Anti-Money Laundering (AML) , Cryptocurrency Fraud , Fraud Management & Cybercrime

Ohio Man Admits to Operating Illegal Bitcoin 'Mixer' Service

DOJ: Larry Dean Harmon's Operation Laundered $300 Million in Cryptocurrency
Ohio Man Admits to Operating Illegal Bitcoin 'Mixer' Service

An Ohio man pleaded guilty this week to operating an illegal bitcoin "mixer" service that laundered more than $300 million in cryptocurrency for users of darknet marketplaces, according to the Department of Justice.

See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk

Larry Dean Harmon of Akron, Ohio, admitted Wednesday to operating a darknet site called Helix, which acted as a cryptocurrency money laundering service from 2014 to 2017 and was associated with several notorious underground marketplaces, including AlphaBay Evolution, Cloud 9 and several others, federal prosecutors say.

Helix functioned as a bitcoin mixer and "tumbler" for darknet users who wanted to hide the origins of their virtual currency, according to the Justice Department. Tumbling is the process of using a third-party service or technology to launder bitcoins, while mixing involves breaking the "connection between a bitcoin address sending coins and the addresses that they are sent to," according to a 2016 blog post published by Will Gragido, a security researcher at Digital Shadows.

In February 2020, the Justice Department unsealed a three-count indictment charging Harmon with money laundering conspiracy, operating an unlicensed money transmitting business and conducting money transmission without a license.

On Wednesday, Harmon, 38, pleaded guilty to the money laundering conspiracy charge. He now faces up to a 20-year federal prison sentence and a $500,000 fine, the Justice Department notes. A sentencing date has not been scheduled.

As part of the plea agreement, Harmon will forfeit 4,400 bitcoins that are valued at approximately $200 million, federal prosecutors say.

Darknet Money Laundering Operation

Harmon began his darknet operations in April 2014 by starting a search engine called Grams. A few months later, he admitted to starting the Helix mixing service, which was linked to Grams, according to the Justice Department.

One version of Helix required a Grams account, while a so-called lite version did not, prosecutors note. During this time, Harmon admitted to advertising his mixing and tumbling services through Grams and noted that they would help conceal cryptocurrency transactions from law enforcement agencies.

"A Helix customer was required to send their bitcoins to a bitcoin wallet controlled by Helix. In turn, Helix would transmit bitcoins located in other bitcoin wallets controlled by Helix, which Helix advertised were not linked to darknet activity, to a receiving address designated by the customer," according to court documents. "In practice, this allowed customers to transmit bitcoins to other persons and to other bitcoin addresses without leaving a direct trail of transactions on the public blockchain."

Harmon also admitted he helped launder so-called "dirty" bitcoins in exchange for a transaction fee, federal prosecutors say.

Later, Harmon admitted to developing relationships with darknet and underground marketplaces, such as AlphaBay, which the FBI shut down in 2017, according to court documents. Harmon also developed an API that allowed these darknet markets to directly integrate their platforms with the Helix mixing service.

"Harmon developed an Application Program Interface to allow darknet markets to integrate Helix directly into their bitcoin withdrawal systems, and at least one Darknet market, Cloud 9, successfully integrated Helix using the API," the court documents note.

In 2016, an undercover FBI agent transferred 0.16 bitcoin from an AlphaBay bitcoin wallet to Helix. The Helix service then exchanged the bitcoin for an equivalent amount of bitcoin for a 2.5% transaction fee, according to the court documents.

Harmon later admitted that he started shutting down the Helix operation in December 2017, the court papers note.

FinCEN Fine

In October 2020, the U.S. Treasury Department's Financial Crimes Enforcement Network, or FinCEN, fined Harmon $60 million for violating anti-money laundering laws through both Helix and another mixing site called Coin Ninja, which was in operation from 2017 through 2020 (see: Bitcoin 'Mixer' Fined $60 Million).

Harmon was fined for violating the anti-money laundering provisions of the Bank Secrecy Act and operating an unregistered money services business, according to FinCEN.

It was the first time FinCEN issued civil monetary penalties against the operator of a cryptocurrency site.

Other Investigations

The Justice Department, FBI and Internal Revenue Service have been attempting to clamp down more on illegal cryptocurrency exchanges and other money-laundering services that cybercriminals have used as part of various schemes, including ransomware attacks.

Earlier this month, a pair of Latvian men pleaded guilty to conspiracy charges and admitted they were a part of "QQAAZZ," a European-based money-laundering organization that advertised itself as a "global bank drop service" and provided illegal cash-out and cryptocurrency transactions for cybercriminals since 2016, prosecutors say (see: 2 Plead Guilty in Vast Money Laundering Scheme).

Also this month, Anne Neuberger, the deputy national security adviser for cyber and emerging technology, told the Aspen Security Forum that the Biden administration is looking at know-your-customer and anti-money laundering laws as a way to disrupt cryptocurrency payments that have fueled a rise in the number of ransomware attacks that have targeted U.S. businesses and critical infrastructure (see: Anne Neuberger on Why No Sanctions Issued Against China Yet).


About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the GovInfoSecurity.com media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and DevOps.com.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.