On February 21, the cryptocurrency exchange Bybit suffered a loss of $1.46 billion due to a breach of its cold Ethereum wallet. The attack was orchestrated by the hacker group Lazarus Group, which employs cross-chain bridges and coin mixing services for laundering funds. The hackers primarily utilized THORChain to exchange Ethereum for Bitcoin.
Together with the team at Mixer.Money, we examine how this incident might affect the reputation of Bitcoin mixers and what steps can be taken to minimize the risk of potential blockages.
Crime and Privacy
The use of cross-chain bridges and Bitcoin mixers is not inherently criminal. However, like any financial tools, these services can attract criminals, especially when they need to launder large sums, as evidenced by the record volume of THORChain swaps last week.
“This means that exchanges will scrutinize and block CoinJoin transactions or those associated with non-KYC services more rigorously. As a result, ordinary users who employ cross-chain solutions, as well as centralized and decentralized mixers for anonymizing their transfers, may be affected,” comment Mixer.Money.
They note that increased scrutiny should not overshadow the primary goal of mixing — protecting user privacy.
In practice, hackers will continue to use any available tools for laundering, and there is little that can be done about it. Their main objective is to quickly blend stolen assets with those of regular users to complicate tracking and recovery.
Avoiding Blockages
To mitigate the risk of blockages, the Mixer.Money team advises against using CoinJoin — a Bitcoin transaction anonymization algorithm that mixes bitcoins from multiple users, then divides them into equal parts and sends them to recipients.
Service representatives acknowledge that exchanges might automatically block accounts receiving funds processed through CoinJoin.
“Now is not the best time to experiment with CoinJoin. Exchanges are trying to identify and freeze large amounts of stolen funds, so using such services will attract attention and arouse suspicion. Subsequently, you will have to explain why you conducted such transactions,” warn experts.
To ensure anonymity on the blockchain and avoid blockages, they recommend using services capable of concealing the passage of coins through transaction anonymization solutions.
For instance, Mixer.Money mixes coins in three modes: “Mixer,” “Exact Payment,” and “Full Anonymity.” The “Mixer” mode provides basic anonymity — protecting against manual transaction analysis, but not against advanced on-chain analytics.
In the “Full Anonymity” and “Exact Payment” modes, Mixer.Money sends users bitcoins obtained directly from major exchanges and with the corresponding status.
“Your coins pass through a pre-mixer, are split into random parts, and sent to investors. Then you receive funds from other trading platforms to two addresses.”
On-chain analysis services can only track Bitcoin withdrawal transactions from an exchange to a wallet. The involvement of major trading platforms reduces the risk of receiving coins of dubious origin. Additionally, Mixer.Money randomly selects the timing and ratio of transaction amounts to complicate the determination of links between operations based on timestamps.
Conclusions
According to Bybit CEO Ben Zhou, as of March 4, hackers have managed to convert 83% of the stolen Ethereum (ETH) into Bitcoins. In the near future, they will “clean” the funds through mixing services, OTC— and P2P platforms. Consequently, exchanges and exchangers will be particularly vigilant in scrutinizing transactions related to CoinJoin and platforms without KYC.
To minimize the risk of blockages, ordinary users can maintain anonymity in the Bitcoin network by using services like Mixer.Money, which cannot be identified through on-chain analytics.