Mixer usage sees all-time high thanks to nation-affiliated cybercriminals

admin July 16, 2022

0 2 minutes read

According to a recent report by Chainalysis, cryptocurrency mixer usage reached a record high in 2022, thanks to significant contributions from sanctioned entities and cybercriminals with known state affiliations. report..

The numbers show that the value received by the mixer reached a record $ 51.8 million on April 19, 2022.

A 30-day moving average of the daily values received by the mixer (via chain analysis)

The values obtained by the mixer fluctuate significantly from day to day, so the report considered a 30-day moving average.

The mixer aims to disconnect cryptocurrencies from the depositor. They work by pooling all deposited funds together and redistributing them randomly. Criminals often provide a second wallet address as the recipient, paying a small service fee to separate the stolen amount from the stolen wallet address.

Why is it so popular?

Mixers have been increasing quarterly since the first quarter of 2020.

Values received by the mixer for each source (via linkage analysis)

Based on the data, the main reason behind the increase in volume seems to be an increase in the share of centralized exchanges and DeFi protocols.

However, the rate of illegal activity is the greatest contributor to reaching the highest amount ever. The percentage of the amount entering the mixer from the criminal’s address was 23% in 2022, up from 12% in 2021.

Illegal activity accounts for the highest percentage

The mixer was developed to provide additional privacy in cryptocurrency trading. However, they have also become a major tool for cryptocurrency laundering.

Share of funds sent to mixers by address type (via Chainalysis)

According to the numbers, almost 10% of all money sent to the mixer comes from illegal addresses, while less than 0.3% are legal.

A scrutiny of 10% of illegal volume contributors reveals sanctioned entities and stolen funds as the top two categories.

Sanctioned entity

The graph below clearly shows that the amount entering the mixer from the wallet of the licensed entity increased significantly, especially in the second quarter of 2022.

Quarterly values sent to the mixer from illegal addresses by category (via chain analysis)

The report also looked at the mixer platforms used by these authorized entities. As a result, Russia-based darknet market Hydra has become the most used platform, accounting for more than half (50.4%) of all funding that goes into mixers from licensed entities. It became clear.

Lazarus Group and Blender.io, affiliated with the North Korean government, have become the second and third platforms used by licensed entities, respectively.

Stolen funds

The report then examines the contributors in more detail under the category of stolen funds.

Bad ciphers received by the mixer by the source (via Chainalysis)

As a result, it became clear that cybercriminal organizations with known state affiliations are the major contributors to this category.

Since 2018, we can see that Russia-based cybercriminal groups have contributed significantly to this category. However, North Korea seems to have improved in the region and surpassed Russia’s control.