Police Disrupt 'Cryptomixer,' Seize Millions in Crypto TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsApplication SecurityPrompt Injections Loom Large Over ChatGPT's Atlas BrowserPrompt Injections Loom Large Over ChatGPT's Atlas BrowserbyAlexander CulafiNov 26, 20256 Min ReadVulnerabilities & ThreatsCritical Flaw in Oracle Identity Manager Under ExploitationCritical Flaw in Oracle Identity Manager Under ExploitationbyRob WrightNov 24, 20252 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllApplication SecurityLINE Messaging Bugs Open Asian Users to Cyber EspionageLINE Messaging Bugs Open Asian Users to Cyber EspionagebyTara SealsNov 21, 20257 Min ReadEndpoint SecurityChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesbyNate Nelson, Contributing WriterNov 20, 20253 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryCyberattacks & Data BreachesData PrivacyIdentity & Access Management SecurityVulnerabilities & ThreatsNewsPolice Disrupt 'Cryptomixer,' Seize Millions in CryptoMultiple European law enforcement agencies recently disrupted Cryptomixer, a service allegedly used by cybercriminals to launder ill-gotten gains from ransomware and other cyber activities.Alexander Culafi, Senior News Writer, Dark ReadingDecember 1, 20253 Min ReadSource: RobertAx via Alamy Stock PhotoThough many people believe cryptocurrency is untraceable, that, generally speaking, is far from the truth.When cybercriminals obtain cryptocurrency in, say, a ransomware attack, a key step in the process is mixing, or laundering, the crypto. That's not to say all cryptocurrency is mixed for illegal purposes, but it happens often enough that a darknet industry has been built to facilitate swapping cryptocurrencies around to make them harder to detect.There may be one fewer service enabling mixing going forward, as German and Swiss law enforcement conducted an operation over the weekend to disrupt "Cryptomixer," a cryptocurrency mixing service suspected of being used for cybercriminal money laundering. Europol, which announced the takedown on Dec. 1, said in a press release that from Nov. 24 through Nov. 28, the organization supported German and Swiss police during law enforcement action targeting Cryptomixer. Europol noted that it previously supported the takedown of an even larger mixer, "Chipmixer," in 2023.Police seized three servers, the cryptomixer.io domain, more than 12TB of data, and more than 25 million euros in Bitcoin. They then placed a seizure banner on the site. The police action marks only the latest effort to curb cybercriminals in recent years, following high-profile international action targeting groups like LockBit and Cl0p. And not too soon, given the bar for entry to become a cyber threat actor has never been lower. Related:Shai-hulud 2.0 Variant Threatens Cloud EcosystemPouring Concrete Into the CryptomixerAs Europol put it, Cryptomixer "facilitated the obfuscation of criminal funds for ransomware groups, underground economy forums, and Dark Web markets." It did this through proprietary software that aimed to limit how crypto could be traced through the blockchain. Criminals allegedly would use the service to wash profits from drug trafficking, weapons trafficking, ransomware attacks, and payment card fraud. The agency also claimed that since 2016, more than 1.3 billion euros ($1.5 billion) had been mixed through Cryptomixer. "Deposited funds from various users were pooled for a long and randomized period before being redistributed to destination addresses, again at random times," the press release read. "As many digital currencies provide a public ledger of all transactions, mixing services make it difficult to trace specific coins, thus concealing the origin of cryptocurrency. This allows 'cleaned' cryptocurrency to be exchanged for other cryptocurrencies or for FIAT currency through cash machines or bank accounts."Related:Digital Fraud at Industrial Scale: 2025 Wasn't GreatFor the international agency's part, it supported Swiss and German law enforcement through facilitating coordination and information exchange. Europol also helped during action day (which was Nov. 26, according to a press release from German police) with "on-the-spot support and forensic assistance," it said. What the Takedown of Cryptomixer Means for DefendersIt goes almost without saying that even though a major cryptocurrency laundering service may be gone, the ransomware machine keeps chugging along. Ari Redbord, global head of policy at TRM Labs, tells Dark Reading that although cybercriminal behavior continues, disruption efforts like these "absolutely matter.""These actions create real friction for ransomware groups and fraud networks — funds get stuck, familiar laundering routes disappear overnight, and actors are forced to slow down and retool," he says. "It can feel a bit like whack-a-mole, but the whacking does matter — it adds cost, risk, and uncertainty for the moles."Redbord adds that while the volume of ransomware attacks remains at an all-time high, disruption has helped destabilize the ecosystem, leading to major groups fragmenting and experiencing shorter lifespans. In other words, the risk to enterprises has not gone away, and defenders still need to do their ransomware due diligence (protect endpoints, use phishing resistant technology, educate oneself on social engineering tactics, and so on), but the ongoing push and pull is far from meaningless. Related:Advanced Security Isn't Stopping Ancient Phishing TacticsAbout the AuthorAlexander CulafiSenior News Writer, Dark ReadingAlex is an award-winning writer, journalist, and podcast host based in Boston. After cutting his teeth writing for independent gaming publications as a teenager, he graduated from Emerson College in 2016 with a Bachelor of Science in journalism. He has previously been published on VentureFizz, Search Security, Nintendo World Report, and elsewhere. In his spare time, Alex hosts the weekly Nintendo podcast Talk Nintendo Podcast and works on personal writing projects, including two previously self-published science fiction novels.See more from Alexander CulafiMore InsightsIndustry ReportsForrester Wave: for Network Analysis and Visibility Solutions, Q4 2025Gartner Magic Quadrant for Network Detection and Response, 20252025 State of Threat Intelligence: What it means for your cybersecurity strategyGartner Innovation Insight: AI SOC AgentsState of AI and Automation in Threat IntelligenceAccess More ResearchWebinarsIdentity Security in the Agentic AI EraHow AI & Autonomous Patching Eliminate Exposure RisksSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeBlack Hat Middle East & AfricaCybersecurity OperationsAs Gen Z Enters Cybersecurity, Jury Is Out on AI's ImpactAs Gen Z Enters Cybersecurity, Jury Is Out on AI's ImpactbyRobert Lemos, Contributing WriterNov 25, 20254 Min ReadKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeWebinarsIdentity Security in the Agentic AI EraTues, Dec 9, 2025 at 1pm ESTHow AI & Autonomous Patching Eliminate Exposure RisksOn-DemandSecuring the Hybrid Workforce: Challenges and SolutionsTues, Nov 4, 2025 at 1pm ESTCybersecurity Outlook 2026Virtual Event | December 3rd, 2025 | 11:00am - 5:20pm ET | Doors Open at 10:30am ETThreat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesTuesday, Oct 21, 2025 at 1pm ESTMore WebinarsWhite PapersESG Open NDR: A Flexible and Powerful Platform for Detections and Data Across Hybrid EnvironmentsRansomware: The case for Open NDRSecure SAST. Innovate Fast: The future of SaaS and Cloud SecurityWhat Can an AI-Powered AppSec Engineer Do?How Squarespace and Semgrep Scaled Secure Development Across Thousands of ReposExplore More White PapersDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

