Crypto Basics

Crypto Mixers and AML Compliance

What is a crypto mixer?

A crypto mixer is a service that blends the cryptocurrencies of many users together to obfuscate the origins and owners of the funds. Because Bitcoin, Ethereum, and most other public blockchains are transparent, this level of privacy is otherwise hard to achieve.

Why are crypto mixers used?

Financial privacy

Many use mixers out of a preference or need for privacy. Financial privacy is important, especially to those who live under oppressive regimes or who wish to make legal transactions anonymously.

Money laundering

A small percentage of crypto mixer users are cybercriminals. These criminals use mixers to obscure the connection between the crypto wallets they use to collect their illicit profits and the crypto wallets from which they transfer their funds to crypto-to-fiat exchanges. In this way, they aim to avoid triggering anti-money laundering alerts.

In July, we found that almost 10% of all cryptocurrencies held by illicit entities have been laundered through a mixer in 2022.

By comparison, only 0.3% of cryptocurrencies exposed to gray-area entities like gambling sites and high-risk exchanges have been mixed. This statistic falls to just 0.1% for cryptocurrencies exposed to regulated entities like centralized exchanges.

How crypto mixers work 

Mixers collect, pool and pseudo-randomly shuffle the cryptocurrencies deposited by many users. Later, the funds are withdrawn to new addresses under the control of each user, minus a small service fee.

Most mixers make the deposited funds more difficult to track by letting users schedule their withdrawals in randomized amounts at randomized intervals. Others try to obfuscate the fact that a mixer is even being used; they typically do so by varying the transaction fee and the withdrawal address type.

The different types of crypto mixers

Most mixers fall under one of the following three categories, with the latter categories being the most novel and autonomous.

Centralized custodial mixers

Centralized custodial mixers, which emerged as early as 2011, temporarily take ownership of users’ funds and are typically run by a single operator. Because this type of mixing service is both centralized and custodial, users face additional privacy risks. They are also often a target of law enforcement, as financial enforcement agencies treat them as unregistered money services businesses. 

CoinJoins

A CoinJoin is a type of mixer commonly built into privacy wallets — meaning cryptocurrency wallets that pitch themselves on increased privacy — that combine users’ coins with the coins of multiple other users in a single transaction. Users often repeat this process multiple times. 

Unlike centralized mixers, CoinJoins are non-custodial, meaning they never actually hold users’ funds.

Smart contract mixers

Like CoinJoins, smart contract mixers are non-custodial. But unlike CoinJoins, smart contract mixers don’t combine users’ funds in just one transaction. Instead, the user sends their funds to the mixer, receives a cryptographic note proving that they are the depositor, and then, whenever they’d like, sends the mixer that note to withdraw the funds to a new address. In the meantime, the cryptocurrencies are tumbled in a number of different ways.

Smart contract mixers often work with service providers called relayers, which can provide the ether necessary to pay the gas fees on mixer withdrawal transactions. This ensures that the user can withdraw their funds to new addresses with no transaction histories or connections to other services. 

Are crypto mixers legal?

Despite their use by criminals, crypto mixers are not explicitly illegal in most jurisdictions. Whether they are compliant, however, is a different question. 

In the United States, the Financial Crimes Enforcement Network (FinCEN) has confirmed that individuals and centralized businesses offering custodial mixing services must register as money transmitters under the Bank Secrecy Act (BSA), and have three key obligations:

  1. register with FinCEN,
  2. maintain an anti-money laundering and know-your-customer compliance program, and
  3. meet all applicable reporting and record-keeping requirements.

We aren’t aware of any custodial mixers currently following these rules. And given that privacy preservation is the main reason that many users interact with crypto mixers, it seems unlikely that one could implement these procedures and still retain their users.

Sanctions also matter for mixers. All mixers that want to do business in the U.S. must take measures to ensure they don’t do business with sanctioned entities. And, as we’ll cover below, even non-custodial smart contract-based mixers not covered by the BSA can be subject to sanctions designations, provided of course they aren’t based in the U.S. 

Enforcement actions against crypto mixers

Server seizures

In May 2019, the Dutch Fiscal Information and Investigation Service (FIOD), in close cooperation with Europol and authorities in Luxembourg, seized six servers controlled by the Bitcoin, Bitcoin Cash and Litecoin mixer Bestmixer.io.

Criminal charges

In April 2021, the Department of Justice (DOJ) arrested and charged the operator of Bitcoin Fog with money laundering, operating an unlicensed money transmitting business, and money transmission without a license.

In August 2021, the operator of the Bitcoin mixer Helix pleaded guilty to money laundering conspiracy and agreed to the forfeiture of more than 4,400 bitcoin, valued at more than $200 million at the time.

Sanctions designations

In May 2022, the U.S. Treasury’s Office of Foreign Assets Control (OFAC) issued its first-ever sanctions on a crypto mixer, Blender.io, for its role in laundering funds stolen by North Korea in the hack of Ronin Bridge, a DeFi protocol linked to Axie Infinity.

In August 2022, OFAC sanctioned the most popular Ethereum mixer, Tornado Cash, for its role in laundering funds stolen by North Korean-linked hackers in the attacks on the Ronin and Harmony bridges.

Civil penalties

In October 2020, FinCEN penalized the operator of the Bitcoin mixers Helix and Coin Ninja $60 million dollar civil money penalty for operating two unregistered money services businesses (MSB).

How Chainalysis can help

Our blockchain forensics product, Chainalysis Reactor, has the most extensive mixer coverage and analytics tooling in the industry. Financial privacy is valuable, but so is consumer safety: our data shows that some 25% of mixed funds come from illicit addresses, and cybercriminals associated with hostile governments have mixed some of the largest sums. It’s therefore important that stakeholders in the public and private sectors work together to address these risks – and use best-in-class data to inform their decisions.

To that end, Chainalysis’s cryptocurrency compliance software, blockchain forensics tools, and government solutions teams are ready to help. 

This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.