Article Details

Europol nukes Cryptomixer laundering hub, seizing €25M in Bitcoin. Operation Olympia pulls Swiss servers offline and scoops up 12TB of data in latest crime infrastructure crackdown. Law enforcement agencies in Germany and Switzerland have shut down cryptocurrency laundering platform Cryptomixer in Europe's latest pushback against cybercrime infrastructure. The Europol-led Operation Olympia took place over November 24-28 and saw authorities seize three Swiss servers and the cryptomixer.io domain. In doing so, officials also swiped 12 terabytes of data and more than €25 million ($29 million) in Bitcoin. Cryptocurrency mixing services allow users to pool their tokens together and have them redistributed to their owners.  Everyone receives the same amount they originally put in, minus the platform's fee, but they all get each other's tokens instead of the ones they originally acquired, legitimately or not. While it does not completely hamper law enforcement efforts to track crypto across blockchains, mixed tokens are considerably more difficult to trace, which is why these services are so popular. Crypto mixers make it much harder for law enforcement to link specific crypto tokens to specific purchases/crimes and individuals. Criminals from ransomware crooks to dark web drug dealers therefore frequently use these services to conceal the source of their illicit gains. Europol's Operation Olympia takes down cryptomixer.io Europol says that since launching in 2016, Cryptomixer has laundered more than €1.3 billion ($1.5 billion) for users. The takedown of Cryptomixer follows similar operations targeting not just cybercrime gangs themselves, but the infrastructure on which they rely. The most recent was the takedown of the Rhadamanthys infostealer, a leader in the malware category that so often provides ransomware affiliates with the credentials needed to gain initial access to victims' networks. Before that, it was the Lumma infostealer, although some say this may not have had the desired effect, and another weapon in law enforcement's arsenal is to call on their governments to sanction entities they can't shut down themselves. So-called bulletproof hosting providers, which provide servers and other infrastructure ostensibly unreachable by police, are commonly used by ransomware crews and their ilk to protect their leak sites and affiliate platforms from takeover attempts. Most of these providers are based in jurisdictions over which law enforcement has no power, so sanctions become the tool of choice, criminalizing any person or organization that does business with them. Authorities in AUKUS countries sanctioned Media Land in November, a bulletproof hoster allegedly used by LockBit, as well as Zservers earlier in the year, while the US handled the sanctions for Aeza Group in July.