German and US authorities, supported by Europol, have targeted ChipMixer, a cryptocurrency mixer well-known in the cybercriminal underworld.

The investigation was also supported by Belgium, Poland, and Switzerland. On 15 March, national authorities took down the infrastructure of the platform for its alleged involvement in money laundering activities and seized four servers, about 1909.4 Bitcoins in 55 transactions (approx. EUR 44.2 million), and 7 TB of data. 


ChipMixer, an unlicensed cryptocurrency mixer set up in mid-2017, specialized in mixing or cutting trails related to virtual currency assets. The ChipMixer software blocked the blockchain trail of the funds, making it attractive for cybercriminals looking to launder illegal proceeds from criminal activities such as drug trafficking, weapons trafficking, ransomware attacks, and payment card fraud. Deposited funds would be turned into “chips” (small tokens with equivalent value), which were then mixed together – thereby anonymizing all trails to where the initial funds originated. 

A service available both on the clear and on the dark web, ChipMixer offered full anonymity to their clients. This type of service is often used before criminals’ laundered crypto assets are redirected to cryptocurrency exchanges, some of which are also in the service of organized crime. At the end of the process, the ‘cleaned’ crypto canOne Of The Darkweb’s Largest Cryptocurrency Laundromats Washed Out easily be exchanged into other cryptocurrencies or directly into FIAT currency through ATM or bank accounts. 

Buy Me A Coffee
On-Site Medical Service Provider Exposes Nearly 150,000 Records Online

EUR 2.73 billion in crypto assets laundered with “chips”

The investigation into the criminal service suggests that the platform may have facilitated the laundering of 152 000 Bitcoins (worth roughly EUR 2.73 billion in current estimations) in crypto assets. A large share of this is connected to dark web markets, ransomware groups, illicit goods trafficking, procurement of child sexual exploitation material, and stolen crypto assets. Information obtained after the takedown of the Hydra Market dark web platform uncovered transactions in the equivalent of millions of euros. 

Ransomware actors such as Zeppelin, SunCrypt, Mamba, Dharma or Lockbit have also used this service to launder ransom payments they have received. Authorities are also investigating the possibility that some of the crypto assets stolen after the bankruptcy of a large crypto exchange in 2022 were laundered via ChipMixer. 

Europol facilitated the information exchange between national authorities and supported the coordination of the operation. Europol also provided analytical support linking available data to various criminal cases within and outside the EU, and supported the investigation through operational analysis, crypto tracing, and forensic analysis. The Joint Cybercrime Action Taskforce (J-CAT) at Europol also supported the operation. This standing operational team consists of cybercrime liaison officers from different countries who work on high-profile cybercrime investigations.

National authorities involved:

  • Belgium: Federal police (Police Fédérale/Federale Politie)
  • Germany: Federal Criminal Police Office (Bundeskriminalamt) and General Prosecutors Office Frankfurt-Main (Generalstaatsanwaltschaft Frankfurt/Main, Zentralstelle zur Bekämpfung der Internetkriminalität)
  • Poland: Central Cybercrime Bureau (Centralne Biuro Zwalczania Cyberprzestępczości)
  • Switzerland: Cantonal Police of Zurich (Kantonspolizei Zürich)
  • USA – Federal Bureau of Investigation, Homeland Security Investigation, Department of Justice
Vietnamese Hackers Fuelling WhatsApp e-challan Scam in India: Report