Whether rightly or wrongly, crypto mixers have become synonymous with money laundering. What can crypto firms do to protect themselves, their customers, and the crypto community from the growing threat of fraud?
The term “cryptocurrency tumbler” (also known as crypto mixer) has seen a 5000% increase in Google searches over the past five years. If search queries are anything to go by, it’s easy to see why: there appears to be confusion over how they work, if they are truly private, and whether they’re even legal.
Interest in crypto mixers has also appeared to have spread from industry insiders to the wider crypto community, including those looking for ways to hide their blockchain transactions.
No longer a niche subsection of an obscure industry, crypto tumblers pose a legitimate concern for the crypto community, because they are now, rightly or wrongly, heavily associated with money laundering.
We investigate the dangers associated with crypto tumblers and how crypto firms can reduce the risks of money laundering, meet regulatory challenges, and prevent fraud.
What are the threats associated with crypto mixers?
Far from how they’re currently perceived, crypto tumblers were originally created to offer heightened privacy for legitimate blockchain transactions.
There are two main types of crypto mixers:
- Centralized mixers – rely on a third party to complete the mixing
- Decentralized mixers – rely on protocols like smart contracts
Without coin mixing, the transparent nature of the blockchain makes it hard for firms to make truly secure investments, or for high-profile individuals to keep their wealth private. However, with coin mixing, users can operate in a completely confidential nature.
These features are also the main reasons why crypto mixers have become synonymous with money laundering. Several fraud cases and cyberattacks over the past few years have shown the part that tumbling plays, and the very real threat it poses to the integrity of a cryptocurrency exchange.
The 3 main problems with crypto mixers.
The most dangerous threats associated with crypto mixers include money laundering, regulatory risks and fraud.
Money laundering.
The largest risk associated with crypto mixers is money laundering, and it’s only growing bigger. In fact, data shows that between 2021 and 2022, crypto laundering grew by approximately 70%. There are typically two ways that crypto mixers are used to launder money. The first is through “cleaning” coins gained from illegitimate sources, such as pharming or ransomware attacks. The second is by funding criminal activity with clean coins, as the mixer can obscure and anonymise the transaction end point.
The dangers to crypto firms are clear.
“Firms must be able to verify whether their users and coins have been involved in suspicious transactions or sanctioned mixers. Without this information, exchanges could unknowingly be funding criminal activity, such as online cyberattacks or real-world terrorist financing,” said Jason.
ChipMixer, a type of crypto mixer that exchanged old coins for new coins, was responsible for laundering over $850 million, which could be directly linked to illicit activities. International authorities from Europe and the US were concerned over the mixer for flouting regulations and facilitating money laundering. The founder of the platform even wrote, “Money laundering’ is a crime made-up by governments that spy on their citizens”. ChipMixer was officially seized and stopped trading in March 2023.
Regulatory risks.
One of the major problems of crypto mixers is the blurred lines in which the crypto community operates – exasperated by the relatively infant stage of crypto regulation compared to traditional financial services.
While firms await rules outlined in MiCA and the UK’s proposed crypto regulatory regime to come into force (expected in 2024), crypto firms that wish to operate in the UK, for example, must register with the Financial Conduct Authority, and therefore comply with Anti-Money Laundering Directives that capture rules to combat money laundering and terrorist financing. Only firms with appropriate Know Your Customer (KYC) processes, source of funds checks, and proof of funds checks, can be registered to ensure no illicit money is coming through the system.
Forward-thinking risk managers should ensure their organization meets compliance measures if it is serious about preventing money laundering.
This is particularly important for attracting high-value customers as exchanges that can demonstrate they follow regulatory guidelines, and are able to plug operational vulnerabilities, provide reassurance to third parties and customers.
Compliance with regulations not only protects firms from sanctions, but can also attract new customers if they feel satisfied that due diligence has been carried out.
In August 2022, the Office of Foreign Assets Control (OFAC) sanctioned TornadoCash, a popular coin mixer.
The crime? Facilitating suspicious transactions, involving stolen funds.
But the real kicker is that some TornadoCash transactions could be traced and linked to groups in North Korea, a country with international sanctions including:
- Freezing of financial assets
- Travel bans
- Trading restrictions
As such, users of this mixer put TornadoCash in direct breach of global regulations, and OFAC deemed it the responsibility of the service provider to maintain compliance.
Although industry leaders weren’t in agreement (remember that Coinbase lawsuit?) regulators have made it clear that persecuting the service providers, rather than the individuals, is preferential. Plus, due to the incredibly private nature of mixers, it’s virtually impossible to go after the users themselves. Still, someone must be held accountable.
Fraud.
The opaque nature of crypto tumblers facilitate a perfectly murky breeding ground for fraudsters to operate. And as the industry continues to grow at breakneck speed, fraudsters are evolving at a similar rate.
Crypto mixers lack the common identity verification tools that financial institutions are required to perform, including:
- Know Your Customer checks
- Ultimate Beneficial Ownership checks
- Real-time authentication for transactions
In fact, many crypto mixers operate without any kind of user monitoring, which means even users who rely on the services for legitimate reasons could be subject to cyberattacks, as there’s no authentication for the user when they make a transaction.
Imagine a crypto mixer user receives a phishing email and clicks on a malicious link. It’s likely they will be redirected to a fake website and be asked to input their credentials. In a matter of seconds, the fraudster has successfully captured the user’s log-in information. From there, all it takes is for the fraudster to re-type the credentials they’ve just gathered into the real site, launder the user’s coins and disappear with the funds.
Although 60% of business leaders consider fraud awareness training the best approach for minimizing fraud, it should be paired with other tools in order to create a robust shield. Crypto fraud prevention requires both initial customer identity verification, and ongoing transaction monitoring. The doubled-down effort approach not only ensures that the account holder is who they claim to be, but that if any bad actors get into the account during the meantime, they will be blocked from making transactions.
How to manage risks in crypto?
Risk assessments should be the first point of call for any business operating in a highly-regulated industry. To help combat the threat of money laundering, crypto firms can implement:
Wallet screening tools.
Wallet screening tools are an integral part of maintaining wallet hygiene. They allow exchanges to identify the owners of wallets, as well as the source and destination of funds.
However, where crypto mixers are involved, transactions can be obscured and it’s harder to trace the entire transaction history.
Therefore, it’s important to ensure that any wallet screening tool can identify tainted coins, and that this data is used to inform on the risk factors of wallet owners. By leveraging enhanced wallet screening, exchanges can benefit from full transparency over customer wallets, and reduce their risk of enabling money laundering.
KYC and identity checks.
By implementing a robust KYC and identity verification process for your crypto firm, you can rest assured that you know who your customers are, while complying with regulations like AML, MiCA and PVID.
Some KYC and identity verification platforms, however, are simply not fit for purpose.
“When crypto mixers are involved, digital verification becomes more difficult. This is why IDnow’s identity verification services combine video verification with external database checks, risk factor analysis and behavioral analysis. With global ID specialists on-hand for clarification, our clients benefit from AI models and real human verification,” added Jason.
Putting the KYC into crypto.
KYC processes are an integral part in ensuring crypto exchanges can protect themselves and their customers from fraud and money laundering, even amid an evolving crypto regulatory landscape. Having these controls in place will protect investors from financial losses and add stability to a notoriously volatile market.
IDnow’s highly configurable identity verification solutions work across multiple regulations, industries and use cases, including crypto. Whether automated or expert-assisted, our online identity-proofing methods have been optimized to meet the strictest security standards and regulatory requirements without compromising on customer conversion or consumer experience.
By
Jody Houton
Senior Content Manager at IDnow
Connect with Jody on LinkedIn