16 March 2023

Police shut down crypto money laundering platform ChipMixer used by hackers and drug dealers


Police shut down crypto money laundering platform ChipMixer used by hackers and drug dealers

An international effort involving law enforcement authorities from the US, Germany, Belgium, Poland and Switzerland has cracked down on the cryptocurrency platform ChipMixer that allegedly helped obfuscate the digital money trail for online drug dealers, as well as Russian and North Korean state-backed hacker groups.

The platform’s infrastructure has been shut down on March 15, with the authorities seizing four servers and about 1909.4 Bitcoins (approx. 44.2 million euros).

“ChipMixer, an unlicensed cryptocurrency mixer set up in mid-2017, was specialised in mixing or cutting trails related to virtual currency assets. The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking, ransomware attacks, and payment card fraud. Deposited funds would be turned into “chips” (small tokens with equivalent value), which were then mixed together - thereby anonymising all trails to where the initial funds originated,” Europol said in a press release.

According to the agency, ChipMixer was also used by ransomware gangs such as Zeppelin, SunCrypt, Mamba, Dharma and Lockbit to launder ransom payments. It is estimated that some 152 000 Bitcoins in crypto assets were laundered through the service, with the large portion of funds connected to darkweb markets, ransomware groups, illicit goods trafficking, procurement of child sexual exploitation material, and stolen crypto assets.

The US authorities have charged Minh Quốc Nguyễn, 49, a Vietnamese man allegedly behind the platform.

The US Department of Justice also alleges that ChipMixer processed more than $700 million in stolen funds, including crypto assets stolen in the hacks of cryptocurrency platforms Ronin Bridge and Horizon Bridge, which were allegedly perpetrated by North Korean state-backed threat actor known as Lazarus Group.

Last May, the US authorities sanctioned virtual currency mixer Blender.io and then in August targeted the mixer Tornado Cash. In mid-August, the Dutch police arrested a 29-year-old developer behind the Tornado Cash service.

Back to the list

Latest Posts

Cyber security week in review: March 24, 2023

Cyber security week in review: March 24, 2023

The world in brief: BreachForums data breach site shut down, Bitcoin ATM maker General Bytes suffers a $1.5M hack, and more.
24 March 2023
Lionsgate streaming platform exposed data of 37M users

Lionsgate streaming platform exposed data of 37M users

Researchers discovered an unprotected ElasticSearch instance that contained about 20GB of data.
23 March 2023
New stealthy NUIT attack allows to remotely control Siri, Alexa and other smart voice assistants

New stealthy NUIT attack allows to remotely control Siri, Alexa and other smart voice assistants

The technique involves the use of inaudible sounds embedded in regular audio and video files to send malicious commands.
22 March 2023