International Agencies Shutter Cryptocurrency Mixing Service Tied to Ransomware


Tyler Cross Tyler Cross
Published on: March 17, 2023
International Agencies Shutter Cryptocurrency Mixing Service Tied to Ransomware

A joint international law enforcement operation has successfully dismantled ChipMixer, a darknet cryptocurrency mixing service responsible for laundering over $3 billion in cryptocurrency tied to ransomware, darknet markets, fraud, and hacking schemes since 2017.

The coordinated efforts of US federal law enforcement and the German Federal Criminal Police (Bundeskriminalamt) led to the seizure of two domains directing users to the ChipMixer service, one Github account, and the confiscation of the service’s back-end servers, along with over $46 million in cryptocurrency.

The operation also resulted in the arrest of Minh Quốc Nguyễn, a 49-year-old Vietnamese national, in Philadelphia. He has been charged with money laundering, operating an unlicensed money-transmitting business, and identity theft in connection with ChipMixer. If convicted, Nguyễn could face up to 40 years in prison.

Court documents reveal that ChipMixer was a popular platform for criminals looking to launder illicit funds. The service allowed users to deposit bitcoin and mix it with other users’ bitcoin, making it difficult for regulators and law enforcement to trace transactions. ChipMixer operated without registering with the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and did not collect identifying information about its customers.

Between August 2017 and this March, ChipMixer processed a variety of funds from criminal activities, including $17 million tied to 37 ransomware strains, over $700 million in stolen funds, more than $200 million associated with darknet markets, and over $35 million connected to fraud shops.

Deputy Attorney General Lisa Monaco and FBI Deputy Director Paul Abbate emphasized their departments’ dedication to fighting cybercrime and protecting victims. Both officials stressed the importance of collaboration between law enforcement partners in countering cybercriminal activity.

“This morning, working with partners at home and abroad, the Department of Justice disabled a prolific cryptocurrency mixer, which has fueled ransomware attacks, state-sponsored crypto-heists and darknet purchases across the globe,” said Monaco. “Today’s coordinated operation reinforces our consistent message: we will use all of our authorities to protect victims and take the fight to our adversaries. Cybercrime seeks to exploit boundaries, but the Department of Justice’s network of alliances transcends borders and enables disruption of the criminal activity that jeopardizes our global cybersecurity.”

Nguyễn, the alleged operator of ChipMixer, is accused of creating and maintaining the service’s online infrastructure using identity theft, pseudonyms, and anonymous email providers. He registered domain names and procured hosting services to support ChipMixer’s operations. In online posts, Nguyễn criticized anti-money laundering efforts and advised users on how to evade reporting requirements.

Latest Intelligence