The takedown of Cryptomixer, a cryptocurrency mixing service, by multiple European law enforcement agencies represents a significant disruption to the operations of cybercriminal networks. Alexander Culafi, writing for Dark Reading in December 2025, details the operation, which resulted in the seizure of three servers, 12 terabytes of data, and approximately 25 million euros in Bitcoin. The operation targeted Cryptomixer, a service facilitating the obfuscation of illicit funds originating from ransomware attacks, Dark Web markets, and other criminal activities.

The agency’s actions highlight the increasing difficulty cybercriminals face in laundering their ill-gotten gains. Cryptomixer, like many mixing services, aimed to disrupt the traceability of cryptocurrency transactions, making it harder to identify the origins of funds. Specifically, the service pooled deposited funds from various users for a randomized period before redistributing them, further complicating the tracking of individual coins. Since 2016, Cryptomixer had allegedly facilitated the mixing of over 1.3 billion euros, demonstrating its widespread use within the criminal underworld. The operation underscores a broader trend – that despite the perceived anonymity of cryptocurrency, law enforcement is increasingly focused on disrupting these laundering operations.

The impact of this disruption extends beyond the immediate seizure of assets. Ari Redbord, global head of policy at TRM Labs, emphasizes that such actions create “friction” for ransomware groups and fraud networks. This friction manifests as stalled funds and disrupted laundering routes, forcing criminal actors to adapt and retool their operations. While ransomware attacks remain a significant threat, the disruption caused by takedowns like this one has destabilized the ecosystem, contributing to fragmentation within criminal networks and shorter lifespans for ransomware groups.

Despite the takedown, defenders still bear the responsibility of maintaining robust cybersecurity practices. Redbord stresses the continued need for proactive measures, such as endpoint protection, phishing resistant technology, and educating personnel about social engineering tactics. However, the disruption created by law enforcement efforts adds a critical layer of complexity to the defensive strategy.

Ultimately, the takedown of Cryptomixer serves as a potent reminder that while cryptocurrency may offer a degree of anonymity, law enforcement agencies are actively pursuing and disrupting these criminal networks. This represents a significant shift in the ongoing battle between cybercriminals and defenders, and underscores the importance of continued vigilance and proactive security measures within organizations.