Cryptocurrency 'mixers' see record transactions from sanctioned actors

North Korean flags blow outside an apartment building. Lazarus Group, a broad set of suspected North Korean hackers, is behind Operation Sharpshooter, according to McAfee. (Flickr user (stephan))

Share

Written by

Use of so-called cryptocurrency “mixers,” which combine various types of assets to mask their origin, peaked at a 30-day average of nearly $52 million worth of digital currency in April, representing an unprecedented volume of funds moving through those services, researchers at cryptocurrency research firm Chainalysis found.

A near two-fold increase in funds sent from illicit addresses has accelerated the increase, indicating that the technology that can obfuscate the currency continues to be highly attractive to cyber criminals.

Cryptocurrency mixers work by taking an individual’s cryptocurrency and combining it with a larger pool before returning units equivalent to the original amount minus a service fee to the original account. As a result, it makes it harder for law enforcement and cryptocurrency analysts to trace the currency.

Mixers aren’t solely used by criminals, but they are extremely popular with them. Chainalysis found that 10% of all funds from illicit wallets are sent to mixers, while mixers received less than .5% of the share of other sources of funds tracked by the firm, including decentralized finance projects.

The bulk of illicit funds transferred to mixers came from sanctioned actors, primarily Russian dark net market Hydra and more recently the Lazarus Group, a group of North Korean state-backed hackers. International law enforcement took out Hydra, which had been responsible for 80% of dark web transactions involving cryptocurrency, in May. The U.S. Treasury’s Office of Foreign Assets Control followed with sanctions on more than 100 of its cryptocurrency addresses.

The use of mixers by North Korea state-backed hackers and a popular mixer they employed to launder funds made up the rest of the transfers.

North Korean hackers have consistently used financial hacking to get around U.S. sanctions and they have been especially busy this year targeting cryptocurrency firms. The Treasury Department updated its sanctions against the Lazarus Group in April to link the group to a March hack of $620 million worth of assets from a bridge connecting the Axie Infinity video game with the Ethereum blockchain.

More recently, researchers tied funds stolen by the Lazarus group from a blockchain project Harmony to the mixer Tornado Cash.

“It shows that the type and the type of profile of the user of the mixer has really evolved away from the kind of small crime, dark net marketplace vendor to the Russia or a nation-state actor,” said Kim Grauer, head of research at Chainalysis.

Financial regulators have taken note. The Treasury Department in May sanctioned popular mixer Blender.io for processing $20.5 million of the $620 million the Lazarus group stole from the Axie Infinity project.

The move is something that “would have been unheard of a few years ago,” said Grauer.

An increase in transfers from Decentralized Finance (DeFi) projects also contributed to an increase use of mixers, Chainalysis notes. State-backed actors have also been known to use DeFi projects as a laundering tool.

Both Chainalysis researchers and the Treasury Department are careful to note that there are legitimate uses for mixers, such as anonymity from an oppressive government. However, because most don’t follow U.S. regulations requiring that exchanges know who their customers are, it’s easier for criminals to exploit them.

Mixers come with one serious weakness, however. The more that criminals pump in funds, the more easily their mixer usage can be tracked. That means that hackers are limited in what they can launder before raising suspicion.

“I think in the long to medium term, it’s definitely going to reduce just because it’s not sustainable,” said Grauer.

-In this Story-

Chainalysis, cryptocurrency, cybercrime, Department of Treasury, Hydra, Lazarus Group, mixers, North Korea, privacy, Russia, sanctions, Treasury Department
TwitterFacebookLinkedInRedditGmail