Illicit Crypto Moving to Mixers on Pace to Double in 2022

Chainalysis report shows huge volume of funds moving to these services from sanctioned entities

article-image

Blockworks exclusive art by axel rangel

share

key takeaways

  • Illicit addresses account for 23% of funds sent to mixers so far in 2022, up from 12% in 2021
  • Groups associated with the North Korean government are sending about half of the funds going to mixers

More money moving to crypto mixing services in 2022 is coming from addresses associated with illicit activity, as government agencies may be forced to take action against non-compliant mixers or impose more sanctions.  

The 30-day moving average of value received by mixers reached an all-time high of nearly $52 million worth of crypto on April 19, according to a report by Chainalysis published Thursday. This figure is roughly double the incoming volume at the same point in 2021.

Perhaps more notably, the blockchain data platform revealed, illicit addresses account for 23% of funds sent to mixers so far in 2022, up from 12% last year.

Mixers or tumblers, such as Tornado Cash, are services providing users the ability to conceal the transaction history of certain cryptocurrencies by pooling and mixing them together with other users’ funds. Industry watchers have noted that while they can be used for illegal activity, many believe that it is a crucial tool for financial privacy.

Nearly 10% of all funds sent from illicit addresses are sent to mixers, the report showed. No other address type — such as one associated with various kinds of exchanges or gambling platforms — reached a 0.3% mixer sending share.

Russian darknet market Hydra accounts for half of all funds moving to these services from sanctioned entities this year, according to Chainalysis. Nearly all of the remaining funds going to mixers are North Korean government-associated Lazarus Group and Blender.io, accounting for about 30% and 19%, respectively. 

Chainalysis Director of Research Kim Grauer said the most striking takeaway of the report was the large rise in mixer usage by the North Korea-linked cybercriminal groups. 

“This alone is driving a massive increase in the use of mixers this year, and demonstrates that regulators and law enforcement should have the tools and resources they need to better understand the national security risks mixers pose and investigate illicit activity,” she told Blockworks. 

Forbes reported in February that Chainalysis has a “previously secret forensics tool” that was able to demix transactions tied to The DAO hack of 2016 and track their output to four exchanges.

The Tuesday report noted that Chainalysis “continues to refine the ability to demix certain mixing transactions and see users’ original source of funds.”

Grauer declined to comment on the company’s demixing capabilities. 

Several mixers — including Tornado Cash — and other decentralized finance platforms are taking advantage of privacy-preserving technology, such as zk-SNARK, to ensure anonymity remains intact, NetSPI Chief Technology Officer Travis Hoyt said.  

“If Chainalysis can in fact reverse or deduce transactions protected with this type of technology, it would question some of the fundamental mechanics of how some blockchains work, as well as some of the mixing and [decentralized finance] platforms,” Hoyt told Blockworks.

Combatting mixer usage for illegal activities

The hacker who exploited the Ronin Network for roughly $625 million in March initially transferred thousands of ether to Tornado Cash. 

Also that month, federal prosecutors in Florida seized roughly $34 million worth of crypto and German authorities confiscated about $25 million worth of bitcoin. Alleged criminals in both cases used mixing services to mask transactions.

More recently, roughly a third of the $100 million stolen last month from Horizon Bridge — a cross-chain interoperability platform between Ethereum, Binance Smart Chain (BSC) and Harmony blockchain networks — was also transferred to a Tornado Cash address.

Grauer said that mixers in the US, like other crypto companies, are required to register as money services businesses (MSBs) under the Financial Crimes Enforcement Network’s guidance.

Tornado Cash is an immutable smart contract, not a business, but the service includes a compliance tool, which allows any lawful user to prove the origin and destination of funds if required to do so by law enforcement agencies.

A right to privacy is enshrined in Article 12 of the United Nations Declarations on Human Rights, and preserving it is a natural concern of any user of a public, immutable blockchain.

But Chainalysis is unaware of any mixers currently following regulations around anti-money laundering and combating the financing of terrorism that MSBs are subject to in most jurisdictions, Grauer added.

“The increase in usage by nation state actors in particular may lead government agencies to take action against non-compliant mixers or even impose sanctions, as they have in the past,” Grauer said.

The US Treasury’s Office of Foreign Assets Control (OFAC) sanctioned Hydra in April, adding more than 100 of its crypto addresses to the specially designated national list as identifiers. In May, OFAC sanctioned virtual currency mixer Blender.io. 

“These platforms are agnostic to borders, and while [US] frameworks may apply to certain citizens and the legal jurisdictions they’re in, they will not apply to all,” Hoyt said. “This means that trying to regulate them could be very difficult.”


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research Report Templates (1).jpg

Research

With $13B in tokenized assets, strong institutional partnerships, and a clear first-mover advantage in the RWA space. The platform's methodical approach to regulatory compliance, coupled with its hybrid public-private architecture, positions it uniquely to capture significant market share in the emerging tokenization landscape. While current fee generation primarily stems from metadata transactions, the planned launch of Figure Markets, major exchange listings, and comprehensive market-making initiatives in 2025 could serve as powerful catalysts for growth.

article-image

Perena is built on the premise that as stablecoins proliferate, liquidity could fragment, and stablecoins aren’t useful if they aren’t liquid

article-image

From hackathons to trading tools and DAO governance, AI agents are redefining how we build and innovate

article-image

CME’s large bitcoin contracts are so big that investors are turning to micro bitcoin contracts

article-image

The third-largest stablecoin is going multichain for the first time in its seven-year history

article-image

Nano Labs’ news release notes confidence in bitcoin being “a reliable store of value amidst its rising global adoption”

article-image

Several big companies report third quarter earnings this week, likely moving markets