Crypto mining as a tool to bolster money laundering capabilities extends beyond nation states actors, holding special appeal to conventional criminals, according to a new report by blockchain forensic firm Chainalysis.

Sanctioned nation-states such as Iran have reportedly resorted to crypto mining as a means to accumulate capital outside the conventional financial system. In a recent development, cybersecurity company Mandiant also revealed how the Lazarus Group, the infamous North Korean hacking syndicate, has been using pilfered cryptocurrencies such as Bitcoin to obtain newly-mined crypto through hashing rental and cloud mining services.

To put it simply, cyber criminals use stolen crypto to mine “clean” coins and launder them through various services.


These services, according to Chainalysis, include an unnamed “mainstream exchange” that was identified as receiving “substantial funds” from both mining pools and wallets associated with ransomware activities.

One such identified deposit address has received as much as $94.2 million, with $19.1 million originating from ransomware addresses and $14.1 million coming from mining pools.

What Chainalysis, however, noted is that in some cases the ransomware wallet in question was sending funds to a mining pool—“both directly and via intermediaries.”

“This may represent a sophisticated attempt at money laundering, in which the ransomware actor funnels funds to its preferred exchange via the mining pool in order to avoid triggering compliance alarms at the exchange,” the report read.

Chainalysis also claims that the “abuse of mining pools by ransomware actors may be rising” — referring to its data, the firm said that “since the start of 2018, we’ve seen a large, steady increase in value sent from ransomware wallets to mining pools.”


Mining pools and ransomware addresses have collectively transferred cryptocurrency worth at least $1 million to a total of 372 exchange deposit addresses, said Chainalysis.

The firm believes that instances like this suggest that ransomware actors are attempting to make their ill-gotten funds appear as proceeds from crypto mining activities.

Since the start of 2018, these exchange deposit addresses have received a total of $158.3 million from ransomware addresses said Chainalysis, while stressing that “this figure is likely an underestimate.”

In another notable example of cybercriminals turning to mining pools, Chainalysis points to BitClub, the infamous crypto Ponzi scheme that lured thousands of investors between 2014 and 2019 with false promises of Bitcoin mining operations that would pay out enormous returns.

According to the firm, BitClub Network transferred millions of dollars worth of Bitcoin to wallets linked to “underground money laundering services” believed to be located in Russia. Subsequently, over the course of three years, those money laundering wallets transferred Bitcoin to deposit addresses at two widely recognized exchanges.

During the same timeframe, between October 2021 and August 2022, an unnamed Bitcoin mining operation based in Russia also transferred millions of dollars worth of Bitcoin to the very same deposit addresses at both exchanges.

BTC-e exposed

One of the wallets alleged to be associated with the money launderers also received funds from BTC-e, the crypto exchange accused by the U.S. government of facilitating money laundering and operating an unlicensed money service business.


BTC-e was also allegedly involved in the handling of funds stolen from Mt. Gox, the largest Bitcoin exchange back in the early 2010s.

As a result of these allegations, BTC-e was seized by U.S. authorities in July 2017, its website was taken down, and its founder, Alexander Vinnik, was arrested in Greece in July 2017.

"We believe it’s possible that the money launderers in this case purposely mingled funds from BitClub and BTC-e with those gained from mining in order to make it look like all of the funds sent to the two exchanges came from mining," said Chainalysis.

According to the firm, “deposit addresses fitting that profile have received just under $1.1 billion worth of cryptocurrency from scam-related addresses since 2018.”

Chainalysis asserts that one crucial solution to “ensure that mining, which is a core functionality of Bitcoin and many other blockchains, isn’t compromised,” is for mining pools and hashing services to implement rigorous wallet screening procedures, including Know Your Customer (KYC) protocols.

The firm also insists that by utilizing blockchain analysis and other available tools to verify the source of funds and rejecting cryptocurrencies originating from illicit addresses, these screening measures can effectively prevent bad actors from exploiting mining as a means of money laundering.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.