While privacy advocates tout cryptocurrency mixers as an important way to protect individual users’ identities, a new report from blockchain intelligence firm Chainalysis says that the largest portion of crypto sent to mixers this year has been from cybercriminals and nation states.

"Illicit addresses account for 23% of funds sent to mixers so far in 2022, up from 12% in 2021," Chainalysis reports.

The firm acknowledges that there are many legitimate reasons to use mixers, such as trading crypto under an oppressive government or anonymizing legal but sensitive transactions.

"However, mixers' core functionality, combined with the fact that they rarely, if ever, ask for KYC [Know Your Customer] information, makes them naturally attractive to cybercriminals," Chainalysis writes.


The tracking firm also says that mixers have received more cryptocurrency in 2022 than ever before.

Cryptocurrency mixers are services that allow users to erase the digital money trail left by most transactions on blockchain networks like Bitcoin and Ethereum. These services make it harder to follow the trail that would be publicly and easily accessible on the blockchain.

As the name implies, mixers—also known as tumblers—pool together cryptocurrency deposited by many users and mix them. Users then receive funds from the obfuscated pool equivalent to what they put in, minus fees.

According to Chainalysis, mixers are classified as money transmitters in the United States under the Bank Secrecy Act (BSA). Money transmitters are required to register with FinCEN and implement an anti-money laundering program. Even so, the firm says it is unaware of any mixers currently following rules related to KYC or AML (Anti-Money Laundering) policies.


U.S. authorities have charged, sanctioned, and fined several mixer operators since 2021.

In August 2021, Larry Harmon, CEO of Bitcoin mixer Helix, pleaded guilty to money laundering charges for allegedly laundering 354,468 Bitcoin, around $300 million at the time. Harmon, who also operated the Coin Ninja mixing service, was fined $60 million.

In April, the U.S. Justice Department announced that it had cooperated with German law enforcement to seize Russian darknet site Hydra's servers and sanctioned the site.

In May, The U.S. Treasury Department's Office of Foreign Assets Control issued sanctions against a cryptocurrency mixing service, Blender.io, with links to North Korea, in what the Treasury calls a first-of-its-kind action. According to the agency, at least $21 million of the $622 million stolen in the Axie Infinity Ronin bridge hack was sent to Blender.

Last month, cybercriminals sent $36 million in stolen Ethereum from Harmony Protocol's Horizon bridge to the Tornado Cash mixing service. That same month, Chainalysis launched a 24-hour incident response program to assist those targeted by hackers and ransomware.

Chainalysis says the funds going to mixers comes primarily from centralized exchanges, DeFi protocols, and addresses connected to illicit activity linked to sanctioned countries, darknet markets, and hackers, such as the North Korean Lazarus Group.

But mixers may soon become obsolete—or so Chainalysis claims, as the firm "continues to refine" its ability to de-mix certain transactions and see the original source of funds.


Stay on top of crypto news, get daily updates in your inbox.