While countries deliberate cryptocurrency regulations and express concerns regarding money laundering and terror financing, multiple crypto mixing services are operating on the open internet.
Security firm Intel 471 has observed actors relying on crypto mixing services obfuscate the origin of their criminal earnings. Even though public blockchains enable researchers and law enforcement to investigate illicit transactions, criminals use these services to complicate investigations.
What is Crypto Mixing?
‘Crypto Mixing‘, also known as ‘coin mixing’, anonymizes cryptocurrency transactions by exchanging a customer’s coins with completely different coins of equivalent value. The new coins do not have the same identity as the coins received. This process makes the coins harder to track and identify.
Mixing services often communicate with customers anonymously and do not maintain logs of transactions. Cybercriminals/ threat actors first send a sum of cryptocurrency to the service provider’s crypto wallet. The sum joins a pool that consists of the service provider’s own cryptocurrency and that received from other criminals.
According to Intel 471, the initial threat actor’s cryptocurrency then joins the back of the “chain” and the threat actor receives a unique reference number known as a “mixing code” for deposited funds. The threat actor then receives their sum from the mixer’s pool, mixed using the service’s proprietary algorithm. The mixing code ensures that the actor does not receive their own cryptocurrencies.
If a threat actor wants further anonymity, it can send the received sum to numerous wallet addresses to further obfuscate the trail of illicit funds.
Multiple Crypto Mixing Services Operating in the Open
Among the popular crypto mixers that Intel 471 observed were ‘Absolutio’, ‘AudiA6’, ‘Blender’, and ‘Mix-btc’. All of these services had well-established presences on multiple, well-known cybercrime forums. All of them were operational on the open internet and Tor network (except Mix-btc; no Tor).
All of the services had professional-looking websites accessible in English and Russian languages. They suggest their sites serve businesses and individuals interested in protecting their privacy. These services offer mixing services for Bitcoin, Bitcoin Cash, Ethereum, Ethereum Classic, Monero, Tether, Litecoin, etc.
Service Charges and Volume
While the services listed minimum and maximum amounts, they collected a percentage of the total amount to be mixed as transaction fees. According to Intel 471, some services also allow users to choose a dynamic service fee, most likely to make it difficult to tie any funds to a specific crime or individual.
Here’s the service fee of the observed services:
- Absolutio (1%- 30%; dynamic service fees)
- AudiA6 (3%- 5.5%; flat service fee)
- Blender (0.6%- 2.5%; dynamic service fees)
- Mix-btc. (3%- 5.5%; flat service fee)
The services do not share their wallet addresses publicly. However, Intel 471 was able to trace a wallet that Blender used from June 2020 to July 2020. In such a short span of time, the wallet handled bitcoin transactions in excess of 54 bitcoins (about $3.4 million).
Some Ransomware-as-a-service (RaaS) operators also integrated these services into their administrative panels. Any such RaaS operator received 50% of the commission that the mixing service charged.
It’s important to shut down crypto mixing services
Although these services are not yet illegal, they allow cybercriminals to launder money and cash out. Further, such services also help in keeping the trade of illicit goods and services alive. Besides the drug trade, cybercriminals receive huge sums in form of ransomware payments. While imposing sanctions on a crypto exchange for enabling ransomware payments, the U.S. treasury department said that ransomware payments reached over $400 million in 2020.
Earlier in August, an Ohio resident pleaded guilty to charges of money laundering in Columbia’s District Court. Charges against him include laundering more than $300 million through crypto mixing service ‘Helix’. Although the accused admitted that he was aware of the illegal origin of the funds (e.g. drug trade) he was managing, he argued that Bitcoin is not money and hence he could not be guilty of money laundering. The court did not accept his argument.
Similarly, a Delhi Court directed the police to register an FIR against crypto-exchange Binance for failing to maintain necessary safeguards against crypto mixing.