Cryptomixers are helping hackers to launder ransomware payments

The services enable cyber criminals to anonymously clean proceeds from illicit activities

Cyber criminals are turning to cryptomixing services to hide the proceeds of ransomware activities and make them harder to track by law enforcement. 

That's according to security researchers at IT cyber security firm Intel 471, which reports that cryptomixing services, which mix cryptocurrency transactions from a variety of sources to provide more privacy, are available on the internet and the dark web.

While this is not illegal - cryptomixers are dvertised as adding an extra layer of privacy for cryptocurrency transactions - the researchers found that these services had well-established presences on multiple, well-known cyber crime forums. 

“All of the mixers had professional-looking sites, likely serving as an attempt to make their operations appear more legitimate and attract a wider range of clients,” said Intel 471.

“None of the providers advertised their roles in money laundering, instead preferring to suggest their sites serve businesses using cryptocurrencies and individuals interested in protecting their privacy.”

From a cyber criminals' perspective, these cryptomixers work by sending a sum of cryptocurrency, typically Bitcoin, to a wallet address the mixing service operator owns. This sum joins a pool of the service provider’s own Bitcoins, as well as cryptocurrencies from other cyber criminals using the service. The initial threat actor’s cryptocurrency joins the back of the “chain”, and the threat actor receives a unique reference number known as a “mixing code” for deposited funds. 

“This code ensures the actor does not get back their own 'dirty' funds that theoretically could be linked to their operations. The threat actor then receives the same sum of Bitcoins from the mixer’s pool, muddled using the service’s proprietary algorithm, minus a service fee,” the researchers said.

This can be made more anonymous by criminals by sending this “clean” sum of Bitcoins to numerous wallet addresses to further obfuscate the trail of the illicit funds.

“This makes it more difficult for law enforcement to associate the original “dirty” cryptocurrency with the threat actor,” the researchers added.

Cyber criminals were found to be using four popular cryptomixing services: Absolutio, AudiA6, Blender, and Mix-btc. These cryptomixers can either charge a flat fee or a “dynamic” one, which Intel 471 said is most likely done to “complicate investigations into illicit cryptocurrency funds by altering the amount being laundered at different stages of the process, making it more difficult to tie the funds to a specific crime or individual”.

Researchers said that a thorough understanding of the operational underpinnings of these mixing services is key to comprehending how criminals are laundering the money they earn from their crimes. 

“It’s important to understand how all facets of a ransomware operation works if civil society is to stop the losses inflicted by these schemes,” they said.

Featured Resources

Seven steps to connect and empower your frontline workers

How business leaders can improve communication with a secure platform

Free download

Create what’s next

The future of collaboration and productivity

Free Download

Leveraging the cloud without relinquishing control

Your data. Their cloud.

Free download

Re-architecting for nonstop innovation

Unlocking productivity, scalability, and lower costs for cloud natives

Free Download

Most Popular

How to speed up Microsoft's Windows 11
Microsoft Windows

How to speed up Microsoft's Windows 11

9 Nov 2021
Nike to take customers into the metaverse with 'NIKELAND'

Nike to take customers into the metaverse with 'NIKELAND'

19 Nov 2021
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

12 Nov 2021