Darknet cryptocurrency mixer, ChipMixer has been shut down as a result of a sting conducted by Europol, the FBI, and German police, which investigated servers, and internet domains and seized $46 million worth of cryptocurrency.
During the raid, it was discovered that wallets connected to North Korean cybercriminals and Russian intelligence services had evidence of digital currencies.
The US criminal prosecutors have booked a Vietnamese man they claim to have run the service since its August 2017 creation. Potentially contaminated funds are gathered by mixers and sent at random to destination wallets.
Minh Quoc Nguyen, 49, of Hanoi has been accused of money laundering, operating an unlicensed money-transmitting business, and identity theft. The FBI has included him on the wanted criminal list.
Criminals laundering more than $700 million in bitcoin from wallets identified as stolen funds, including money taken by North Korean hackers from Axie Infinity's Ronin Bridge and Harmony's Horizon Bridge, were among the service's customers.
It has also been reported that APT28, the Russian military intelligence, and Fancy Bear also utilized ChipMixer in order to buy infrastructure used from Kremlin Drovorub malware. Moreover, according to Europol, the Russian RaaS group LockBit was also a patron.
ChipMixer joins a relatively small group of crypto mixers that have been shut down or approved, enabling criminals to conceal the source of the cryptocurrency obtained illegally. The list presently includes Blender.io, which was probably renamed and relaunched as Sinbad, and Tornado Cash, a favorite of cybercriminals that helped hackers launder more than $7 billion between 2019 and 2022.
The Federal Criminal Police Office of Germany seized two ChipMixer back-end servers and more than $46 million in cryptocurrencies, while American investigators seized two web domains that pointed to the company.
According to court documents, ChipMixer has enabled customers to deposit Bitcoin, which would then be mixed with other users’ Bitcoin in order to anonymize the currency.
Court records state that ChipMixer allowed users to deposit Bitcoin, which was then combined with Bitcoin from other users to make the currency anonymous. But, this mixer took things a step further by converting the deposited money into tiny tokens with an equal value called "chips," which were then combined, further anonymizing the currencies and obscuring the blockchain trails of the funds. This feature of the platform is what attracted so many criminals.
The domain now displays a seizure notice, stating: “This domain has been seized by the FBI in accordance with a seizure warrant.”
“Together, with our international partners, we are firmly committed to identifying and investigating cybercriminals who pose a serious threat to our economic security by laundering billions of dollars’ worth of cryptocurrency under the misguided anonymity of the darknet,” adds Scott Brown, special agent in charge of Homeland Securities Investigations (HSI) Arizona.