red 
Cryptocurrency blockchains have an incredible degree of transparency that in many ways makes them an ideal asset for compliance and risk management.
Because transactions in Bitcoin and other cryptoassets are recorded on immutable public ledgers, they offer deep insight into the flow of funds between users – enabling analysts and investigators to identify and act against risks associated with money laundering, fraud, terrorist financing and sanctions. Compliance teams and law enforcement agencies now routinely rely on blockchain analytics capabilities that leverage this transactional transparency to provide insight into illicit financial risks and take action where they suspect financial crime.
However, a number of innovators have developed privacy-enhancing solutions – such as cryptoasset mixers – that can thwart blockchain’s inherent traceability. While mixers and other privacy protocols have numerous legitimate uses, they are also often used by illegal actors to disguise their activity.
It is critical that compliance teams at cryptoasset service providers and financial institutions understand the risks associated with mixing services, and in particular the increasing risks associated with sanctions compliance, so that they can take steps to respond to relevant regulatory expectations.
A key red flag for ML/TF
Mixers have existed for most of the history of cryptoassets. Early adopters of Bitcoin and other digital assets realized that their transactions could be tracked on the blockchain and that the solutions were a must for anyone who wanted more privacy.
Mixers solve this by consolidating cryptocurrencies of different owners and redistributing funds to different users to break the link between the original source of the funds and their destination. The result is that blockchain traceability is impaired and privacy is enhanced.
Users of cryptoassets may have legitimate reasons to want greater confidentiality than that inherently afforded by the blockchain – for example if they receive a salary in Bitcoin, or when handling digital assets in inheritance or other legal proceedings.
However, criminal users of cryptoassets are aware of the obscuring benefits of mixing and other similar services. Illegal actors – such as cybercriminals and dark web marketplace sellers – will often move their funds through commingling services before exchanging them for US dollars or other fiat currencies at a cryptoasset exchange or financial institution. By moving funds through the mixer, a criminal can delete the connection to the illegal source of their cryptocurrencies before transacting with a regulated business.
In some cases, mixing service operators have knowingly facilitated illegal transfers. Helix Mixer was a service that many dark web market sellers used to launder the proceeds of crime.
Agencies weigh in
The US Treasury’s Financial Crimes Enforcement Network (FinCEN) indicated that Helix was used to launder as much as $300 million worth of bitcoins on behalf of illegal actors. In August 2021, Larry Dean Harmon – the creator of the Helix mixer – pleaded guilty to money laundering charges for intentionally mixing bitcoins on behalf of criminals, and US law enforcement shut down Helix.
Criminals have also recently attempted to launder funds through services such as Wasabi Wallet, or so-called privacy wallets that use a decentralized form of commingling to obfuscate users’ bitcoins. Money laundering through Wasabi Wallet has featured in high-profile criminal cases, such as the July 2020 theft of Bitcoins from Twitter users around the world.
While mixers and privacy wallet services manage to crack the trail of funds on the blockchain, compliance teams and investigators can still gain insight into their use. This is because it is still possible to see on the blockchain where funds are sent to or from the mixing service.
The link between the ultimate source and destination may be broken, but when a regulated business’s compliance team identifies that its clients are sending funds or receiving funds from mixers or privacy wallets, then they can treat this as a red flag.
Issuing instructions
Anti-money laundering and countering the financing of terrorism (AML/CFT) watchdogs have issued guidance stating that they expect regulated businesses to consider the use of mixers as a red flag. This should encourage consideration of enhanced due diligence and suspicious activity reporting (SAR) where warranted.
The Financial Action Task Force (FATF) has also published indicators of suspicion for virtual assets, which include warnings about the risks associated with mixing services. Regulators such as FinCEN and others have issued guidance indicating that regulated firms should have effective arrangements for identifying and managing the risks associated with these services.
Where regulated businesses identify the use of mixers and services such as Wasabi Wallet, they can provide information to law enforcement that can help identify illegal activity. In the July 2020 Twitter hack, analysis of related transactions helped identify and arrest the perpetrators within 16 days of the cybercrime incident.
The challenge of sanctions
Transactions involving mixers and privacy-enhancing services also have increasing implications for sanctions compliance.
In May 2022, the US Treasury’s Office of Foreign Assets Control (OFAC) imposed sanctions on Blender, a blending service used by North Korean cybercriminals to launder bitcoins they stole from hacking activity.
Blender went out of business at the time of the OFAC sanctions, but Elliptic’s research suggests that Mixer has been reconstituted as another mixer service known as Sinbad. Blockchain analysis suggests that North Korea has laundered as much as $100 million worth of cyber-thefted bitcoins through the sinbad mixer since October.
In August 2022, OFAC also sanctioned Tornado Cash, a mixer used to improve privacy on Ethereum and other blockchains. OFAC’s sanctions in that case were also prompted by the involvement of North Korea, which laundered more than $500 million in cybercrime-acquired cryptocurrencies through Tornado Cash.
Since the time of those sanctions, North Korea has also sought alternative services to Tornado Cash to launder crypto assets. In January 2023, North Korean cybercriminals laundered more than $58 million through Railgun, another Ethereum-based cloaking service.
These cases demonstrate that compliance teams must be alert to the risks of sanctions when they identify their clients transacting with mixers and must be able to block transactions with mixers such as Blender and Tornado Cash that appear on the OFAC list.
Managing the compliance challenge
There are three key steps that compliance teams can take to address the risks associated with blending and other related services.
First, compliance professionals should familiarize themselves with the typologies of financial crime involving mixers and should receive training to learn how to recognize and respond to the presence of mixers in crypto transactions.
Second, compliance teams should understand the specific regulatory requirements and expectations related to identifying transactions with mixers. This includes both AML and sanctions related requirements, as well as being aware of any notices and warnings that their regulatory bodies may have issued.
Finally, compliance teams should implement block analysis solutions that can enable the identification of crypto wallets and transactions involving mixers and other obfuscating services, ensuring they can take appropriate steps to mitigate risk.
Mixing services can obscure the trail of assets on the blockchain, but compliance teams don’t have to be left in the dark. By taking these practical steps, they can successfully address the risks.
Originally published by Thomson Reuters © Thomson Reuters.
Sanctions Compliance Regulation
