New Report Shows Criminals Are Mixing Crypto Streams to Conceal Revenue

New Report Shows Criminals Are Mixing Crypto Streams to Conceal Revenue
Photo: Chat Karen Studio, Shutterstock

When crypto transactions remain transparent on the blockchain, just how hard is it to conceal when digital currency is trading hands in a not-so-legal fashion?

Well, to that point, how hard is it to launder your crypto? A new report said online criminals are the main demographic using services that make crypto transactions less traceable. Mixers, AKA tumblers, are a tool that collects funds distributed by multiple users and then jumbles them up before lettering each user to withdraw the original amount they put in, minus a service fee.

A new report from crypto analysis firm Chainalysis released Friday shows that by far the greatest share of funds sent to mixers was by “illicit addresses.” Close to 10% of all funds sent to mixers were from these supposed cybercriminals compared to just less than .3% mixer usage among different addresses such as P2P exchanges and gambling platforms.

And it’s gotten worse this year. Those illicit addresses, accounted for 23% of all funds sent to mixers in 2022. These illicit funds came from sources such as scams, stolen funds, fraud shops and more. The report’s authors note many of these services don’t require much in the way of customer identification. Multiple sanctioned entities like the Lazarus Group, a North Korea-connected crew allegedly responsible for the $US625 ($868) million Axie Infinity hack, accounted for 30% of all sanctioned entities who sent funds to mixers this year. The Russian darknet marketplace Hydra accounted for over 50% of funds sent to mixers. Hydra has been noted for its involvement in crypto thefts, ransomware, and more.

The report noted North Korean-affiliated cybercriminals were using mixers to try and conceal the most amount of funds compared to any other group.

Of course, not all people using mixers are inherently doing criminal activity, especially since transactions on the blockchain are public and, after a good deal of effort, traceable. Folks trying to hide their transactions from oppressive governments could find the extra privacy provided by anonymous mixers useful. It’s also important to note that mixers do not work as well for criminals who try to launder larger pots of funds, since inevitably some of the crypto a user puts into a mixer, if its more than other users, will be some of the coins that they started with.

However, as Chainalysis notes, “the data shows that mixers currently pose a significant money laundering risk, with 25% of funds coming from illicit addresses, and that cybercriminals associated with hostile governments are taking advantage.”

There are different kinds of mixers, but long story short, those using these services for illicit purposes prefer those that aren’t centralised enough to record who put their coins in and who took them out. Mixers themselves are considered “money transmitters” by the Financial Crimes Enforcement Network, the U.S. agency that tracks financial crimes for the Treasury department. The report points out some mixer services have been called out for illicit activity. Federal prosecutors charged Bitcoin Fog with money laundering for allegedly operating an unlicensed transmitting service on the darknet.

“We aren’t aware of any mixers currently following rules related to [Know Your Customer] processes, source of funds checks, and other basic customer identification and due diligence regulations that [money service businesses] are subject to in most jurisdictions,” the report stated.

Despite the price of crypto remaining far lower than its mid-2021 peak, the rate of crypto crimes has only increased. Web3 security firm CertiK quarter 2 report released July 7 showed that crypto scene had lost over $US2 ($3) billion from April through June, where $US870 ($1,208) million of that hit was due to hacks and exploits. The loss in the first half of the year is more than all of 2021 combined.

The security report notes that two of the most common attacks are flashloans and phishing scams conducted mostly on platforms like Discord or Telegram, which don’t have any Twitter-like “verified account” systems in place.

And what does that bid for the rest of the year? CertiK’s report forecasted a 223% increase in funds lost from attacks compared to last year. So I guess we’re all looking forward to that.