Europol Takes Down Illegal Crypto Mixing Laundering Service Used by Ransomware Actors
A cryptocurrency mixing service used by criminals to launder the proceeds from their illegal activities has been shut down by Europol, Eurojust, and law enforcement agencies in Switzerland and Germany.
Cybercriminals, such as ransomware actors, typically receive payment for their attacks in cryptocurrency. Cryptocurrency transactions are not anonymous, as all transactions are recorded on the public blockchain and can be traced to the wallets receiving the funds. That means the proceeds from cybercrime can be traced to individuals if the wallet address is linked to a real-world identity. Cybercriminals use cryptocurrency mixing services to launder the proceeds from their attacks, then redirect their anonymized funds to cryptocurrency exchanges to cash out.
The law enforcement operation was a week-long effort – Operation Olympia – between November 24 and November 26, targeting Cryptomixer, an illegal cryptocurrency mixing service that law enforcement agencies have been trying to shut down since its creation in 2016. According to Europol, Cryptomixer was the mixing service of choice for cybercriminals, and was used by ransomware gangs, payment card fraudsters, drug and weapons traffickers, and nation state hackers such as North Korea’s Lazarus Group to launder funds from their illegal activities. Since 2016, more than €1.3 billion in Bitcoin ($1.5 billion) has passed through Cryptomixer infrastructure.
Funds were deposited in the mixing service, pooled for a long and randomized period, then redistributed to destination addresses at random times. Mixing services such as Cryptomixer make pseudonymous cryptocurrency transactions anonymous, concealing the origin of cryptocurrency by making it difficult to trace specific coins, allowing cybercriminals to launder funds from their activities without the risk of being identified. More than €25 million ($28 million) in Bitcoin was confiscated, three servers in Switzerland and the cryptomixer.io clear web domain were seized, along with more than 12 terabytes of data.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
The operation was part of a broader international effort by law enforcement agencies to tackle cybercrime by targeting the services that cybercriminals use to hide their financial transactions. Operation Olympia mirrors a similar effort in 2023 by Europol and law enforcement agencies in the United States and Germany that resulted in the seizure of the infrastructure behind the ChipMixer mixing service, which at the time was the go-to mixing service for cybercriminals, through which more than $3 billion in cryptocurrency had passed. In that operation, as well as seizing the infrastructure, more than $50 billion in Bitcoin was confiscated.
