Darknet News

ChipMixer Seized Along With $46 Million in BTC, Operator Identified

One of the world’s largest and longest-running Bitcoin mixers was taken offline yesterday as US federal investigators cracked the anonymity of its principle operator. Charges related to the operation of ChipMixer were filed by the U.S. Attorney’s Office for the Eastern District of Pennsylvania on Mar. 15th against Vietnamese national Minh Quoc Nguyen, 49, who is believed to have single-handedly run ChipMixer since its 2017 inception.

Nguyen is also thought to have been behind social media accounts by the name ChipMixer on Bitcointalk and Reddit which he used to promote the service.

Servers hosting clearweb and Tor versions of the ChipMixer site were seized with the help of German Federal Criminal Police, EUROPOL, and other Europe-based law enforcement agencies, which resulted in the confiscation of $46 million in BTC stored in private keys held in the site’s back-end. Much of the Bitcoin seized belonged to users who had not yet redeemed their “chips” from the site, which are private keys for addresses containing standardized amounts of mixed BTC.

Also seized was ChipMixer’s GitHub site, along with other clear web URLs thought to be related to ChipMixer. The mixer had only allowed mixes through its Tor site since May 2022.

Takedown notice currently displayed at chipmixer.com.

According to a complaint filed by the FBI, Nguyen used a lengthy series of fictitious and stolen identities to register and fund the clear and dark web servers which he used to host ChipMixer. Co-mingled with these identities were email addresses associated with PayPal and Binance accounts registered under his own identity. Of all the PayPal accounts used to fund internet service providers he employed, the one opened under his name was the only one not registered using information from US-based individuals between the ages of 60 and 70.

Further investigation, involving subpoenas from Google, Apple, Remitano, Namecheap, Digital Ocean and other ISPS, solidified the connection between Nguyen and the various pseudonyms he used to register domains and servers to host ChipMixer. On one Google account that was associated with identity, Nguyen had also performed various searches for how to obtain social security numbers and other personally-identifying information.

The FBI had been tracking coins sent to ChipMixer since October 2021, when it first sent coins of its own and received mixed BTC in the form of “chips.” The total amount of Bitcoin said to have been processed by the mixer through the course of its operation, from Aug 2017 to Mar 2023, was estimated to be approx. 153,672 BTC, according to an unnamed “blockchain tracing and analytics company.” This amount equals around $3 billion at the time of the transactions.

Photo of the ID Nguyen used for Binance KYC, a practice he discouraged when posting under his ChipMixer online persona. Source: US Dept. of Justice

Of this total, ChipMixer is estimated to have received around $185 million from darknet markets and $35 million from fraud shops. Hydra, the former Russian language marketplace, is thought to be responsible for $121 million of this total. Additionally, a total of $17 million came from payments for ransomware operators like Sodinokibi, Mamba, and Suncrypt. By far, the biggest category of illicit funds sent to ChipMixer is from hackers, which are estimated to have funneled $721 million through the mixer.

Even government regimes are said to have utilized ChipMixer to obfuscate the flow of their Bitcoin funds. Such examples include the infamous North Korea-funded Lazarus Group who have been involved in several major cryptocurrency heists through the years, and Russian Intelligence Services, who used the mixer to break blockchain links while financing infrastructure for malware known as “Drovorub.”

Nguyen has been charged with identity theft, money laundering, and operating a money transmitter in the US without a license. He currently remains at large and is wanted by the FBI.

Leave a Reply

Your email address will not be published. Required fields are marked *