DOJ charges Ohio resident with laundering more than $300 million through Darknet-based cryptocurrency ‘mixer’

The Skinny:

  • DOJ arrests Ohio resident for allegedly laundering more than $300 million.
  • Investigators say Larry Harmon laundered the money through Helix, a Darknet-based cryptocurrency laundering service, also referred to as “mixing” and “tumbling.” 
  • The indictment is just the latest move by DOJ in broader efforts by investigators and regulators to find where illicit funds are entering the real and virtual worlds.

By Brian Monroe
bmonroe@acfcs.org
February 17, 2020

Federal investigators have arrested an Ohio resident for allegedly laundering more than $300 million through his operation of Helix, a Darknet-based cryptocurrency laundering service, an illicit scheme also referred to as “mixing” and “tumbling.” 

The U.S. Department of Justice (DOJ) in the three-count indictment unsealed Feb. 11 in the District of Columbia, charged Larry Harmon, 36, of Akron, Ohio, with money laundering conspiracy, operating an unlicensed money transmitting business and conducting money transmission without a D.C. license – just the latest move in broader efforts by investigators and regulators to find where illicit funds are entering the real and virtual worlds.

In recent years, the U.S. has partnered with a bevy of international partners to take down many of the world’s largest darknet markets along with following the money to related crypto exchanges – some that openly flouted global anti-money laundering (AML) best practices.

According to the indictment, Harmon operated Helix from 2014 to 2017. Helix functioned as a bitcoin “mixer” or “tumbler,” allowing customers, for a fee, to send bitcoin to designated recipients in a manner that was designed to conceal the source or owner of the bitcoin. 

Helix was linked to and associated with “Grams,” a Darknet search engine also run by Harmon, who advertised Helix to customers on the Darknet as a way to conceal transactions from law enforcement.

Mixing it up with ‘mixer’ sites

U.S and international allies have made a concerted effort in recent years to find and crush the virtual world’s mega laundering hubs.

In May 2019, European authorities took down what they called one of the world’s largest cryptocurrency mixing services, a virtual money laundering machine used to muddy the trail of $200 million in transactions to make it harder for investigators to track criminally-tinged digital assets – a historic move sending a message to dark web denizens everywhere.

Europol, the Dutch Fiscal Information and Investigation Service (FIOD) and authorities in Luxembourg attacked Bestmixer.io in the real and online worlds after a nearly year-long investigation, seizing six servers in the Netherlands and Luxembourg and taking the site itself offline.

Europol described Bestmixer as “one of the world’s leading cryptocurrency mixing services,” and one of the three largest mixing services for cryptocurrencies overall, offering services for mixing bitcoins, bitcoin cash and litecoins.

The company even released a whimsical animated YouTube video with nearly 10,000 views detailing how mixing services work and the best way to ensure transactional anonymity, a roughly three-minute movie that is still up.

The service started in May 2018 and achieved a turnover of at least $200 million, roughly 27,000 bitcoins, in a year’s time and “guaranteed that the customers would remain anonymous,” according to investigators.

Dark markets spur demand for clean crypto coins

A cryptocurrency “tumbler or cryptocurrency mixing service is a service offered to mix potentially identifiable or ‘tainted’ cryptocurrency funds and pool them with others, so as to obscure the trail back to the fund’s original source,” according to Europol, adding that users pay fees for the service, which they then receive as funds from a seemingly new, clean address.  

Such a feature is a boon to criminals, fraudsters and scammers trying to force victims to pay ransoms in crypto coins while attempting to stymie law enforcement efforts to uncover their nefarious ties to the physical world through typically transparent blockchains.

Investigators say Helix moved more than 350,000 bitcoin – valued at more than $300 million at the time of the transactions – on behalf of customers, with the largest volume coming from Darknet markets. 

Helix partnered with the Darknet market AlphaBay to provide bitcoin laundering services for AlphaBay customers. AlphaBay was one of the largest Darknet marketplaces in operation at the time that it was seized by law enforcement in July 2017, (via DOJ).

Bitcoin laundering graphic via McAfee.

Monroe’s Musings: What the story doesn’t highlight is that the crypto industry’s most infamous darknet marketplace remains Silk Road, which launched in February 2011 before being shut down by the authorities in October 2013.

Its founder Ross Ulbricht — aka “Dread Pirate Roberts”  — was arrested and sentenced to life in prison in 2015, convicted of money laundering and aiding in the distribution of drugs, computer hacking and fraud, among other charges.

In 2017, U.S. authorities shuttered the major darkweb marketplace Alphabay, through which vendors had purportedly hawked fentanyl, heroin, weapons, malware and a series of Bitcoin-related heists. – the partner group tied to Helix.

A decade ago, a criminal jumping borders into the real or virtual worlds could stymie investigators, who saw authority or ability wane in these scenarios.

But groups within the U.S. Department of Justice, IRS-Criminal Investigations Division and other federal investigative agencies have cut their teeth building knowledge and capacity to better investigate darknet sites, virtual exchanges and uncover the flesh-and-blood identities or seemingly invincible virtual avatars – as was evidenced by the recent takedowns of goliath darknet sites.

This story makes it clear that U.S. investigators and international allies are still following the money tied to those and other darknet markets to find the mega-laundering hubs in virtual worlds.

This story also puts more pressure on brick-and-mortar banks the world over because these institutions are the physical nexus where users must deposit or take out money going or coming through cryptocurrency exchanges that could have touched this tainted mixing site.