Dutch Police Seize Bitcoin Tumbler "Bestmixer.io"


The Dutch Fiscal Information and Investigation Service (FIOD), in close cooperation with Europol and the authorities in Luxembourg, clamped down on one of the world’s leading cryptocurrency mixing service Bestmixer.io.

BestMixer.io Seizer Banner

Europol Press Release

Initiated back in June 2018 by the FIOD with the support of the internet security company McAfee, this investigation resulted in the seizure of six servers in the Netherlands and Luxembourg.

ONE OF THE LARGEST MIXING SERVICES

Bestmixer.io was one of the three largest mixing services for cryptocurrencies and offered services for mixing the cryptocurrencies bitcoins, bitcoin cash and litecoins. The service started in May 2018 and achieved a turnover of at least $200 million (approx. 27,000 bitcoins) in a year’s time and guaranteed that the customers would remain anonymous.

NATURE OF THE SERVICE

A cryptocurrency tumbler or cryptocurrency mixing service is a service offered to mix potentially identifiable or ‘tainted’ cryptocurrency funds with others, so as to obscure the trail back to the fund’s original source.

The investigation so far into this case has shown that many of the mixed cryptocurrencies on Bestmixer.io had a criminal origin or destination. In these cases, the mixer was probably used to conceal and launder criminal flows of money.

FOLLOW-UP

The Dutch FIOD has gathered information on all the interactions on this platform in the past year. This includes IP-addresses, transaction details, bitcoin addresses and chat messages. This information will now be analysed by the FIOD in cooperation with Europol and intelligence packages will be shared with other countries

Source: Europol


McAfee’s Role in the Investigation

A much overlooked but essential part in financially motivated (cyber)crime is making sure that the origins of criminal funds are obfuscated or made to appear legitimate, a process known as money laundering. ’Cleaning’ money in this way allows the criminal to spend their loot with less chance of being caught. In the physical world, for instance, criminals move large sums of cash into offshore accounts and create shell companies to obfuscate the origins of their funds. In the cyber underground where Bitcoin is the equivalent of cash money, it works a bit differently. As Bitcoin has an open ledger on which every transaction is recorded, it makes it a bit more challenging to obfuscate funds.

When a victim pays a criminal after being extorted with ransomware, the ransom transaction in Bitcoin and all additional transactions can then be tracked through the open ledger. This makes following the money a powerful investigative technique, but criminals have come up with an inventive method to make tracking more difficult; a mixing service.

A mixing service will cut up a sum of Bitcoins into hundreds of smaller transactions and mixes different transactions from other sources for obfuscation and will pump out the input amount, minus a fee, to a certain output address. Mixing Bitcoins that are obtained legally is not a crime but, other than the mathematical exercise, there no real benefit to it.

The legality changes when a mixing service advertises itself as a success method to avoid various anti-money laundering policies via anonymity. This is actively offering a money laundering service.

Bestmixer.io

Last year advertisements for new mixing service called Bestmixer.io appeared on several Crypto currency related websites.

Judging by the article It sounded like it offered a service that could be considered money laundering or aid tax evasion.

Bestmixer’s frontpage

Nature of the service

Bestmixer offered a very clear page on why someone should mix their cryptocurrency. On this page Bestmixer described the current anti-money laundering policies and how its service could help evade these policies by making funds anonymous and untraceable. Offering such a service is considered illegal in many countries.

Bestmixer’s explanation page, “why someone should mix bitcoins”.

A closer inspection of the Bestmixer site revealed that its website was hosted in the Netherlands. McAfee ATR contacted the Financial Advanced Cyber Team (FACT) of the Dutch anti-Fraud Agency (FIOD) of Bestmixer.io’s location. FACT is a team that is specialized in investigating the financial component of (cyber)crime. A yearlong International investigation led to the takedown of Bestmixer’s infrastructure today.

Source: McAfee Blog


FIOD Announcement

On 22 May the FIOD and the Public Prosecution Service took one of the largest online mixers for cryptocurrencies offline, named Bestmixer.io. This operation deals a severe blow to the concealment of criminal flows of money by mixing cryptocurrencies such as bitcoins.

Six operational servers have been dismantled and seized in the Netherlands and Luxembourg.

The investigation was conducted in close cooperation with the Dutch Digital Intrusion Team (DIGIT), Europol and the authorities in Luxembourg, France and Latvia. In June 2018 the Financial Advanced Cyber Team (FACT) of the FIOD started the investigation under the supervision of the National Public Prosecutor’s Office for Serious Fraud and Environmental Crime and Asset Confiscation. The reason for the investigation was a report from cyber security company McAfee.

The investigation gathered information regarding transactions between customers and Bestmixer.io. The customers are located all over the world, especially in the US, Germany and the Netherlands. The FIOD will analyse the information together with Europol. After that the data will be shared with other countries.

Mixing cryptocurrencies

On the anonymous part of the Internet, the darknet, cryptocurrencies are a regular means of payment and are often used as means of payment in the criminal world.

A crypto mixing service is an online service that makes it possible to conceal the origin or destination of cryptocurrencies. This service is used to split up cryptocurrencies against payment of a commission, after which they are mixed together in a different combination.

People who use a mixing service probably do so to increase their anonymity. The investigation so far shows that many of the mixed cryptocurrencies have a criminal origin or destination. In these cases the mixer was probably used to conceal and launder criminal flows of money.

The total turnover of darknet markets amounts to approx. $800 million per year. It is believed that a large part of the payments via the darknet take place via mixers in order to launder the criminal (crypto) money.

One of the three largest mixing services

Bestmixer.io is one of the three largest mixing services for cryptocurrencies and offered services for mixing the cryptocurrencies bitcoins, bitcoin cash and litecoins. The service started in May 2018 and achieved a turnover of at least $200 million (approx. 25,000 bitcoins) in a year’s time and guaranteed that the customers would remain anonymous.

The operation against Bestmixer.io is a significant and important step in the fight against criminal flows of money in general and virtual criminal flows of money in particular.

Source: FIOD


DeepDotWeb’s Connection to Bestmixer.io

After Coinmixer.se shutdown in early 2018, DeepDotWeb replaced the Coinmixer advertisement for an advertisement for Bestmixer.io. Although no official has commented on a connection between the two from an investigative angle, Bestmixer.io likely landed on law enforcement’s radar due to the very advertisement they had paid Deepdot to host on DeepDotWeb.

DeepDotweb Advertising Bestmixer.io