European authorities recently seized the computer infrastructure behind an illegal cryptocurrency service that facilitated ransomware and other cybercrime.
Between Nov. 24 and Nov. 28, Swiss and German law enforcement agencies took control of the servers and domain name behind Cryptomixer, which helped ransomware gangs and other dark web market participants obfuscate their payments, Europol said on Monday. Cryptomixer has helped launder more than 1.3 billion euros ($1.5 billion) since 2016, according to the European police agency, which assisted in the operation.
“Deposited funds from various users were pooled for a long and randomised period before being redistributed to destination addresses, again at random times,” Europol said. “As many digital currencies provide a public ledger of all transactions, mixing services make it difficult to trace specific coins, thus concealing the origin of cryptocurrency.”
Europol’s Joint Cybercrime Action Taskforce provided information-sharing support as authorities seized Cryptomixer’s servers, which were located in Switzerland, and its domain name.
The agency said authorities confiscated more than 12 terabytes of data from the service, as well as more than 25 million euros ($29 million) in laundered Bitcoin.
Ongoing war with mixers
The recent seizure, dubbed Operation Olympia, is the latest in a series of multilateral efforts to squeeze the services that help cyber criminals hide their financial transactions. In 2023, Europol worked with American and German authorities to seize the infrastructure behind the ChipMixer service, which resulted in the confiscation of nearly $50 million in Bitcoin. At the time, ChipMixer was one of the dark web’s largest mixing services.
The North Korean government was a Cryptomixer customer, according to the cryptocurrency analysis firm TRM Labs. North Korea–linked hackers previously used the service and several others to launder stolen funds, although Pyongyang has more recently eschewed anonymity in favor of “speed and automation,” TRM Labs said.
In some cases, authorities have apprehended mixing services’ operators. On Nov. 19, just a few days before Operation Olympia, the U.S. Department of Justice announced prison sentences for the co-founders of Samourai Wallet, another mixing service popular with North Korean hackers.