IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cryptomixers are helping hackers to launder ransomware payments

The services enable cyber criminals to anonymously clean proceeds from illicit activities

Cyber criminals are turning to cryptomixing services to hide the proceeds of ransomware activities and make them harder to track by law enforcement. 

That's according to security researchers at IT cyber security firm Intel 471, which reports that cryptomixing services, which mix cryptocurrency transactions from a variety of sources to provide more privacy, are available on the internet and the dark web.

While this is not illegal - cryptomixers are dvertised as adding an extra layer of privacy for cryptocurrency transactions - the researchers found that these services had well-established presences on multiple, well-known cyber crime forums. 

“All of the mixers had professional-looking sites, likely serving as an attempt to make their operations appear more legitimate and attract a wider range of clients,” said Intel 471.

“None of the providers advertised their roles in money laundering, instead preferring to suggest their sites serve businesses using cryptocurrencies and individuals interested in protecting their privacy.”

From a cyber criminals' perspective, these cryptomixers work by sending a sum of cryptocurrency, typically Bitcoin, to a wallet address the mixing service operator owns. This sum joins a pool of the service provider’s own Bitcoins, as well as cryptocurrencies from other cyber criminals using the service. The initial threat actor’s cryptocurrency joins the back of the “chain”, and the threat actor receives a unique reference number known as a “mixing code” for deposited funds. 

“This code ensures the actor does not get back their own 'dirty' funds that theoretically could be linked to their operations. The threat actor then receives the same sum of Bitcoins from the mixer’s pool, muddled using the service’s proprietary algorithm, minus a service fee,” the researchers said.

This can be made more anonymous by criminals by sending this “clean” sum of Bitcoins to numerous wallet addresses to further obfuscate the trail of the illicit funds.

“This makes it more difficult for law enforcement to associate the original “dirty” cryptocurrency with the threat actor,” the researchers added.

Cyber criminals were found to be using four popular cryptomixing services: Absolutio, AudiA6, Blender, and Mix-btc. These cryptomixers can either charge a flat fee or a “dynamic” one, which Intel 471 said is most likely done to “complicate investigations into illicit cryptocurrency funds by altering the amount being laundered at different stages of the process, making it more difficult to tie the funds to a specific crime or individual”.

Researchers said that a thorough understanding of the operational underpinnings of these mixing services is key to comprehending how criminals are laundering the money they earn from their crimes. 

“It’s important to understand how all facets of a ransomware operation works if civil society is to stop the losses inflicted by these schemes,” they said.

Featured Resources

2022 State of the multi-cloud report

What are the biggest multi-cloud motivations for decision-makers, and what are the leading challenges

Free Download

The Total Economic Impact™ of IBM robotic process automation

Cost savings and business benefits enabled by robotic process automation

Free Download

Multi-cloud data integration for data leaders

A holistic data-fabric approach to multi-cloud integration

Free Download

MLOps and trustworthy AI for data leaders

A data fabric approach to MLOps and trustworthy AI

Free Download

Most Popular

The top 12 password-cracking techniques used by hackers

The top 12 password-cracking techniques used by hackers

14 Nov 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

15 Nov 2022
Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation
cyber crime

Interpol arrests nearly 1,000 cyber criminals in months-long anti-fraud operation

25 Nov 2022