Law Enforcement Shuts Down ‘Cryptomixer’ Service Linked To Cybercrime and Money Laundering

Law enforcement authorities from Switzerland and Germany, with Europol’s backing, dismantled the notorious cryptocurrency mixing service Cryptomixer during an action week from November 24 to 28, 2025, in Zurich.

Officers seized three servers hosting the service, along with the cryptomixer.io domain.

They confiscated over 12 terabytes of operational data likely including transaction logs, user wallets, and mixing algorithms and more than €25 million in Bitcoin.

After taking control, authorities shut down the platform. They displayed a seizure banner on the website to notify users and deter access.

This operation targeted a key tool in the cybercrime ecosystem, where mixers like Cryptomixer obscure blockchain trails to enable money laundering.

A Service To Obfuscate Criminal Funds

Cryptomixer operated as a hybrid mixing service, accessible via both the clear web (standard browsers) and the dark web (Tor-hidden services), broadening its appeal to cybercriminals.

It pooled Bitcoin deposits from multiple users into a central wallet, held them for randomized periods often hours to days to break temporal links, then redistributed equivalent amounts to fresh destination addresses at irregular intervals.

This tumbler technique exploited Bitcoin’s public ledger, the blockchain, where every transaction is visible but ownership is pseudonymous; by shuffling coins through high-volume pools, it severed traceability via standard forensic methods like address clustering or transaction graph analysis.

Launched in 2016, Cryptomixer processed over €1.3 billion in Bitcoin, serving ransomware operators (e.g., LockBit affiliates), dark web markets (e.g., fraud shops), underground forums, and traffickers in drugs, weapons, and stolen cards.

Clients paid fees of 1-3% per mix, gaining “clean” coins for off-ramping to exchanges like Binance or Kraken, then converting to fiat via ATMs or banks.

Blockchain explorers like Chainalysis or Elliptic often flagged such services. However, Cryptomixer’s randomization and time delays evaded many heuristics until law enforcement infiltration.

Europol’s Coordination and Global Impact

Europol anchored the effort through its Joint Cybercrime Action Taskforce (J-CAT) in The Hague, exchanging intelligence on mixer traffic patterns and seized wallet forensics.

The agency hosted planning meetings, coordinated partners, and deployed cybercrime specialists for on-site analysis during the action day decoding server data and tracing hot wallets.

The German Federal Criminal Police (BKA) and Frankfurt’s Cyber Crime Centre led the digital takedown.

At the same time, the Zurich City and Cantonal Police executed seizures alongside the Public Prosecutor’s Office.

Eurojust handled legal coordination, and EMPACT the EU’s platform against organized crime provided strategic alignment.

This mirrors Europol’s 2023 Chipmixer bust, the dark web’s then-largest laundromat (Europol details).

Such disruptions raise mixer risks, pushing criminals toward decentralized alternatives like CoinJoin, but highlight blockchain forensics’ growing edge in threat hunting.