The amount of cryptocurrency flowing into privacy-enhancing mixer services has reached an all-time high this year as funds from wallets belonging to government-sanctioned groups and criminal activity almost doubled, researchers reported on Thursday.
Mixers, also known as tumblers, obfuscate cryptocurrency transactions by creating a disconnect between the funds a user deposits and the funds the user withdraws. To do this, mixers pool funds deposited by large numbers of users and randomly mix them. Each user can withdraw the entire amount deposited, minus a cut for the mixer, but because the coins come from this jumbled pool, it’s harder for blockchain investigators to track precisely where the money went.
Significant money-laundering risk
Some mixers provide additional obfuscation by allowing users to withdraw funds in differing amounts sent to different wallet addresses. Others try to conceal the mixing activity altogether by changing the fee on each transaction or varying the type of deposit address used.
Mixer use isn’t automatically illegal or unethical. Given how easy it is to track the flow of Bitcoin and some other types of cryptocurrency, there are legitimate privacy reasons anyone might want to use one. But given the rampant use of cryptocurrency in online crime, mixers have evolved as a must-use tool for criminals who want to cash out without being caught by authorities.
“Mixers present a difficult question to regulators and members of the cryptocurrency community,” researchers from cryptocurrency analysis firm Chainalysis wrote in a report that linked the surge to increased volumes deposited by sanctioned and criminal groups. “Virtually everyone would acknowledge that financial privacy is valuable, and that in a vacuum, there’s no reason services like mixers shouldn’t be able to provide it. However, the data shows that mixers currently pose a significant money laundering risk, with 25 percent of funds coming from illicit addresses, and that cybercriminals associated with hostile governments are taking advantage.”
The report added: “Mixers may soon become obsolete as Chainalysis continues to refine the ability to demix certain mixing transactions and see users’ original source of funds. But for the time being, our data shows that mixers are receiving more cryptocurrency than ever in 2022.”
Cryptocurrency received by these mixers fluctuates significantly from day to day, so researchers find it more useful to use longer-term measures. The 30-day moving average of funds received by mixers hit $51.8 million in mid-April, an all-time high, Chainalysis reported. The high-water mark represented almost double the incoming volumes at the same point last year. What’s more, illicit wallet addresses accounted for 23 percent of funds sent to mixers this year, up from 12 percent in 2021.
As the graph below illustrates, the increases come most notably from higher volumes sent from addresses connected to illicit activity, such as ransomware attacks, cryptocurrency scams, and stolen funds carried out by groups sanctioned by the US government. To a lesser extent, volumes sent from centralized exchanges, DeFi, or decentralized finance protocols, also drove the surge.
A breakdown of volumes connected to illicit sources shows that the spike is driven primarily by sanctioned entities—mainly Russian and North Korean in origin—followed by cryptocurrency thieves and fraudsters pushing cryptocurrency investment scams.
The sanctioned entities are led by Hydra, a Russia-based dark web market that serves as a haven for criminals to buy and sell services and products to one another. In April, the US Department of Treasury sanctioned Hydra to stymie the group’s efforts to liquidate their ill-gotten proceeds. The remaining volume from sanctioned groups came from the North Korean hacking group Lazarus and the Blender.io tumbler, which the US Treasury Department sanctioned earlier this year for serving the North Korean government.
Despite their utility, mixers suffer a critical Achilles’ heel: Large transactions make them ineffective, meaning that they work less efficiently when people use them to deposit large amounts of cryptocurrency.
“Since users are receiving a ‘mix’ of funds contributed by others, if one user floods the mixer and contributes significantly more than others, much of what they end up with will be made up of the funds they originally put in, making it possible to trace the funds back to their original source,” Thursday’s report explained. “In other words, mixers function best when they have a large number of users, all of whom are mixing comparable amounts of cryptocurrency.”
Post updated to correct description of Blender.io.