The Data Science team at Clain specializes in uncovering mixing activity, including behavioral changes, new clusters, patterns and new algorithms. Our Machine Learning models allow us to mark and attribute addresses to various mixing services in real-time.
In our last article, we wrote about discrepancies in CWT Ransomware investigation conducted by one of the most recognizable analytics companies, when they failed to recognize BitMix mixer. Today we want to enlighten errors made by another provider.
Cryptsy Theft investigation
Our colleagues successfully noticed funds started to move on March 29 2022. Unfortunately, the conclusion of their investigation is misleading. Cluster (978663406) in the middle is a ChipMixer mixing service. And hackers laundered not just ~80 BTC but a whole 11 324 BTC in 666 transactions from March 29th till April 4th.
With how ChipMixer works, it is impossible to follow UTXO transactions. And after ChipMixer received those coins, it structured them in different “chips” and they were provided to completely different users of ChipMixer. Which makes the whole right side of the chart pretty much useless.
When we previously investigated ChipMixer, we indicated that big deposits create a liquidity crisis. This time is no different, as you can see with the excerpt of funds flow chart of ChipMixer cluster, there is a huge spike in activity on March 29th.
Currently most of the funds are not moving, rest is being used by the perpetrator by sending them to other mixers like WasabiWallet, JoinMarket and Blender that has been included in OFAC list.
Clain’s algorithms work autonomously and do not need to manually label the newly sanctioned addresses in our systems. Or label new “chips” for ChipMixer service.
Compliance teams are empowered to create any kind of rules and amend them in real-time, enabling them to lower false-positive rates and automate more of their detection and investigation procedures.
