AI translated#Podcast

Mixers, Bridges, and Dusting Attacks: An On-Chain Detective on Crypto Criminals’ Key Mistakes

Joseph Anderson discusses crypto criminals' mistakes and transaction tracking.

16.09.2025 ForkLog

Mixers fail to help fraudsters cover their tracks, as such transactions are monitored by analytical firms. Joseph Anderson, head of investigations at Match Systems, explained the workings of AML firms to ForkLog.

ForkLog (FL): In July 2025, you assisted a Dubai exchange in swiftly recovering $1.3 million. How crucial is speed in such cases?

Joseph Anderson (J.A.): If a situation is left unattended even for a couple of days, it usually ends badly. The person might not have intended to steal so much, but suddenly they have these funds. Initially, they are open to negotiations. Later, they become accustomed to having the money, which becomes a psychological factor. They are then much less willing to return it.

FL: In one instance, you assisted an exchange a year after a hack. How much harder is it to trace funds in such cases?

J.A.: It becomes more difficult with each passing day, really. Everything progresses exponentially. When a hack first occurs, much more can be done in the initial hours than in the following month.

FL: Which countries’ police do you contact for cooperation?

J.A.: Most often, in the client’s country of registration. However, we understand in which countries work will be less effective. Take Russia, for instance. The jurisdiction is quite strong, but there are limitations. Exchanges registered in Europe, Ukraine, or the USA are unlikely to respond to a request from Russia.

FL: If the affected party is from Russia, can you approach the Russian police? Do they have the competencies and knowledge?

J.A.: Yes, they do, actually, as in all police forces worldwide. Russian police indeed have the experience and knowledge.

FL: How does the transaction tracking mechanism work? Do you have special software for this, or is manual processing more effective?

J.A.: It depends on the situation. Most often, we use analytical tools from other providers and our own, as no single provider covers all the needs required.

FL: In which blockchains is it harder to track transactions?

J.A.: Solana is still not supported everywhere. There are blockchains that are not analyzed at all, such as Monero and Dash.

FL: How often do hackers use bridges, and how much do they complicate the tracking process?

J.A.: Bridges are indeed now a foundation for laundering. If someone steals USDT on TRC20, they understand that the tokens can be blocked by Tether. What do they do? The first step is usually to exchange for a non-blockable asset, like TRON. Then, bridges can be used to transfer to another blockchain. After this, the marking typically does not propagate automatically.

FL: How do new technologies, such as ZK protocols or decentralized exchanges without KYC, impact your work?

J.A.: The competition between the piercing spear and the impenetrable shield will always exist. Surveillance tools and evasion tools are developed. Ultimately, the key element is the team rather than the technical solution itself.

FL: What are the top three mistakes criminals make?

J.A.: The first and biggest mistake is attempting to steal from others. The second is gas. Hackers obscure their tracks well but fund transactions from their exchange account. The third involves minor slip-ups. For instance, within a group of hackers, one of them withdraws $200–500 through a local exchange.

FL: Do they launder funds through DEX and token creation?

J.A.: It happens. It all comes down to economics. Transactionally, it is quite expensive. Some are satisfied with costs of 5–7%, but sometimes they reach 20–25%.

FL: There were rumors that the meme-coins LIBRA, MELANIA, TRUMP are backed by a team close to the Trump family, scamming people. How true is this, in your opinion?

J.A.: I’m not ready to say the Trump family is scamming people. As for market makers manipulating the market, that’s definite, and it’s a common practice in launching meme-coins.

FL: Are dusting attacks profitable?

J.A.: About three years ago, this scheme earned around 3800% per month, but much has changed since then. Such attacks are now much less profitable. Competition is higher, complexity is greater. Therefore, only key players are involved in this now.