Bitcoin mixing is one of the preferred methods criminals use to cash-out dirty crypto’s. As many criminal entrepreneurs leverage crypto currencies in transacting with ‘customers’ – from online drug trade to bullet-proof hosting and ransomware – services providing bitcoin mixing are an integral part of a wide range of criminal business models.
These professional facilitators are of crucial importance for both cybercriminals and for the effective fight against financial cybercrime. That is, they lower the knowledge threshold for aspiring criminals and make services available that would otherwise be inaccessible – in this case, a money laundering service provider for crypto currencies: a bitcoin mixer. Yet, taking down that same bitcoin mixer could not only disrupt a wide range of criminal activities, but also enable data-driven follow-up investigations. In 2019, the Financial Advanced Cyber Team (FACT) of the Dutch Fiscal Information and Investigation Service (FIOD) took down the prominent service ‘BestMixer.io’ following an extensive investigation. Thereafter, seized and wiretapped data was analyzed to further investigate the internal workings of the mixer.
In this talk, we will present the first results of our analysis. We paint a comprehensive picture that will help you understand how BestMixer operated under the hood, the volume of coins mixed and customers serviced, the typical BestMixer customer, and where (dirty) crypto’s originated from as well where they were going. Last, we will touch upon the implications of our findings for demixing and the attribution processes.