Combating Illicit Financing: FinCEN's Proposed Rule on CVC Mixing

The Department of the Treasury Financial Crimes Enforcement Network (FinCEN) has issued a notice of proposed rulemaking (NPRM) regarding transactions involving convertible virtual currency (CVC) mixing. 

This practice is often used by illicit foreign actors that threaten the national security of the United States and the U.S. financial system. CVC mixing transactions play a central role in facilitating the laundering of CVC derived from a variety of illicit activity, including money laundering, sanctions evasion, and WMD proliferation by the Democratic People’s Republic of Korea (DPRK or North Korea), Russian-associated ransomware attacks, and illicit darknet markets. 

In June 2023, a massive hack caused Atomic Wallet $35 Million loss due to security breach and then the crypto was laundered through Sinbad.io Mixer. Earlier Sinbad.io and Blender were harnessed by the infamous Lazarus Group to launder stolen funds across multiple blockchain platforms.

The mixer played a pivotal role in obscuring the digital paper trail left behind by the Atomic Wallet breach. As the investigation delved deeper into the transaction history, a prominent money laundering service was unveiled, which had been widely adopted. 

Blender garnered notoriety when it was revealed that North Korea's Lazarus Group employed it as their money-laundering vehicle, allegedly laundering over $100 million worth of purloined cryptocurrency.

Sinbad made its debut in October 2022, coinciding with Blender's shutdown in April of the same year. Notably, Blender and Sinbad share a range of connections to Russia, including similar transaction patterns, funding sources, operational characteristics, website structure, and language support. In the past, hackers had employed Blender to launder millions of dollars, following the Axie Infinity security breach. A cross-chain bridge vulnerability had cost Axie Infinity more than $600 million in March 2022.

The rule would impose recordkeeping and reporting requirements on financial institutions for transactions involving CVC mixing. 

What is CVC Mixing and Why is it Risky?

CVC mixing refers to processing CVC transactions in ways that obscure details like the source, destination, and amounts involved. This is done through methods like:

• Pooling CVC from multiple sources into a common wallet before transferring it out in different amounts.
• Running CVC through a series of temporary wallets to break the clear transaction trail. 
• Leveraging smart contracts or code to coordinate and manipulate transaction structures.
• Exchanging between different CVC types or digital assets.
• Introducing delays between send and receive legs of a transaction.

This effectively "launders" the CVC by severing the link between the original illicit source and the eventual end destination. The in-built pseudonymity of public CVC ledgers makes mixing an attractive option for criminals and sanctioned entities to conceal financial activities.

FinCEN has identified numerous risks associated with widespread use of CVC mixers:

• Obscuring audit trails hampers AML/CFT compliance and suspicious transaction monitoring.
• Anonymity aids money laundering by organized crime groups, terrorists, and rogue nations.
• Ransomware actors routinely use mixers to cash out extorted CVC payouts. 
• Illicit dark web marketplaces promote mixers to mask transactions for illegal goods.
• Nation-state adversaries like North Korea, use CVC mixing to bypass sanctions and process cyber-heist proceeds.

Overall, the opacity created by CVC mixers threatens national security, financial integrity, and effective law enforcement. 

FinCEN's Proposed Rule to Increase Transparency

To address these risks, FinCEN proposes requiring enhanced recordkeeping and reporting by financial institutions under Section 311 of the USA PATRIOT Act, which allows imposing special measures for transactions of primary money laundering concern.

The proposed rule would compel financial institutions to report transaction details to FinCEN within 30 days when they know, suspect, or have reason to suspect that a CVC transaction involves mixing.

Required transaction details include amount, CVC type, mixing service identifier, customer wallet address, date, IP address, and narrative description.

Institutions would also need to collect and report biographical information on associated customers like name, date of birth, physical/email address, tax ID, etc. 

By mandating transparency, this aims to:

• Deter illicit use of CVC mixers by removing anonymity.
• Provide financial intelligence to bolster AML monitoring, investigations, and prosecutions. 
• Close information gaps that currently benefit criminals exploiting mixed CVC trails.

The rule intends to balance transparency goals while minimizing burden on legitimate privacy-seeking CVC users. It would apply only to mixing that occurs cross-border or touches foreign jurisdictions, keeping domestic-only mixing out of scope.

Supporting Law Enforcement Through Blockchain Analysis

To impart transparency into crypto transactions, sophisticated blockchain analysis allows law enforcement agencies with multiple solutions including- demixing services, tracing the flow of funds across complex trails involving mixers and anonymity tools.

By leveraging scraping, heuristics, and statistical modeling, blockchain forensic solutions can:

• Screen transactions against risk profiles of associated wallets, contracts, protocols etc. 
• Uncover linked addresses belonging to a common entity through pattern analysis.
• Reconstruct detailed transaction trails/histories, even when mixers are employed.
• Attribute wallets to real-world entities through off-chain data enrichment.
• Detect anomalous activity indicative of illicit finance risks.

Transaction Screening:

Blockchain forensic solutions can help with transaction screening by investigating

• Whether an address or prospective counterparty was involved in mixing. 
• Whether that address has sanction nexus- mixers like Tornado Cash which has been sanctioned multiple times by SEC and as a result has lost more than 85% of trading volume.
• The traded crypto coming out of a sanctioned mixer (Tornado Cash) and going to an exchange which is KYC compliant.
• Separate investigation to analyze input and output trail

The proposed rule would compel covered financial institutions to attribute a covered transaction to the involved customer(s) and report this information to FinCEN. The collection of the information in question would not create any undue costs or burdens on covered financial institutions, as the information is already available to them. 

The proposed rule would best mitigate the risks associated with CVC mixing, deter illicit actors, facilitate law enforcement investigations into illicit activity, and adequately protect the U.S. financial system from the illicit financial risk posed by CVC transactions that involve CVC mixing, while preserving legitimate actors’ ability to conduct secure and private financial transactions. 

The proposed rule would guard against international money laundering and other financial crimes by increasing transparency in these transactions, and thus render them less attractive to illicit actors while also providing additional information to support law enforcement investigations. 

This additional transparency would enable investigations by law enforcement and regulators to support money laundering investigations, including cases against North Korean and Russian cybercriminals that pose a threat to U.S national security and the U.S. financial system. 

Conclusion

FinCEN has proposed imposing record-keeping and reporting obligations on covered financial institutions under special measure one. Such record-keeping and reporting obligations would require covered financial institutions to report certain information when they know, suspect, or have reason to suspect a CVC transaction involves the use of CVC mixing within or involving a jurisdiction outside the United States. 

FinCEN believes that this special measure is the best available tool to mitigate the risks posed by CVC mixing. It would appropriately collect information, which will discourage the use of CVC mixing by illicit actors, and is necessary to better understand the illicit finance risk posed by CVC mixing and investigate those who seek to use CVC mixing for illicit ends. 

As crypto-native anti-money laundering and fraud specialists, we're committed to making blockchain technology safe for adoption. FinCEN's proposed CVC mixing rule is a key step forward in curbing illicit financial risks, and we look forward to constructively shaping the consultation process. 

Robust blockchain forensics capabilities will be crucial for financial institutions to implement FinCEN's proposed rule on identifying transactions connected to CVC mixing. Our analytics offerings can augment compliance programs with powerful monitoring and investigative tools. Get in touch to learn more about our blockchain forensics technology solutions.