered money services businesses. While in 2021, the US Department of Justice arrested and charged the operator of Bitcoin Fog with money laundering and operating an unlicensed money transfer business, and money transfer without a license.
As with many areas of the crypto industry, regulation can be difficult when trying to apply legislation across borders and often with anonymous parties. A body that may be positioned to take effective action could be the Financial Action Task Force (FATF), an international agency focused on setting anti-money laundering and terrorist financing standards.
“We have seen in the last couple of years that the FATF is now making fairly frequent recommendations – particularly on crypto regulation – and the willingness of the financial hubs [like] Singapore, Hong Kong, Switzerland following these recommendations would actually be pretty quick these days,” Reed Smith’s Tan said.
The European Union has also recently passed legislation that may limit the effectiveness of blenders; last month, it expanded the eurozone’s “travel rule” to require information about the source and recipient of cryptoassets to be sent with the transaction and then stored.
Under these new rules, cryptoasset service providers will be required to provide this information to authorities if an investigation into money laundering or terrorist financing is conducted.
According to the report, no KYC requirements exist for mixer operators, but given the focus on privacy in the industry, such a requirement would likely make the services quite unattractive to many customers.
The report concludes that any regulation approaching mixers must strike a difficult balance between protecting the right to digital privacy they offer, while addressing their clear utility for illegal activity.
“We encourage stakeholders in both the private and public sectors to collaborate on how to manage the risks associated with mixers, and stand ready to provide all the data necessary to make these engagements as productive as possible,” the report concluded.
