Illicit Crypto Moving to Mixers on Pace to Double in 2022

Chainalysis report shows huge volume of funds moving to these services from sanctioned entities

article-image

Blockworks exclusive art by axel rangel

share

key takeaways

  • Illicit addresses account for 23% of funds sent to mixers so far in 2022, up from 12% in 2021
  • Groups associated with the North Korean government are sending about half of the funds going to mixers

More money moving to crypto mixing services in 2022 is coming from addresses associated with illicit activity, as government agencies may be forced to take action against non-compliant mixers or impose more sanctions.  

The 30-day moving average of value received by mixers reached an all-time high of nearly $52 million worth of crypto on April 19, according to a report by Chainalysis published Thursday. This figure is roughly double the incoming volume at the same point in 2021.

Perhaps more notably, the blockchain data platform revealed, illicit addresses account for 23% of funds sent to mixers so far in 2022, up from 12% last year.

Mixers or tumblers, such as Tornado Cash, are services providing users the ability to conceal the transaction history of certain cryptocurrencies by pooling and mixing them together with other users’ funds. Industry watchers have noted that while they can be used for illegal activity, many believe that it is a crucial tool for financial privacy.

Nearly 10% of all funds sent from illicit addresses are sent to mixers, the report showed. No other address type — such as one associated with various kinds of exchanges or gambling platforms — reached a 0.3% mixer sending share.

Russian darknet market Hydra accounts for half of all funds moving to these services from sanctioned entities this year, according to Chainalysis. Nearly all of the remaining funds going to mixers are North Korean government-associated Lazarus Group and Blender.io, accounting for about 30% and 19%, respectively. 

Chainalysis Director of Research Kim Grauer said the most striking takeaway of the report was the large rise in mixer usage by the North Korea-linked cybercriminal groups. 

“This alone is driving a massive increase in the use of mixers this year, and demonstrates that regulators and law enforcement should have the tools and resources they need to better understand the national security risks mixers pose and investigate illicit activity,” she told Blockworks. 

Forbes reported in February that Chainalysis has a “previously secret forensics tool” that was able to demix transactions tied to The DAO hack of 2016 and track their output to four exchanges.

The Tuesday report noted that Chainalysis “continues to refine the ability to demix certain mixing transactions and see users’ original source of funds.”

Grauer declined to comment on the company’s demixing capabilities. 

Several mixers — including Tornado Cash — and other decentralized finance platforms are taking advantage of privacy-preserving technology, such as zk-SNARK, to ensure anonymity remains intact, NetSPI Chief Technology Officer Travis Hoyt said.  

“If Chainalysis can in fact reverse or deduce transactions protected with this type of technology, it would question some of the fundamental mechanics of how some blockchains work, as well as some of the mixing and [decentralized finance] platforms,” Hoyt told Blockworks.

Combatting mixer usage for illegal activities

The hacker who exploited the Ronin Network for roughly $625 million in March initially transferred thousands of ether to Tornado Cash. 

Also that month, federal prosecutors in Florida seized roughly $34 million worth of crypto and German authorities confiscated about $25 million worth of bitcoin. Alleged criminals in both cases used mixing services to mask transactions.

More recently, roughly a third of the $100 million stolen last month from Horizon Bridge — a cross-chain interoperability platform between Ethereum, Binance Smart Chain (BSC) and Harmony blockchain networks — was also transferred to a Tornado Cash address.

Grauer said that mixers in the US, like other crypto companies, are required to register as money services businesses (MSBs) under the Financial Crimes Enforcement Network’s guidance.

Tornado Cash is an immutable smart contract, not a business, but the service includes a compliance tool, which allows any lawful user to prove the origin and destination of funds if required to do so by law enforcement agencies.

A right to privacy is enshrined in Article 12 of the United Nations Declarations on Human Rights, and preserving it is a natural concern of any user of a public, immutable blockchain.

But Chainalysis is unaware of any mixers currently following regulations around anti-money laundering and combating the financing of terrorism that MSBs are subject to in most jurisdictions, Grauer added.

“The increase in usage by nation state actors in particular may lead government agencies to take action against non-compliant mixers or even impose sanctions, as they have in the past,” Grauer said.

The US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Hydra in April, adding more than 100 of its crypto addresses to the specially designated national list as identifiers. In May, OFAC sanctioned virtual currency mixer Blender.io. 

“These platforms are agnostic to borders, and while [US] frameworks may apply to certain citizens and the legal jurisdictions they’re in, they will not apply to all,” Hoyt said. “This means that trying to regulate them could be very difficult.”


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Permissionless is a conference for founders, application developers, and users. Come meet the next generation of people building and using crypto.

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Monad Report Graphic.png

Research

Monad represents an ambitious attempt to address the scalability challenges faced by existing EVM chains. By leveraging innovative consensus and execution mechanisms, including pipelined consensus-execution and optimistic parallel execution, Monad aims to achieve performance metrics of 10,000 TPS and 1-second finality while maintaining full EVM compatibility. This approach positions Monad as a potential evolution of the Ethereum ecosystem, offering enhanced scalability without sacrificing the familiar developer or user experience.

article-image

Bitwise took the initial steps for an XRP ETF Wednesday

article-image

Plus, enrollment for the Donald Trump-backed crypto project is underway

article-image

On Solana so far, there are two main competitors: Jito and Solayer

article-image

Plus, Sui-eet liquidity surge and USDC’s new home on Base

article-image

The Web3 community is stacking bricks when it should be building bridges