This material is intended for educational purposes and is designed to help understand the complex mechanisms of cybercrime in the digital economy. We will cover the topic step by step, drawing on publicly available data from reports by analytical firms (Chainalysis, Elliptic), regulatory agencies (FATF, OFAC), and research (such as Europol). It is important to note that this is not a guide to action, but rather an analysis to raise awareness of risks and countermeasures. Understanding these processes helps cybersecurity, financial, and legal professionals develop effective defense strategies.
Mixers were originally created for legitimate purposes (protecting privacy from surveillance), but ~70–80% of their traffic is from illegal transactions (according to Chainalysis 2024).
Carding is a form of cyber fraud in which attackers steal payment card data (number, CVV, expiration date) and use it for unauthorized purchases. The data is "leaked" through phishing, malware (keyloggers), or database hacks (for example, the Equifax breach of 2017, which compromised 147 million cards).
Connection: Mixers transform "dirty" funds from carding into "clean" ones by integrating into the laundering chain. Without them, carding is risky: exchanges monitor suspicious deposits.
Key trends and the impact of mixers:
These trends are turning carding into an "industry": from card data generation "farms" to darknet ecosystems (Joker's Stash, which closed in 2021, but similar ones are thriving).
A step-by-step breakdown of the process with examples:
Real cases:
Challenges:
Countermeasure technologies:
1. Basic Concepts: What are cryptocurrency mixers and carding?
Cryptocurrency mixers (also known as tumblers or mixers) are tools designed to increase the privacy of blockchain transactions. Blockchain (a distributed ledger) is transparent by default: every transaction is publicly visible, and wallet addresses can be linked to real identities through clustering. Mixers solve this problem by "mixing" funds from multiple users:- How do they work?
- Centralized mixers: A user sends crypto (e.g., BTC) to a service that collects a pool of funds from various sources, mixes them, and returns the "cleaned" coins to a new address. Fees range from 0.5% to 3%. Examples: ChipMixer (closed in 2023), Blender (sanctioned in 2022).
- Decentralized mixers: These operate on smart contracts (e.g., Tornado Cash on Ethereum). Funds are deposited into a pool and withdrawn via delays and random routes. This makes them resistant to blocking.
- CoinJoin: A protocol (in wallets like Wasabi) where multiple users combine transactions into one, masking their origins.
Mixers were originally created for legitimate purposes (protecting privacy from surveillance), but ~70–80% of their traffic is from illegal transactions (according to Chainalysis 2024).
Carding is a form of cyber fraud in which attackers steal payment card data (number, CVV, expiration date) and use it for unauthorized purchases. The data is "leaked" through phishing, malware (keyloggers), or database hacks (for example, the Equifax breach of 2017, which compromised 147 million cards).
- The evolution of carding: Since the 2010s, cryptocurrency has become the "ideal" way to convert stolen funds — fast, pseudonymous, and global. The darknet carding market (forums like Exploit.in) is estimated to be worth $1–2 billion annually (Europol, 2023).
Connection: Mixers transform "dirty" funds from carding into "clean" ones by integrating into the laundering chain. Without them, carding is risky: exchanges monitor suspicious deposits.
2. The Impact of Mixers on Modern Carding Trends
Mixers have strengthened carding, making it more scalable, automated, and law enforcement-resistant. According to the Chainalysis 2024 report, the volume of "dirty" crypto from identity theft (including carding) increased by 25% to $4.5 billion. Trends are evolving under pressure from technology and regulation.Key trends and the impact of mixers:
| Trend | Description | The influence of mixers | Examples and data |
|---|---|---|---|
| Scaling operations | Transition from manual fraud to automated bots (Python scripts for purchasing crypto in the thousands). | Mixers allow for the processing of large volumes without traceability: funds are broken down into microtransactions (peel chains), reducing fees and risks. | In 2023, carders laundered $500 million from stolen cards through mixers (Elliptic). Automation increased revenue by 40%. |
| Hybridization with other crimes | A combination of carding, ransomware, hacking, and Ponzi schemes. Stolen cards are used to buy cryptocurrency, which funds the attacks. | They add layers of obfuscation: mixing + DeFi protocols (Uniswap) for asset swapping. | Lazarus Group (DPRK) integrated carding into the Ronin Bridge hacks ($625 million, 2022), laundering them through mixers. |
| The shift to privacy assets | Preference for Monero/Zcash (built-in mixing) or stablecoins (USDT). | For BTC/ETH, mixers are a "bridge" to privacy; decentralized options are growing by 150% (Tornado Cash processed $1.8 billion in 2024). | 30% of carding traffic is in XMR (Chainalysis); mixers mask the conversion. |
| Globalization and jurisdictional arbitrage | Operations from "gray" zones (Russia, Nigeria, India). | Mixers ignore geo-restrictions, allowing fiat withdrawals via P2P (LocalMonero). | 60% growth in Asia/Africa; Tornado Cash sanctions (2022) accelerated decentralization. |
| Innovation in bypass | Using NFT worlds (Decentraland) or metaverses for "integration". | Mixers + bridges for cross-chain transitions (BTC → ETH). | $200 million from carding in NFT laundering (2023, Dune Analytics). |
These trends are turning carding into an "industry": from card data generation "farms" to darknet ecosystems (Joker's Stash, which closed in 2021, but similar ones are thriving).
