Recherche : [europol.europa.eu]

Europol and partners shut down ‘Cryptomixer’ - EUR 25 million in cryptocurrency seized during the operation https://www.europol.europa.eu/media-press/newsroom/news/europol-and-partners-shut-down-cryptomixer?mtm_campaign=press-releases-just-published-20251201&mtm_source=newsletter&mtm_medium=email&mtm_content=title&mtm_group=news

01/12/2025 11:27:31

| Europol
europol.europa.eu

From 24 to 28 November 2025, Europol supported an action week conducted by law enforcement authorities from Switzerland and Germany in Zurich, Switzerland. The operation focused on taking down the illegal cryptocurrency mixing service ‘Cryptomixer’, which is suspected of facilitating cybercrime and money laundering.

Open in modalOP Olympia - this domain has been seized
Three servers were seized in Switzerland, along with the cryptomixer.io domain. The operation resulted in the confiscation of over 12 terabytes of data and more than EUR 25 million worth of the cryptocurrency Bitcoin. After the illegal service was taken over and shut down, law enforcement placed a seizure banner on the website.

A service to obfuscate the origin of criminal funds
Cryptomixer was a hybrid mixing service accessible via both the clear web and the dark web. It facilitated the obfuscation of criminal funds for ransomware groups, underground economy forums and dark web markets. Its software blocked the traceability of funds on the blockchain, making it the platform of choice for cybercriminals seeking to launder illegal proceeds from a variety of criminal activities, such as drug trafficking, weapons trafficking, ransomware attacks, and payment card fraud. Since its creation in the year 2016, over EUR 1.3 billion in Bitcoin were mixed through the service.

Deposited funds from various users were pooled for a long and randomised period before being redistributed to destination addresses, again at random times. As many digital currencies provide a public ledger of all transactions, mixing services make it difficult to trace specific coins, thus concealing the origin of cryptocurrency.

Mixing services such as Cryptomixer offer their clients anonymity and are often used before criminals redirect their laundered assets to cryptocurrency exchanges. This allows ‘cleaned’ cryptocurrency to be exchanged for other cryptocurrencies or for FIAT currency through cash machines or bank accounts.

Europol’s support
Europol facilitated the exchange of information in the framework of the Joint Cybercrime Action Taskforce (J-CAT), which is hosted at Europol’s headquarters in The Hague, the Netherlands. One of Europol’s priorities is to act as a broker of law enforcement knowledge, providing a hub through which Member States can connect and benefit from one another’s and Europol’s expertise.

Throughout the operation, the agency provided crucial support, including coordinating the involved partners and hosting operational meetings. On the action day, Europol’s cybercrime experts provided on-the-spot support and forensic assistance.

In March 2023, Europol already supported the takedown of the largest mixing service at that time, ‘Chipmixer’.

Participating countries:

Germany: Federal Criminal Police Office (Bundeskriminalamt); Prosecutor General’s Office Frankfurt am Main, Cyber Crime Centre (Generalstaatsanwaltschaft Frankfurt am Main, Zentralstelle zur Bekämpfung der Internet- und Computerkriminalität)
Switzerland: Zurich City Police (Stadtpolizei Zürich); Zurich Cantonal Police (Kantonspolizei Zürich); Public Prosecutor‘s Office Zurich (Staatsanwaltschaft Zürich)

Global operation targets NoName057(16) pro-Russian cybercrime network – The offenders targeted Ukraine and supporting countries, including many EU Member States https://www.europol.europa.eu/media-press/newsroom/news/global-operation-targets-noname05716-pro-russian-cybercrime-network

16/07/2025 22:03:10

europol.europa.eu - Between 14 and 17 July, a joint international operation, known as Eastwood and coordinated by Europol and Eurojust, targeted the cybercrime network NoName057(16). Law enforcement and judicial authorities from Czechia, France, Finland, Germany, Italy, Lithuania, Poland, Spain, Sweden, Switzerland, the Netherlands and the United States took simultaneous actions against offenders and infrastructure belonging to the pro-Russian cybercrime network. The investigation was also supported by ENISA, as well as Belgium, Canada, Estonia, Denmark, Latvia, Romania and Ukraine. The private parties ShadowServer and abuse.ch also assisted in the technical part of the operation.

The actions led to the disruption of an attack-infrastructure consisting of over one hundred computer systems worldwide, while a major part of the group's central server infrastructure was taken offline. Germany issued six warrants for the arrest of offenders living in the Russian Federation. Two of these persons are accused of being the main instigators responsible for the activities of "NoName057(16)". In total, national authorities have issued seven arrest warrants, which are directed, inter alia, against six Russian nationals for their involvement in the NoName057(16) criminal activities. All of the suspects are listed as internationally wanted, and in some cases, their identities are published in media. Five profiles were also published on the EU Most Wanted website.

National authorities have reached out to several hundred of individuals believed to be supporters of the cybercrime network. The messages, shared via a popular messaging application, inform the recipient of the official measures highlighting the criminal liability they bear for their actions pursuant to national legislations. Individuals acting for NoName057(16) are mainly Russian-speaking sympathisers who use automated tools to carry out distributed denial-of-service (DDoS) attacks. Operating without formal leadership or sophisticated technical skills, they are motivated by ideology and rewards.

Liens par page

Filtres