16 March 2023

Police shut down crypto money laundering platform ChipMixer used by hackers and drug dealers


Police shut down crypto money laundering platform ChipMixer used by hackers and drug dealers

An international effort involving law enforcement authorities from the US, Germany, Belgium, Poland and Switzerland has cracked down on the cryptocurrency platform ChipMixer that allegedly helped obfuscate the digital money trail for online drug dealers, as well as Russian and North Korean state-backed hacker groups.

The platform’s infrastructure has been shut down on March 15, with the authorities seizing four servers and about 1909.4 Bitcoins (approx. 44.2 million euros).

“ChipMixer, an unlicensed cryptocurrency mixer set up in mid-2017, was specialised in mixing or cutting trails related to virtual currency assets. The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking, ransomware attacks, and payment card fraud. Deposited funds would be turned into “chips” (small tokens with equivalent value), which were then mixed together - thereby anonymising all trails to where the initial funds originated,” Europol said in a press release.

According to the agency, ChipMixer was also used by ransomware gangs such as Zeppelin, SunCrypt, Mamba, Dharma and Lockbit to launder ransom payments. It is estimated that some 152 000 Bitcoins in crypto assets were laundered through the service, with the large portion of funds connected to darkweb markets, ransomware groups, illicit goods trafficking, procurement of child sexual exploitation material, and stolen crypto assets.

The US authorities have charged Minh Quốc Nguyễn, 49, a Vietnamese man allegedly behind the platform.

The US Department of Justice also alleges that ChipMixer processed more than $700 million in stolen funds, including crypto assets stolen in the hacks of cryptocurrency platforms Ronin Bridge and Horizon Bridge, which were allegedly perpetrated by North Korean state-backed threat actor known as Lazarus Group.

Last May, the US authorities sanctioned virtual currency mixer Blender.io and then in August targeted the mixer Tornado Cash. In mid-August, the Dutch police arrested a 29-year-old developer behind the Tornado Cash service.

Back to the list

Latest Posts

Cyber spies strike Indian government and energy sectors

Cyber spies strike Indian government and energy sectors

The operation involved phishing emails delivering the HackBrowserData info-stealer.
28 March 2024
Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

Spyware makers and state-backed hackers are primary culprits behind rise in zero-day exploits, Google says

97 zero-day flaws were exploited in-the-wild in 2023, marking an increase of over 50% compared to 2022.
27 March 2024
Sophisticated malware campaign targeting end-of-life routers and IoT devices

Sophisticated malware campaign targeting end-of-life routers and IoT devices

A recent campaign targeted over 6,000 ASUS routers in less than 72 hours.
27 March 2024