German and US authorities, supported by Europol, have targeted ChipMixer, a cryptocurrency mixer well-known in the cybercriminal underworld. The investigation was also supported by Belgium, Poland, and Switzerland. National authorities took down the infrastructure of the platform for its alleged involvement in money laundering activities and seized four servers, about 1909.4 Bitcoins in 55 transactions (approx. €44.2 million), and 7 TB of data.

ChipMixer, an unlicensed cryptocurrency mixer set up in mid-2017, specialized in mixing or cutting trails related to virtual currency assets. The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking, ransomware attacks, and payment card fraud. Deposited funds would be turned into “chips” (small tokens with equivalent value), which were then mixed - thereby anonymizing all trails to where the initial funds originated.

A service available both on the clear and on the dark web, ChipMixer offered full anonymity to their clients. This type of service is often used before criminals’ laundered crypto assets are redirected to cryptocurrency exchanges, some of which are also in the service of organized crime. At the end of the process, the ‘cleaned’ crypto can easily be exchanged into other cryptocurrencies or directly into FIAT currency through ATM or bank accounts.

The investigation into the criminal service suggests that the platform may have facilitated the laundering of 152 000 Bitcoins (worth roughly €2.73 billion in current estimations) in crypto assets. A large share of this is connected to dark web markets, ransomware groups, illicit goods trafficking, procurement of child sexual exploitation material, and stolen crypto assets. Information obtained after the takedown of the Hydra Market dark web platform uncovered transactions in the equivalent of millions of euros.

Ransomware actors such as Zeppelin, SunCrypt, Mamba, Dharma, or Lockbit have also used this service to launder ransom payments they have received. Authorities are also investigating the possibility that some of the crypto assets stolen after the bankruptcy of a large crypto exchange in 2022 were laundered via ChipMixer.