Anti-Money Laundering (AML) , Cybercrime , Fraud Management & Cybercrime
Bestmixer Cryptocurrency Laundering Site ShutteredAuthorities Say 'Mixer' Site Laundered Nearly $200 Million Worth of Cryptocurrencies
European police have shuttered Bestmixer.io, considered one of the largest underground money laundering websites for cryptocurrencies.
See Also: Live Webinar | Breaking Down Security Challenges so Your Day Doesn’t Start at 3pm
Over the course of a year, the site helped "mix" over $200 million in bitcoin and other digital currencies, authorities say. Mixing services help to conceal the origin or destination of cryptocurrencies used in a crime or scheme, such as bitcoins collected during a ransomware attack, authorities say.
On Wednesday, Europol, the Dutch Fiscal Information and Investigation Service and law enforcement agencies in Luxembourg, France and Latvia seized six servers belonging to Bestmixer. The hardware was located in the Netherlands and Luxembourg, authorities say. No arrests were announced and the investigation continues, according to officials in the Netherlands.
From May 2018 until this month, Bestmixer offered cryptocurrency mixing services that helped launder about 25,000 ill-gotten bitcoins and other cryptocurrencies worth more than $200 million, authorities say.
"The investigation so far shows that many of the mixed cryptocurrencies have a criminal origin or destination. In these cases, the mixer was probably used to conceal and launder criminal flows of money," according to a statement from the Dutch Fiscal Information and Investigation Service.
Cybercriminals from all over the world used the Bestmixer service, although the majority came from the U.S., Germany and the Netherlands, authorities say.
Dark Web Services
Overall, the Dutch Fiscal Information and Investigation Service estimates, various crimes conducted on dark web sites net cybercriminals about $800 million each year worldwide. At some point, payments to these sites that are made in various cryptocurrencies must be laundered, which gave rise to cryptocurrency mixing services for a new generation of money laundering.
In the physical world, criminals can create shell companies to help hide their illegal gains. But for online crime, because bitcoin and other cryptocurrencies use the blockchain open ledger to record transactions, cybercriminals use technologies to obfuscate the origins of the cryptocurrencies as well as their ultimate destinations.
This is where Bestmixer and other sites come in.
"A mixing service will cut up a sum of bitcoins into hundreds of smaller transactions and mix different transactions from other sources for obfuscation and pump out the input amount, minus a fee, to a certain output address untraceable to the source," says John Fokker, the head of cyber investigations for McAfee, which assisted in the investigation.
The owners of these types of mixing services generally take a percentage of the laundered currency as a fee. Those behind Bestmixer made about $600,000 a month in profit, Fokker estimates.
Bestmixer, which sprung up last year, quickly became one of the three largest mixing service sites, Fokker says. It overtly advertised what it service could do for criminals looking to hide the source of their cryptocurrencies, he notes.
"The legality changes when a mixing service advertises itself as a success method to avoid various anti-money laundering policies via anonymity," Fokker tells Information Security Media Group. "This is actively offering a money laundering service.
"Bestmixer offered a very clear page on why someone should mix their cryptocurrency. Bestmixer described the current anti-money laundering policies and how its service could help evade these policies by making funds anonymous and untraceable. Offering such a service is considered illegal in many countries."
A Continuing Problem
In addition to the six operational servers seized on Wednesday, police confiscated IP-addresses, transaction details, bitcoin addresses and chat messages associated with Bestmixer, according to Europol. All this information is being analyzed, authorities say.
The Bestmixer investigation is the second large-scale European operation that has targeted the dark web underground over the last month.
In early May, European and U.S. authorities seized and closed Wall Street Market as well as the Silkkitie, which also went by the name Valhalla Marketplace. Before closing, Wall Street Market was the world's second-largest illegal dark web market (see: Darknet Disruption: 'Wall Street Market' Closed for Business).
Despite these takedowns, Fokker believes that ongoing attacks, including those involving ransomware, are helping to fuel the underground economy, so cybercriminals will continue to look for ways to hide their money.
"Criminals will always have a need to launder their criminal incomes," Fokker says. "Just think of the ransoms that have been paid to ransomware criminals. Mixer services therefore play a vital part in the cybercriminal economy. Mixer services have been on the rise with the explosive growth of underground market places like AlphaBay and Dream market and the overall acceptance of cryptocurrencies."