MonoX, BitMart and the Importance of Banning Mixers


In the last week, a number of high-profile hacks have taken place including that of BitMart over the weekend, where the hacker took USD 150 million (USD ~100 million on ETH, USD ~50 million on BSC) and sent 21, 270 ETH (close to USD 92 million) of the whole to a well-known mixing service. In the case of MonoX, a DeFi service taken for USD 31 million on 31st of November, 100 ETH was sent to the same mixer.

Hackers and Mixers: BitMart addresses in green, hacker addresses in red, mixing service shown in black
(Source: Coinfirm’s AML Platform Visualizer Tool)

Legalities of Mixers/Tumblers

Although mixers are not illegal to use in most jurisdictions – to the point that many have official social media accounts and some even issue press releases – law enforcement agencies have begun to take action against those clearly facilitating crypto crimes in recent years, with the call for tighter regulation growing.

In two high profile cases taken down by the DoJ in the US, Bitcoin Fog – run by Roman Sterlingov to launder USD 335 million in Bitcoin over a ten-year period – and Helix – run by Larry Harmon to launder over USD 300 million between 2014 and 2017, crypto mixers/tumblers and their clear link to masking the trail of illicitly-gained funds have come further into the public eye. 

It was clear in the past how US Federal Agency representatives view mixers, with Justice Department Assistant Attorney General Brian Benczkowski stating in the case of Larry Harmon at the time that “This indictment underscores that seeking to obscure virtual currency transactions in this way is a crime.”

And the Biden administration this week published a five-pillar approach on theUNITED STATES STRATEGY ON COUNTERING CORRUPTION’, with the third pillar ‘Holding Corrupt Actors Accountable’, mentioning the creation of a new task force, the National Cryptocurrency Enforcement Team. The task force will be overseeing “crimes committed by virtual currency exchanges, mixing and tumbling services, and money laundering infrastructure actors.”

Compliance Risk of Mixers/Tumblers

In the MonoX hack, Coinfirm’s AML Risk Report C-Score labels the use of mixers as a high-risk activity.

This is because most compliant crypto exchanges do not accept funds that have passed through mixers as it is a high indication of money laundering. As can be seen from Coinfirm’s AML Risk Reports of the MonoX hacker’s ETH address, 8f6a86f3ab015f4d03ddb13abb02710e6d7ab31b, and one of the BitMart hacker’s addresses, 4bb7d80282f5e0616705d7f832acfc59f89f7091, crypto mixers/tumblers are marked with a high-risk indicator flag by Coinfirm’s systems – “Address with a significant part of outgoing transactions in close proximity to mixers or tumblers addresses”.

The Numbers on Mixing

Much like traditional fiat money laundering services, tumblers take a percentage fee, typically 1-3% of the total of coins mixed. Mixing services are also innovative, with some cross-chain mixers available for multiple chains. Unlike traditional money laundering services where obfuscating the path of transactions is done in a manual fashion across numerous bank accounts, crypto mixers use smart contracts to make payments and withdrawals of funds via completely different, seemingly unconnected blockchain addresses.

1% of all blockchain entities (licit and illicit services) in Coinfirm’s database are listed as ‘mixers’. However, Coinfirm has identified that 21.57% of them are actually scams.

Legitimate Reasons to Use Mixers?

Blockchain project developers might want to hide the movements of their personal funds (their token allocations) because they may not wish to spook the market (the current HODLers and potential buyers of that token) with FUD. The developers may wish to sell their team allocation tokens for personal financial reasons, or to for instance use them to inject liquidity into another blockchain project they are working on separately.

On the whole, however, there are many more reasons that cybercriminals might want to use a mixing service than developers legitimately wishing to obfuscate the movements of their private funds. The presence of (currently) legal tumblers in the crypto space breeds a great deal of discussion on the nature of the blockchain being open to the public but also paradoxically the cryptographic nature of the industry’s ability to make certain data points and value paths/transactions private.

Looking to monitor high-risk addresses with funds in-coming from mixers or monitor other illicit crypto activity? Contact Coinfirm today for AML compliance in the economies of tomorrow.