Illicit Crypto Moving to Mixers on Pace to Double in 2022

Chainalysis report shows huge volume of funds moving to these services from sanctioned entities


Blockworks exclusive art by axel rangel


key takeaways

  • Illicit addresses account for 23% of funds sent to mixers so far in 2022, up from 12% in 2021
  • Groups associated with the North Korean government are sending about half of the funds going to mixers

More money moving to crypto mixing services in 2022 is coming from addresses associated with illicit activity, as government agencies may be forced to take action against non-compliant mixers or impose more sanctions.  

The 30-day moving average of value received by mixers reached an all-time high of nearly $52 million worth of crypto on April 19, according to a report by Chainalysis published Thursday. This figure is roughly double the incoming volume at the same point in 2021.

Perhaps more notably, the blockchain data platform revealed, illicit addresses account for 23% of funds sent to mixers so far in 2022, up from 12% last year.

Mixers or tumblers, such as Tornado Cash, are services providing users the ability to conceal the transaction history of certain cryptocurrencies by pooling and mixing them together with other users’ funds. Industry watchers have noted that while they can be used for illegal activity, many believe that it is a crucial tool for financial privacy.

Nearly 10% of all funds sent from illicit addresses are sent to mixers, the report showed. No other address type — such as one associated with various kinds of exchanges or gambling platforms — reached a 0.3% mixer sending share.

Russian darknet market Hydra accounts for half of all funds moving to these services from sanctioned entities this year, according to Chainalysis. Nearly all of the remaining funds going to mixers are North Korean government-associated Lazarus Group and, accounting for about 30% and 19%, respectively. 

Chainalysis Director of Research Kim Grauer said the most striking takeaway of the report was the large rise in mixer usage by the North Korea-linked cybercriminal groups. 

“This alone is driving a massive increase in the use of mixers this year, and demonstrates that regulators and law enforcement should have the tools and resources they need to better understand the national security risks mixers pose and investigate illicit activity,” she told Blockworks. 

Forbes reported in February that Chainalysis has a “previously secret forensics tool” that was able to demix transactions tied to The DAO hack of 2016 and track their output to four exchanges.

The Tuesday report noted that Chainalysis “continues to refine the ability to demix certain mixing transactions and see users’ original source of funds.”

Grauer declined to comment on the company’s demixing capabilities. 

Several mixers — including Tornado Cash — and other decentralized finance platforms are taking advantage of privacy-preserving technology, such as zk-SNARK, to ensure anonymity remains intact, NetSPI Chief Technology Officer Travis Hoyt said.  

“If Chainalysis can in fact reverse or deduce transactions protected with this type of technology, it would question some of the fundamental mechanics of how some blockchains work, as well as some of the mixing and [decentralized finance] platforms,” Hoyt told Blockworks.

Combatting mixer usage for illegal activities

The hacker who exploited the Ronin Network for roughly $625 million in March initially transferred thousands of ether to Tornado Cash. 

Also that month, federal prosecutors in Florida seized roughly $34 million worth of crypto and German authorities confiscated about $25 million worth of bitcoin. Alleged criminals in both cases used mixing services to mask transactions.

More recently, roughly a third of the $100 million stolen last month from Horizon Bridge — a cross-chain interoperability platform between Ethereum, Binance Smart Chain (BSC) and Harmony blockchain networks — was also transferred to a Tornado Cash address.

Grauer said that mixers in the US, like other crypto companies, are required to register as money services businesses (MSBs) under the Financial Crimes Enforcement Network’s guidance.

Tornado Cash is an immutable smart contract, not a business, but the service includes a compliance tool, which allows any lawful user to prove the origin and destination of funds if required to do so by law enforcement agencies.

A right to privacy is enshrined in Article 12 of the United Nations Declarations on Human Rights, and preserving it is a natural concern of any user of a public, immutable blockchain.

But Chainalysis is unaware of any mixers currently following regulations around anti-money laundering and combating the financing of terrorism that MSBs are subject to in most jurisdictions, Grauer added.

“The increase in usage by nation state actors in particular may lead government agencies to take action against non-compliant mixers or even impose sanctions, as they have in the past,” Grauer said.

The US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Hydra in April, adding more than 100 of its crypto addresses to the specially designated national list as identifiers. In May, OFAC sanctioned virtual currency mixer 

“These platforms are agnostic to borders, and while [US] frameworks may apply to certain citizens and the legal jurisdictions they’re in, they will not apply to all,” Hoyt said. “This means that trying to regulate them could be very difficult.”

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Unlocked by Template.png


With the spot ETH ETF approval, the institutions are coming. stETH - given its dominance in marketshare, existing liquid market structures, and highly desirable properties - is poised for institutions.


Launching cryptocurrencies the old fashioned way may soon make a return


Kraken and CertiK brought their beef to social media after Kraken said researchers exploited $3 million through a bug


NVIDIA’s historic run is only deepening the divide between mega-cap tech stocks and the rest of the market.


EIP-7702 was quickly adopted for the next Ethereum upgrade, but developers haven’t quite locked it down