Crypto Mixers Usage From Cybercriminals Sees All-Time High: Chainalysis

Attacks on DeFi platforms, crypto exchanges and related websites have become somewhat of a constant fixture in the past couple of years. When using a mixer, the user pools his tokens with those of others, receiving them back after they have been scrambled with assets provided by others, minus the fee charged by the mixing service.

When successful, the misappropriated proceeds often pass through crypto mixers – services intended to obfuscate the origin of a crypto transaction – before finally ending up in the wallets of exploiters. Mixing is, thankfully, not always successful. For instance, if a bad actor deposits large amounts of stolen crypto, the proportion of funds clearly originating from them allows the exchanges they often end up on to trace the funds anyway.

Mixers Are Not Inherently Bad for Crypto

It’s important to note that cryptocurrency mixers are, overall, in large with one of the original principles of the crypto market: anonymity. Many people who use mixers are simply using them in an attempt to maintain their privacy or to get around legislation in their home country prohibiting or hindering the use of their own assets.

Unfortunately, a recent report made by blockchain data analysts at Chainalysis shows that the percentage of funds originating from cybercriminals and other bad actors have hit an all-time high in 2022, following an increase throughout 2021.

The highest volume to pass through crypto mixers was reached in April 2022 – $51.8 million worth of digital assets, to be exact. This is almost double the volume recorded in April of 2021 – although, to be fair, that month presented a slight slump in total volume.

Sanctioned Entities Represent a Sizable Portion of the Market

Sanctioned entities are cybercrime syndicates recognized and sanctioned by authorities worldwide, such as Hydra Market or the North Korean Lazarus Group, allegedly the masterminds behind the Harmony bridge exploit, and many other attacks.

“Lazarus Group is a cybercrime syndicate responsible for several cryptocurrency hacks on behalf of the North Korean government, and along with associated groups remains extremely active today. Already in 2022, hackers associated with the North Korean government are believed to have stolen over $1 billion worth of cryptocurrency, mostly from DeFi protocols.”

In 2022, the percentage of funds associated with sanctioned entities reached a whopping 23% of funds that passed through mixing services, nearly double the figure in 2021 – 12%.

Out of this number, 50.4% are associated with Hydra Marketplace – a Russia-based dark market shut down in April by German authorities. A further 30% are associated with the Lazarus Group, and 18.8% with Blender.io. The remaining 0.8% are associated with various small-time cybercrime organizations.

Although mixers represent an important part of the blockchain ecosystem, helping to provide anonymity for crypto users who may not want to use privacy coins, their popularity among cybercriminals cannot be overlooked. They present a complicated issue for regulators looking to stop cybercrime without hurting legitimate users who merely enjoy the privacy associated with these services.