Written by Tonya Riley

The use of so-called cryptocurrency “mixers,” which combine various types of assets to disguise their origin, peaked at a 30-day average of nearly $52 million worth of digital currency in April, which represents an unprecedented volume of funds flowing through these services, researchers at cryptocurrency research firm Chainalysis have found.

A nearly doubling of funds sent from illicit addresses accelerated the increase, indicating that technology that can obfuscate currency continues to be highly attractive to cybercriminals.

Cryptocurrency mixers work by taking an individual’s cryptocurrency and combining it with a larger pool before returning units equal to the original amount less a service fee to the originating account. As a result, it is more difficult for law enforcement and cryptocurrency analysts to trace the currency.

Blenders are not only used by criminals, but are extremely popular with them. Chainalysis found that 10% of all funds from illicit wallets are sent to mixers, while mixers received less than 0.5% from other sources of funds tracked by the company, including mining projects. decentralized funding.

The bulk of the illicit funds transferred to the mixers came from sanctioned actors, primarily the Russian dark net market Hydra and more recently the Lazarus Group, a group of North Korean state-backed hackers. International law enforcement took down Hydra, which was responsible for 80% of dark web transactions involving cryptocurrency, in May. The US Treasury’s Office of Foreign Assets Control followed with sanctions on more than 100 of its cryptocurrency addresses.

The use of mixers by North Korean state-backed hackers and a popular mixer they used to launder funds made up the rest of the transfers.

North Korean hackers have consistently used financial hacking to circumvent US sanctions, and they’ve been particularly busy this year targeting cryptocurrency companies. The Treasury Department updated its sanctions against the Lazarus Group in April to link the group to a March hack of $620 million in assets from a bridge connecting the Axie Infinity video game to the Ethereum blockchain.

More recently, researchers linked funds stolen by the Lazarus Group from a Harmony blockchain project to the Tornado Cash mixer.

“It shows that the type and type of blender user profile has really evolved from being a petty crime type, a dark net market provider to Russia, or a nation-state actor,” said Kim Grauer, head of research. at Chainalysis.

Financial regulators have taken notice. In May, the Treasury Department sanctioned popular blender Blender.io for processing $20.5 million of the $620 million the Lazarus Group stole from the Axie Infinity project.

The move is something that “would have been unheard of a few years ago,” Grauer said.

An increase in transfers from decentralized finance (DeFi) projects has also contributed to increased use of mixers, Chainalysis notes. State-backed actors have also been known to use DeFi projects as a laundering tool.

Chainalysis researchers and the Treasury Department are careful to note that there are legitimate uses for mixers, such as the anonymity of an oppressive government. However, since most do not comply with US regulations requiring exchanges to know who their customers are, it is easier for criminals to exploit them.

Mixers have a serious weakness, however. The more money criminals inject, the easier it is to track their blender usage. This means hackers are limited in what they can launder before arousing suspicion.

“I think in the long to medium term it’s definitely going to go down just because it’s not sustainable,” Grauer said.

-In this story-

Chainalysis, cryptocurrency, cybercrime, Treasury Department, Hydra, Lazarus Group, mixers, North Korea, privacy, Russia, sanctions, Treasury Department