Swiss and German authorities have shut down Cryptomixer, a cryptocurrency mixing service they say was used to conceal illicit bitcoin flows tied to ransomware groups and darknet markets.

The coordinated operation in Zurich ran from 24 to 28 November, with Europol providing forensic support and partner coordination.

Investigators seized three servers, the cryptomixer.io domain, more than 12 terabytes of data and Bitcoins worth over €25 million. Germany’s federal criminal police office said Cryptomixer, launched in 2016, had grown into “one of the largest bitcoin mixers” with “billions of euros in revenues, most of which were gained from criminal activities,” according to a statement.

Europol described Cryptomixer as a hybrid service accessible on the clear web and dark web that pooled deposits and redistributed them randomly over long settlement windows to obfuscate the origin of funds. “Its software blocked the traceability of funds on the blockchain,” the agency said, adding the platform was widely used by ransomware groups, underground forums and dark web markets. Since its creation, “over €1.3 billion in Bitcoin were mixed through the service,” Europol said in its announcement.

Following the takedown, law enforcement placed a seizure banner on the website. The Zurich-led action also confiscated more than €25 million worth of bitcoin, a figure reiterated by both Europol and German authorities. The BKA said the findings “will also contribute to the investigation of further cybercrimes,” noting involvement from Europol and agencies of the European Union and the United States.

The long settlement windows and randomised distribution patterns offered by Cryptomixer made it a preferred tool for hiding proceeds from drug trafficking, weapons sales, ransomware attacks and payment-card fraud. The actions echo similar law-enforcement takedowns of mixers such as Tornado Cash, which has faced sanctions and prosecution for enabling large volumes of illicit flows, while the 2023 ChipMixer operation saw the service dismantled with Europol support.

Europol said it facilitated information exchange through the Joint Cybercrime Action Taskforce hosted in The Hague, and provided on-the-spot cybercrime expertise and forensic assistance during the action day. Participating entities included Germany’s federal criminal police office and prosecutor general’s office in Frankfurt, and Switzerland’s Zurich City Police, Zurich Cantonal Police and the public prosecutor’s office in Zurich.

Cryptomixing services break the onchain trail by pooling and redistributing coins, allowing tainted assets to be sent to exchanges and converted into other cryptocurrencies or fiat. Europol’s seizure of servers and data in Zurich marks the latest effort by European authorities to curtail services designed to anonymise criminal proceeds at scale.

---