3. Integrating Mixers into Money Laundering Schemes: A Closer Look
Laundering follows the FATF model: Placement (introduction of "dirty" funds), Layering (obfuscation), and Integration (return to the legitimate economy). In carding, crypto accelerates the process, and mixers are the heart of layering. The average cycle time is 1–7 days, with an efficiency of 80–95% (according to Elliptic).A step-by-step breakdown of the process with examples:
- Placement (Deposit of funds):
- Carders steal data (via skimmers on websites or dumps on the darknet: $5–50 per card).
- Used to buy crypto: on CEX (Binance, but with KYC risks) or DEX (PancakeSwap). Alternatively: gift cards → crypto on P2P.
- The role of mixers: Minimal here, but immediately after - sending to the "dirty" wallet.
- Example: In the "Infraud" scheme (2018, 40 countries), $530 million from carding was entered as BTC purchases.
- Layering (Blending and Obfuscation):
- The main role of mixers: Funds are divided into 10-100 parts, passing through 2-5 mixers with time-locks. They add "noise" by introducing fake transactions and address changes.
- Integration techniques:
- Multi-level mixing: BTC → mixer1 (Sinbad) → bridge to ETH → mixer2 (Tornado) → Monero.
- DeFi Amplification: Swap to DEX + liquidity pools for mixing.
- Peel chain: Consecutive small pins, leaving "peel" (residue) in the pool.
- Efficiency: Reduces the probability of deanonymization from 70% to 10–20% (analysis through tools like Chainabuse).
- Example: In the PlusToken case (2019, $2 billion), carders mixed funds through 10+ tumblers; Chainalysis only tracked 40%.
- Integration:
- "Clean" crypto is withdrawn: to compliant exchanges (Kraken with KYC) in fiat, invested in stocks/NFTs, or spent on luxury goods (watches, cars) through mules.
- The role of mixers: The final "filter" before output.
- Example: The Russian REvil group (ransomware + carding) laundered $100 million through mixers, integrating them into real estate (FBI, 2021).
Real cases:
- ChipMixer (2023): Processed $3 billion, 50% from carding; arrested in the EU, returned $46 million to authorities.
- Blender.io (2022): $20 million from Lazarus, including carding financing; OFAC sanctions.
- 2025 update: According to the US Treasury (January 2025), Russians laundered $300 million through Sinbad, mixed with carding from the EU.
4. Regulatory measures, challenges, and countermeasures
Regulations:- US: OFAC sanctioned 5+ mixers (Tornado Cash is the first decentralized case, trial 2024–2025). The Crypto-AML Act (2024) requires KYT (Know Your Transaction).
- EU: 6th AMLD (2024) – fines of up to 10% of turnover for VASPs without monitoring.
- Russia/CIS: Roskomnadzor blocks mixers; the Central Bank focuses on P2P.
- Globally: FATF "Travel Rule" (2019+) – data exchange between exchanges.
Challenges:
- Technical: Decentralized mixers (on ZK-proofs) are difficult to block; 200% growth after sanctions.
- Ethics: Privacy (for activists) vs. security; debate in the US Congress (2025).
- Efficiency: Only 20-30% of "dirty" funds are traced (Chainalysis).
Countermeasure technologies:
- Blockchain analytics: Tools like CipherTrace identify patterns (address clusters, velocity checks).
- AI Monitoring: Machine Learning for Anomaly Detection (150% Growth by 2024).
- Collaboration: Interpol's I-24/7 data exchange.
5. Recommendations for education and practice
- For businesses: Implement KYC/AML (services like Elliptic). Monitor high-risk addresses (OFAC lists).
- For users: Use hardware wallets and avoid suspicious P2P. Learn more by taking courses (Coursera: "Blockchain Security").
- For researchers: Explore Chainalysis reports (free online) and simulate circuits on testnets (Ropsten).
