IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Cryptomixers are helping hackers to launder ransomware payments

The services enable cyber criminals to anonymously clean proceeds from illicit activities

Cyber criminals are turning to cryptomixing services to hide the proceeds of ransomware activities and make them harder to track by law enforcement. 

That's according to security researchers at IT cyber security firm Intel 471, which reports that cryptomixing services, which mix cryptocurrency transactions from a variety of sources to provide more privacy, are available on the internet and the dark web.

While this is not illegal - cryptomixers are dvertised as adding an extra layer of privacy for cryptocurrency transactions - the researchers found that these services had well-established presences on multiple, well-known cyber crime forums. 

“All of the mixers had professional-looking sites, likely serving as an attempt to make their operations appear more legitimate and attract a wider range of clients,” said Intel 471.

“None of the providers advertised their roles in money laundering, instead preferring to suggest their sites serve businesses using cryptocurrencies and individuals interested in protecting their privacy.”

From a cyber criminals' perspective, these cryptomixers work by sending a sum of cryptocurrency, typically Bitcoin, to a wallet address the mixing service operator owns. This sum joins a pool of the service provider’s own Bitcoins, as well as cryptocurrencies from other cyber criminals using the service. The initial threat actor’s cryptocurrency joins the back of the “chain”, and the threat actor receives a unique reference number known as a “mixing code” for deposited funds. 

“This code ensures the actor does not get back their own 'dirty' funds that theoretically could be linked to their operations. The threat actor then receives the same sum of Bitcoins from the mixer’s pool, muddled using the service’s proprietary algorithm, minus a service fee,” the researchers said.

This can be made more anonymous by criminals by sending this “clean” sum of Bitcoins to numerous wallet addresses to further obfuscate the trail of the illicit funds.

“This makes it more difficult for law enforcement to associate the original “dirty” cryptocurrency with the threat actor,” the researchers added.

Cyber criminals were found to be using four popular cryptomixing services: Absolutio, AudiA6, Blender, and Mix-btc. These cryptomixers can either charge a flat fee or a “dynamic” one, which Intel 471 said is most likely done to “complicate investigations into illicit cryptocurrency funds by altering the amount being laundered at different stages of the process, making it more difficult to tie the funds to a specific crime or individual”.

Researchers said that a thorough understanding of the operational underpinnings of these mixing services is key to comprehending how criminals are laundering the money they earn from their crimes. 

“It’s important to understand how all facets of a ransomware operation works if civil society is to stop the losses inflicted by these schemes,” they said.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022