ChipMixer Crypto Mixer Shutdown By German & US Authorities

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Mar 17, 2023 02:14 am PST

The European and U.S. authorities recently revealed that ChipMixer, a darknet cryptocurrency “mixing” service, had been taken down in a coordinated international operation. Between 2017 and till date, ChipMixer has been implicated in laundering more than $3 billion in cryptocurrencies for the benefit of, among other things, ransomware, darknet markets, fraud, cryptocurrency heists, and other hacking schemes. 

Users were routed to the ChipMixer service through two domains and one Github account and were legally taken by U.S. federal law enforcement under the direction of joint security agencies. The Bundeskriminalamt of the German Federal Criminal Police took control of the ChipMixer back-end servers and more than $46 million in cryptocurrency.

How ChipMixer Operates And Scams Users

A section of the internet called “the darknet,” which can only be accessed with cutting-edge technologies for improved privacy is where ChipMixer operated. According to German detectives, it started offering its services in the middle of 2017 and took cryptocurrencies that had been “mixed”—most notably bitcoin—to conceal the true nature of its questionable actions.

According to investigators, users’ separate “chips” were pooled while making cryptocurrency payments to conceal the origin of the funds. They went on to state that ChipMixer provided users with complete anonymity.

ChipMixer allowed users to deposit bitcoin, and when they returned to withdraw it, the service organized for the funds to be sent from anonymous user addresses.

As an illustration, when cyber attackers in August 2020 took control of a local government in the United States and demanded $42,500 in exchange for access to their servers, the hackers passed the money through ChipMixer to ensure it could not locate or identify the money’s origins.

By combining funds into a single group, cryptocurrency mixers are used to cover the origins of financial transactions. Nearly 25% of the $7.8 billion that went through a mixer in 2022 was for illegal activities, claims blockchain analytics company Chainalysis.

The site was used to launder an estimated 2.8 billion euros or 154,000 bitcoin. A sizable amount of that originated from darknet markets, illicitly obtained cryptocurrency, ransomware organizations, and other crimes.

In May 2022, the US Department of the Office of Foreign Assets Control of the Treasury sanctioned the virtual currency exchange before turning its attention to Tornado Cash in August.

The FBI claims that ChipMixer handled over $700 million in stolen money, some of which came from robberies committed by North Korea’s Lazarus Group against the cryptocurrency exchanges Ronin Bridge and Horizon Bridge.

Largest Sources Of Funds For ChipMixer 

Authorities claim that one of the major sources of those funds was Hydra Market, a Russian-based marketplace that, until it was shut down by U.S. and German authorities last year, was the most extensive and most established illegal online commerce in the world.

According to the cryptocurrency analytics company Elliptic Enterprises Ltd., the platform was also allegedly used to launder around $46 million of the $370 million in money that was taken from the future bitcoin exchange (FTX) immediately after it filed for bankruptcy in November.

Prosecutors claim that a section of the Russian military intelligence services, which had previously been connected to attempts to sabotage the 2016 U.S. presidential election, was among other frequent users. According to them, it used ChipMixer to conceal and hide money used to buy infrastructure for malware it created and used in assaults in 2020.

Between 2020 and last year, a North Korean military intelligence cell connected to a string of bank and cryptocurrency robberies used the website to launder about $700 million in stolen bitcoin.

The Mastermind Planner And How He Was Taken Down

Authorities claimed that Nguyen created the website, maintained it, and promoted the service in 2017. Nguyen developed and managed ChipMixer’s online infrastructure using various domain names and hosting services registered under fictitious names or identities mainly stolen from Americans in their 60s and 70s.

Documents containing passwords, credit card numbers, driver’s license information, and other identity papers connected to hundreds of victims were found in search warrants for email accounts connected to Nguyen.

The accusations brought against him in a federal court in Philadelphia included counts of money laundering, theft of identity, and running an unlicensed money transfer company. There could be a 40-year prison sentence as a consequence because of this crime. On Wednesday, however, Justice Department authorities reported that Nguyen was not in custody.

It needed to be more specific where he was, and attempts to contact him at the email addresses mentioned in his charging documents were unsuccessful.

Meanwhile, his website has stopped working. A plain banner has taken the place of ChipMixer’s logo under the logos of U.S., German, Swiss, and Polish law enforcement, where it previously appeared alongside claims of its success in concealing transactions from law enforcement.

The prosecutor is in charge of the case’s prosecution Eastern District of Pennsylvania’s U.S. Attorney’s Office. Independent steps were taken today under its authority by German law enforcement. 

Support, in this case, was provided by The National Cryptocurrency Enforcement Team and the Office of Foreign Relations of the Justice Department, the Polish Cyber Police (Centralnego Biura Zwalczania Cyberprzestpczoci), the HSI Cyber Crimes Center, EUROPOL, the FBI’s Legal Attaché in Germany, the HSI office in The Hague, and Zurich State Police (Kantonspolizei Zürich).


It’s crucial for users to take precautions to shield themselves against cryptocurrency fraud. Safeguarding wallet and private keys, only making investments in ventures users fully comprehend, and keeping an eye on any suspicious activity in the wallet app are a few ways users can take precautions against crypto scams.

Users could start with a small sum when sending money for the first time to ensure the program is trustworthy. When updating any app, users should stop the update if they notice any suspicious activity and uninstall the app. Spend some time learning about a specific cryptocurrency’s operation before investing.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x