ChipMixer platform seized for laundering ransomware payments, drug sales

An international law enforcement operation has seized the cryptocurrency mixing service ‘ChipMixer’ which is said to be used by hackers, ransomware gangs, and scammers to launder their proceeds.

The operation was conducted by Europol in coordination with law enforcement in Germany (BKA) and the United States (FBI), allowing the police to seize four servers, 7 TB of data, and $46.5 million worth of cryptocurrency (Bitcoin).

This operation makes it the largest seizure of cryptocurrency assets by the BKA to date.

ChipMixer has been one of the largest cryptocurrency mixing platforms operating on the dark web since 2017, allowing users to convert their money into untraceable “chips,” which are then cashed out on “clean” cryptocurrency addresses that can be converted to FIAT money.

As the police seized infrastructure, including the operation’s Tor dark web servers, visitors to the platform will now see a seizure banner from Germany’s Federal Criminal Police Office Bundeskriminalamt (BKA).

BKA seizure banner
BKA seizure banner
Source: BleepingComputer

Cryptocurrency mixing platforms, otherwise known as “tumblers,” receive digital assets from users and add them to a massive pool of cryptocurrency containing other people’s coins.

These coins are then “mixed” by shuffling the cryptocurrency between many new wallet addresses, boosting the privacy and anonymity of transactions and cryptocurrency holders. For this activity, the mixing service takes a fee, which could be a flat rate or a percentage of the mixed amount.

While legitimate use cases exist for such services, they are predominately  looking to , and this was  with ChipMixer too.

“The investigation into the criminal service suggests that the platform may have facilitated the laundering of 152 000 Bitcoins (worth roughly EUR 2.73 billion in current estimations) in crypto assets,” reads the .

“A large share of this is connected to dark web markets, ransomware groups, illicit goods trafficking, procurement of child sexual exploitation material, and stolen crypto assets.”

The authorities found further ties to illegal activity to ChipMixer service that arose from examining seized infrastructure from the dark web market Hydra, which the German police .

Ransomware groups confirmed to have used ChipMixer to launder their ransoms include LockBit, Zeppelin, SunCrypt, Mamba, and Dharma.

Additionally, there are indications that ChipMixer aided in laundering the assets stolen from a large cryptocurrency exchange following its bankruptcy last year. However, authorities are still investigating on that front.

In a post published today,  that the primary operator of ChipMixer has been identified, and the FBI is already on a manhunt to bring him in front of justice. 

Additionally, a reward is now offered via the U.S. DoJ “Rewards for Justice” program.