How do Cybercriminals Keep Their Earnings Anonymous? Cryptomixers
Blog / How do Cybercriminals Keep Their Earnings Anonymous? Cryptomixers
2 MIN READ
Money laundering in 2021. Cybercriminals need to keep their money anonymous. Cryptocurrency has enabled threat actors to obtain a greater level of secrecy around their practices and transactions, but cryptomixers have allowed them to become almost untraceable.
Cryptocurrency mixers (AKA cryptomixers or cryptocurrency tumblers) are a service offered to ‘clean’ potentially identifiable or ‘tainted’ cryptocurrency by mixing it with others to obscure the trail back to the fund’s original source.
These services are increasingly being used by cybercriminals to anonymise their deeds in the buying and selling of illegal goods, services, stolen data and underground infrastructure and ransoms received from their victims.
How do they work?
Cryptomixers work by actors sending their illicit cryptocurrency to a wallet address owned by the mixing service’s operator. This is then pooled with other sources of crypto, including those of other cybercriminals, before being spat out to destination addresses.
The actor will then receive the same amount sent to the service provider as a mixed output, minus the service fee. The coins sent are muddled using the mixer’s algorithm to ensure the sender does not receive their own ‘dirty’ funds which could be linked to them.
To increase anonymity, source funds are pooled and mixed for a random period of time, and threat actors can choose to send the ‘clean’ funds to multiple wallet addresses to further obfuscate the trail.
Cryptomixer providers will charge a fee for use of their service, in order to make money. This commission is usually between 1 and 3 percent of the output. The services will also avoid keeping logs of transactions that could potentially help identify users.
In recently published research into cryptomixers by Intel471, several popular cryptomixing providers were identified. Whilst ‘mixing’ cryptocurrency is not currently illegal, the services are most often used by those performing criminal deeds.
The four cryptomixer providers observed by Intel471 were all marketed as privacy protection services, instead of money laundering platforms. Yet all had well-established presences on popular cybercrime forums.
The four providers observed were:
All the services are available on the clear web and 3 of the 4 also operate a Tor service. The majority of cryptocurrencies are supported for mixing, including Bitcoin, Bitcoin Cash, Bitcoin SV, Dash, Ethereum, Ethereum Classic, Litecoin, Monero and Tether cryptocurrencies.
These cryptomixer providers also all had professional-looking sites from which they operated from. This is likely an attempt to make their operations appear more legitimate and attract more clients.
The researchers found a wallet used by Blender between June and July 2020 that handled Bitcoin transactions worth around £2.5 million. Assuming an average commission fee of 1.6 percent, Blender could have earned around £40,000 during that time.
How is law enforcement dealing with cryptomixers?
Cryptomixers currently operate in a legal grey area, with them not currently being intrinsically illegal. This is despite the fact it is commonly known the majority of their income is derived from assisting cybercriminals remain anonymous and earn millions from their illegal operations.
However, there are examples of cryptomixing services being shut down after being found to be laundering illicit funds. The Helix bitcoin mixer was shut down for laundering hundreds of millions of pounds gained from the sale of illegal narcotics.
Similarly, the BestMixer.io domain was seized after police in the Netherlands concluded it had been used to launder at least £150 million worth of Bitcoin for cybercriminals.
Cryptocurrency is still a relatively new concept but cybercriminals are taking advantage of the increased anonymity it provides to earn millions. Cryptomixers aid this considerably and must be clamped down upon.
Previous ArticleUnderstanding the Security Operations Centre
How secure is
How secure is