Illicit Crypto Moving to Mixers on Pace to Double in 2022

Chainalysis report shows huge volume of funds moving to these services from sanctioned entities

article-image

Blockworks exclusive art by axel rangel

share

key takeaways

  • Illicit addresses account for 23% of funds sent to mixers so far in 2022, up from 12% in 2021
  • Groups associated with the North Korean government are sending about half of the funds going to mixers

More money moving to crypto mixing services in 2022 is coming from addresses associated with illicit activity, as government agencies may be forced to take action against non-compliant mixers or impose more sanctions.  

The 30-day moving average of value received by mixers reached an all-time high of nearly $52 million worth of crypto on April 19, according to a report by Chainalysis published Thursday. This figure is roughly double the incoming volume at the same point in 2021.

Perhaps more notably, the blockchain data platform revealed, illicit addresses account for 23% of funds sent to mixers so far in 2022, up from 12% last year.

Mixers or tumblers, such as Tornado Cash, are services providing users the ability to conceal the transaction history of certain cryptocurrencies by pooling and mixing them together with other users’ funds. Industry watchers have noted that while they can be used for illegal activity, many believe that it is a crucial tool for financial privacy.

Nearly 10% of all funds sent from illicit addresses are sent to mixers, the report showed. No other address type — such as one associated with various kinds of exchanges or gambling platforms — reached a 0.3% mixer sending share.

Russian darknet market Hydra accounts for half of all funds moving to these services from sanctioned entities this year, according to Chainalysis. Nearly all of the remaining funds going to mixers are North Korean government-associated Lazarus Group and Blender.io, accounting for about 30% and 19%, respectively. 

Chainalysis Director of Research Kim Grauer said the most striking takeaway of the report was the large rise in mixer usage by the North Korea-linked cybercriminal groups. 

“This alone is driving a massive increase in the use of mixers this year, and demonstrates that regulators and law enforcement should have the tools and resources they need to better understand the national security risks mixers pose and investigate illicit activity,” she told Blockworks. 

Forbes reported in February that Chainalysis has a “previously secret forensics tool” that was able to demix transactions tied to The DAO hack of 2016 and track their output to four exchanges.

The Tuesday report noted that Chainalysis “continues to refine the ability to demix certain mixing transactions and see users’ original source of funds.”

Grauer declined to comment on the company’s demixing capabilities. 

Several mixers — including Tornado Cash — and other decentralized finance platforms are taking advantage of privacy-preserving technology, such as zk-SNARK, to ensure anonymity remains intact, NetSPI Chief Technology Officer Travis Hoyt said.  

“If Chainalysis can in fact reverse or deduce transactions protected with this type of technology, it would question some of the fundamental mechanics of how some blockchains work, as well as some of the mixing and [decentralized finance] platforms,” Hoyt told Blockworks.

Combatting mixer usage for illegal activities

The hacker who exploited the Ronin Network for roughly $625 million in March initially transferred thousands of ether to Tornado Cash. 

Also that month, federal prosecutors in Florida seized roughly $34 million worth of crypto and German authorities confiscated about $25 million worth of bitcoin. Alleged criminals in both cases used mixing services to mask transactions.

More recently, roughly a third of the $100 million stolen last month from Horizon Bridge — a cross-chain interoperability platform between Ethereum, Binance Smart Chain (BSC) and Harmony blockchain networks — was also transferred to a Tornado Cash address.

Grauer said that mixers in the US, like other crypto companies, are required to register as money services businesses (MSBs) under the Financial Crimes Enforcement Network’s guidance.

Tornado Cash is an immutable smart contract, not a business, but the service includes a compliance tool, which allows any lawful user to prove the origin and destination of funds if required to do so by law enforcement agencies.

A right to privacy is enshrined in Article 12 of the United Nations Declarations on Human Rights, and preserving it is a natural concern of any user of a public, immutable blockchain.

But Chainalysis is unaware of any mixers currently following regulations around anti-money laundering and combating the financing of terrorism that MSBs are subject to in most jurisdictions, Grauer added.

“The increase in usage by nation state actors in particular may lead government agencies to take action against non-compliant mixers or even impose sanctions, as they have in the past,” Grauer said.

The US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Hydra in April, adding more than 100 of its crypto addresses to the specially designated national list as identifiers. In May, OFAC sanctioned virtual currency mixer Blender.io. 

“These platforms are agnostic to borders, and while [US] frameworks may apply to certain citizens and the legal jurisdictions they’re in, they will not apply to all,” Hoyt said. “This means that trying to regulate them could be very difficult.”


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

recent research

Research Report Templates.png

Research

An overview of the Base Ecosystem, with a focus on market leaders.

article-image

Although bitcoin hitting $120k by year’s end is looking unlikely

article-image

About 270 million HYPE has been claimed, valued around $7.6 billion

article-image

Stanford professors David Mazières and Dan Boneh will lead the lab alongside a cohort of graduate student researchers

article-image

With more companies holding BTC, bitcoin yielding strategies could become “a new corporate finance norm,” CoinShares posed

article-image

The proposal comes after Polygon governance considered a controversial use of bridged liquidity for yield

article-image

Can the community balance its decentralized ethos with the need for inclusivity and constructive debate?