International Agencies Shutter Cryptocurrency Mixing Service Tied to Ransomware

Tyler Cross
Tyler Cross Senior Writer
Tyler Cross Tyler Cross Senior Writer

A joint international law enforcement operation has successfully dismantled ChipMixer, a darknet cryptocurrency mixing service responsible for laundering over $3 billion in cryptocurrency tied to ransomware, darknet markets, fraud, and hacking schemes since 2017.

The coordinated efforts of US federal law enforcement and the German Federal Criminal Police (Bundeskriminalamt) led to the seizure of two domains directing users to the ChipMixer service, one Github account, and the confiscation of the service’s back-end servers, along with over $46 million in cryptocurrency.

The operation also resulted in the arrest of Minh Quốc Nguyễn, a 49-year-old Vietnamese national, in Philadelphia. He has been charged with money laundering, operating an unlicensed money-transmitting business, and identity theft in connection with ChipMixer. If convicted, Nguyễn could face up to 40 years in prison.

Court documents reveal that ChipMixer was a popular platform for criminals looking to launder illicit funds. The service allowed users to deposit bitcoin and mix it with other users’ bitcoin, making it difficult for regulators and law enforcement to trace transactions. ChipMixer operated without registering with the US Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and did not collect identifying information about its customers.

Between August 2017 and this March, ChipMixer processed a variety of funds from criminal activities, including $17 million tied to 37 ransomware strains, over $700 million in stolen funds, more than $200 million associated with darknet markets, and over $35 million connected to fraud shops.

Deputy Attorney General Lisa Monaco and FBI Deputy Director Paul Abbate emphasized their departments’ dedication to fighting cybercrime and protecting victims. Both officials stressed the importance of collaboration between law enforcement partners in countering cybercriminal activity.

“This morning, working with partners at home and abroad, the Department of Justice disabled a prolific cryptocurrency mixer, which has fueled ransomware attacks, state-sponsored crypto-heists and darknet purchases across the globe,” said Monaco. “Today’s coordinated operation reinforces our consistent message: we will use all of our authorities to protect victims and take the fight to our adversaries. Cybercrime seeks to exploit boundaries, but the Department of Justice’s network of alliances transcends borders and enables disruption of the criminal activity that jeopardizes our global cybersecurity.”

Nguyễn, the alleged operator of ChipMixer, is accused of creating and maintaining the service’s online infrastructure using identity theft, pseudonyms, and anonymous email providers. He registered domain names and procured hosting services to support ChipMixer’s operations. In online posts, Nguyễn criticized anti-money laundering efforts and advised users on how to evade reporting requirements.

About the Author
Tyler Cross
Tyler Cross
Senior Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."