ChipMixer Seized: Watch Out! They Kept Your Data

Over the past week, the largest Bitcoin mixing service, “ChipMixer” went offline as German Authorities seized their servers. This website seizer comes with a prize for darknet users as investigators gathered access to over 7 terabytes of data. ChipMixer’s admins claimed they don’t keep users’ BTC transaction logs longer than seven days. Included with the seizing of the website, a record sum of 44 Million Euros worth of Bitcoin was confiscated. How did this happen?

ChipMixers Downfall

Users of perhaps the most reputable Bitcoin mixing service trusted by the darknet market around the globe, Chipmixer, were met with a surprise on the 15th of March. Users would see a typical darknet market takedown notice hosted by the BKA of Germany when accessing the website. 

The mixing service responsible for moving an alleged 3 Billion dollars of Bitcoin since its release back in 2017. After a coordinated international takedown by multiple government organisations, they captured a Vietnamese man named  Minh Quốc Nguyễn (49). Nguyễn was the admin and main operator of ChipMixer. 

“Coinciding with the ChipMixer takedown efforts, Minh Quốc Nguyễn, 49, of Hanoi, Vietnam, was charged today in Philadelphia with money laundering, operating an unlicensed money transmitting business and identity theft, connected to the operation of ChipMixer.”

According to a report by the DOJ

This report came with a threat to those using Bitcoin tumbling services and users. 

Today’s announcement demonstrates the FBI’s commitment to dismantling technical infrastructure that enables cyber criminals and nation-state actors to illegally launder cryptocurrency funds. We will not allow cybercriminals to hide behind keyboards or evade the consequences of their illegal actions. Countering cybercrime requires the ultimate level of collaboration between and among all law enforcement partners. The FBI will continue to elevate those partnerships and leverage all available tools to identify, apprehend, and hold accountable these bad actors and put an end to their illicit activity.

FBI Deputy Director Paul Abbate

Among many charges, Nguyễn will face the US court for servicing multiple US citizens without registering with the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) and additionally refusing to collect the proper identifying information from its customers. 

According to BKA agents, the removal of ChipMixer came with benefits, including 7 terabytes of data from its users as well as 44 million euros in the form of Bitcoin (approximately 154 000 Bitcoin). This makes ChipMixer’s the highest seizure of crypto assets by the BKA to date.

ChipMixer Facts

ChipMixer quickly grew to the largest darknet mixing service soon after it’s launch in August 2017. They were popular for obfuscating and laundering funds from multiple criminal schemes. During their time they achieved the following:

• Laundering atleast $17 million in Bitcoin for criminals connected to approximately 37 ransomware strains, including Sodinokibi, Mamba and Suncrypt
• Over $700 million of Bitcoin is tied to stolen funds (Including funds from Axis Infinities Ronin Bridge hack and Harmony’s Horizon Bridge.
• Over $200 million in Bitcoin directly linked to Darknet Markets. Atleast $60 million from Hydra Market (there’s a chance that Hydra admins now run OMG!OMG! Market)
• About $35 million in Bitcoin funds are associated with fraud shops of some sort.

Through the ChipMixer seizure, the FBI has already linked the Russian General Staff Main Intelligence Directorate (GRU) using the site to purchase infrastructure for the Drovorub malware.

It was not due to lack of due diligence that Nguyễn was captured by authorities; although he resided in the US, the servers were hosted in Germany. He registered domains and services using identity theft, pseudonyms, and anonymous email providers. However, Nguyễn has been linked to online forums where he urged users to avoid AML/KYC exchanges and gave instructions for using ChipMixer.

For his crimes, ChipMixer admin Nguyễn is facing a possible maximum penalty of 40 years in prison. At this stage, it is not looking good for the Vietnamese, as the offending Attorney for his case has made his point clear. 

ChipMixer facilitated the laundering of cryptocurrency, specifically Bitcoin, on a vast international scale, abetting nefarious actors and criminals of all kinds in evading detection. Platforms like ChipMixer, which are designed to conceal the sources and destinations of staggering amounts of criminal proceeds, undermine the public’s confidence in cryptocurrencies and blockchain technology. We thank all our partners at home and abroad for their hard work in this case. Together, we cannot and will not allow criminals’ exploitation of technology to threaten our national and economic security.”

U.S. Attorney Jacqueline C. Romero

Participants in the operation and investigation of the darknet-based Bitcoin tumbling platform include: 

• Central Office for Combating Internet Crime (ZIT)
• Federal Criminal Police Office (BKA)
• United States Department of Justice (US DoJ)
• Federal Bureau of Investigation (FBI)
• Homeland Security Investigations (HSI)
• and Europol