Written by Tonya Riley
The use of so-called cryptocurrency “mixers”, which combine different types of assets to disguise their origins, peaked in April at a 30-day average of nearly $52 million worth of digital currencies, representing an unprecedented amount of funds raised by these services. researchers from cryptocurrency research firm Chainalysis discovered.
Nearly doubling the funds sent from illegal addresses accelerated the increase, indicating that technology capable of embezzling currencies remains highly attractive to cybercriminals.
Cryptocurrency mixers work by taking a person’s cryptocurrency and combining it with a larger pool before returning units equal to the original amount minus a service fee to the original account. As a result, it is more difficult for law enforcement and cryptocurrency analysts to trace the currency.
Blenders are not only used by criminals but are also extremely popular with them. Chainalysis found that 10% of all funds from illicit wallets are sent to mixers, while mixers receive less than 0.5% from other sources of funds tracked by the company, including mining projects.
Most of the illicit money transferred to the mixers came from sanctioned actors, primarily Russia’s darknet market Hydra and more recently the Lazarus Group, a group of North Korean state-backed hackers. International law enforcement brought down Hydra, which was responsible for 80% of cryptocurrency dark web transactions, in May. The US Treasury Department’s Office of Foreign Assets Control followed suit with sanctions on more than 100 of its cryptocurrency addresses.
The use of mixers by North Korean state-backed hackers and a popular mixer they used to launder money made up the rest of the transfers.
North Korean hackers have consistently used financial hacking to evade US sanctions, and they’ve been particularly busy targeting cryptocurrency companies this year. The Treasury Department updated its sanctions against the Lazarus Group in April to link the group to a March hack of $620 million in assets of a bridge connecting the Axie Infinity video game to the Ethereum blockchain.
More recently, researchers linked money stolen by the Lazarus Group from a Harmony blockchain project to the Tornado Cash mixer.
“It shows that the blender user profile type and type has really evolved from some kind of petty crime, darknet market provider to Russia or a nation-state,” said Kim Grauer, head of research. at chain analysis.
Financial regulators have taken note. In May, the Treasury Department approved the popular blender Blender.io to process $20.5 million of the $620 million the Lazarus Group stole from the Axie Infinity project.
The move is something that “would have been unheard of a few years ago,” Grauer said.
An increase in transfers from decentralized finance projects (DeFi) has also contributed to an increased use of mixers, Chainalysis notes. State-backed actors have also been known to use DeFi projects as money laundering agents.
Chainalysis researchers and the Treasury Department are keeping an eye out for legitimate uses for mixers, such as the anonymity of an oppressive government. However, because most do not comply with US regulations that require exchanges to know who their customers are, it is easier for criminals to exploit them.
Mixers, however, have a serious weakness. The more money criminals inject, the easier it is to track their blender usage. This means that hackers are limited in what they can launder before raising suspicion.
“I think in the long to medium term it will definitely go down just because it’s not sustainable,” Grauer said.
-In this story-
Chainalysis, cryptocurrency, cybercrime, Treasury Department, Hydra, Lazarus Group, mixers, North Korea, privacy, Russia, sanctions, Treasury Department