Posted on Leave a comment

Federal police take down dark web cryptocurrency mixing service, ChipMixer, and seize $42M in Bitcoin.

image

The United States Justice Department has coordinated with international law enforcement agencies to dismantle ChipMixer, a darknet cryptocurrency “mixing” service that laundered over $3 billion worth of cryptocurrency from 2017 to the present. This service was used to further ransomware, darknet market, fraud, cryptocurrency heists, and other hacking schemes. The operation resulted in the seizure of two domains that directed users to the ChipMixer service and one Github account by U.S. federal law enforcement. The German Federal Criminal Police (the Bundeskriminalamt) also seized the ChipMixer back-end servers and over $46 million in cryptocurrency.

chip mixer 1024x599 1

Minh Quốc Nguyễn, a 49-year-old resident of Hanoi, Vietnam, was also charged with money laundering, operating an unlicensed money transmitting business, and identity theft related to the operation of ChipMixer.

According to court documents, ChipMixer allowed customers to deposit bitcoin, which was then mixed with other users’ bitcoin, commingling the funds in a way that made it difficult for law enforcement or regulators to trace the transactions. ChipMixer offered numerous features to enhance its customers’ anonymity, servicing many customers in the United States. Nevertheless, ChipMixer did not register with the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) and did not collect identifying information about its customers.

ChipMixer attracted a significant criminal clientele and became indispensable in obfuscating and laundering funds from multiple criminal schemes. Between August 2017 and March 2023, ChipMixer processed:

  • $17 million in bitcoin for criminals connected to approximately 37 ransomware strains, including Sodinokibi, Mamba, and Suncrypt
  • Over $700 million in bitcoin associated with wallets designated as stolen funds, including those related to heists by North Korean cyber actors from Axie Infinity’s Ronin Bridge and Harmony’s Horizon Bridge in 2022 and 2020, respectively
  • More than $200 million in bitcoin associated either directly or through intermediaries with darknet markets, including more than $60 million in bitcoin processed on behalf of customers of Hydra Market, the largest and longest running darknet market in the world until its April 2022 shutdown by U.S. and German law enforcement
  • More than $35 million in bitcoin associated either directly or through intermediaries with “fraud shops,” which are used by criminals to buy and sell stolen credit cards, hacked account credentials, and data stolen through network intrusions
  • Bitcoin used by the Russian General Staff Main Intelligence Directorate (GRU), 85th Main Special Service Center, military unit 26165 (aka APT 28) to purchase infrastructure for the Drovorub malware, which was first disclosed in a joint cybersecurity advisory released by the FBI and National Security Agency in August 2020.

Nguyễn created and operated the online infrastructure used by ChipMixer and promoted ChipMixer’s services online. Nguyễn registered domain names, procured hosting services, and paid for the services used to run ChipMixer through the use of identity theft, pseudonyms, and anonymous email providers. He publicly derided efforts to curtail money laundering, advising customers not to use AML/KYC exchanges and instructing them on how to use ChipMixer to evade reporting requirements.

Deputy Attorney General Lisa Monaco stated that

“Today’s coordinated operation reinforces our consistent message: we will use all of our authorities to protect victims and take the fight to our adversaries. Cybercrime seeks to exploit boundaries, but the Department of Justice’s network of alliances transcends borders and enables disruption of the criminal activity that jeopardizes our global cybersecurity.”

If convicted, Nguyễn faces a maximum of 40 years in prison.

The FBI, HSI Phoenix, and HSI The Hague investigated the case. The U.S. Attorney’s Office for the Eastern District of Pennsylvania is prosecuting the case. German law enforcement authorities also took separate actions today. The FBI’s Legal Attaché in Germany, the HSI office in The Hague, the HSI Cyber Crimes Center, the Justice Department’s Office of International Affairs and National Cryptocurrency Enforcement Team, EUROPOL, the Polish Cyber Police (Centralnego Biura Zwalczania Cyberprzestępczości), and Zurich State Police (Kantonspolizei Zürich) provided assistance in this case.

Geeks talk back