chalabala - Fotolia
The Dutch Fiscal Information and Investigation Service (FIOD), in close cooperation with Europol and the authorities in Luxembourg, France and Latvia, has shut down one of the world’s leading cryptocurrency mixing services, Bestmixer.io.
According to the FIOD, the operation against Bestmixer.io is a significant and important step in the fight against criminal flows of money in general and virtual criminal flows of money in particular.
The year-long investigation by the FIOD with the support of the cyber security company McAfee resulted in the seizure of six servers in the Netherlands and Luxembourg.
Bestmixer.io was one of the three largest mixing services for cryptocurrencies and offered services for mixing the cryptocurrencies bitcoins, bitcoin cash and litecoins. The service started in May 2018 and achieved a turnover of at least $200m in the past year.
Police believe the total turnover of darknet markets to be around $800m a year, and that a large part of the payments via the darknet take place via mixers to launder the criminal funds in the form of cryptocurrency.
The Bestmixer service attracted customers from all over the world, particularly the US, Germany and the Netherlands, by guaranteeing that they would remain anonymous, effectively offering an underground money laundering service.
A cryptocurrency tumbler or cryptocurrency mixing service is a service offered to mix potentially identifiable or “tainted” cryptocurrency funds with others, so as to obscure the trail back to the fund’s original source.
Cyber criminals need mixing services because bitcoin has an open ledger on which every transaction is recorded and when a victim pays a criminal after being extorted with ransomware, the ransom transaction in bitcoin and all additional transactions can then be tracked through the open ledger. This makes following the money a powerful investigative technique for law enforcement if no mixing service is used.
The investigation into all interactions on the Bestmixer platform in the past year found that many of the mixed cryptocurrencies on Bestmixer.io had a criminal origin or destination. In these cases, the mixer was probably used to conceal and launder criminal flows of money.
The information gathered in the investigation, which includes IP-addresses, transaction details, bitcoin addresses and chat messages will be analysed by the FIOD in cooperation with Europol and shared with law enforcement agencies in other countries.
John Fokker, head of cyber investigations at McAfee, said financially motivated cyber criminals and underground market suppliers often use mixing services, such as Bestmixer, to make sure that the criminal origins of their funds remain obfuscated and untraceable by authorities.
“Because of this, mixing services form an important but often overlooked role in the cyber criminal economy. The international takedown of Bestmixer shows that law enforcement is putting a spotlight on services that facilitate cyber crime and are hitting cyber criminals where it hurts the most: their wallets,” said Fokker.
Read more about law enforcement operations
- A criminal network using GozNym malware has been shut down in an international law enforcement operation, but others are still operating, underlining the need for vigilance, warns a security expert.
- Police forces take down two prolific dark web marketplaces in simultaneous global operations supported by Europol.
- Police arrest 20 cyber criminals in connection with a €1m fraud operation across Italy and Romania.