The closure of Cryptomixer.io: what it means for AML in crypto fintech

In late November 2025, Swiss and German authorities- working with Eurojust and supported operationally by Europol- dismantled Cryptomixer.io, described as a major bitcoin “mixing” service used to conceal the trail of illicit crypto transfers. Authorities seized the service’s domain and infrastructure, over 12 TB of data, and more than €25 million in cryptoassets. 

How Cryptomixer.io operated and why it was shut down- AML analysis

From an AML perspective, the mechanics matter. Eurojust explains that the service facilitated laundering by pooling users’ deposited funds for a prolonged and randomised period, then redistributing them to destination addresses at random times. The effect is to make it materially harder to trace specific coins and to obscure provenance on public blockchains.

Eurojust also highlights the endgame: once criminals receive “cleaned” crypto, they can exchange it for other cryptoassets or cash, or introduce value into the traditional financial system, including via bank accounts.

The enforcement action was explicitly cross-border. Eurojust notes that a Joint Investigation Team (JIT) was established to enable real-time exchange of information and evidence. The action week ran from 24 to 28 November 2025, during which three servers, the domain, data, and cryptoassets were seized; the service was then taken down and replaced with a seizure banner.

The significance of the Cryptomixer.io case for the crypto market and the AML obligations of fintech companies

This case is not just about operators of anonymisation services. It signals that law enforcement now treats mixing infrastructure as a key enabler of money laundering and cybercrime, and that seized datasets may drive follow-on investigations into users and intermediaries.

Reuters reports that the seized findings are expected to support additional investigations into other cybercrimes, and also notes the service’s alleged role in concealing proceeds from illegal activity.

For exchanges, brokers, wallet providers and other CASPs, the practical takeaway is straightforward: you need to know whether your controls detect and appropriately handle exposure to “mixed” flows.

Practical AML conclusions for fintechs handling crypto assets

1. Set a clear policy stance on mixers and obfuscation tools. Define when exposure triggers EDD, refusal, restriction, account termination, or FIU reporting.
2. Tune transaction monitoring for “layering” patterns commonly associated with mixing. Focus on dispersion/re-aggregation, temporal randomness, multiple hops, high-risk address clusters and known obfuscation typologies.
3. Operationalise blockchain analytics. Indicators must translate into documented decisions: alert triage, investigation steps, escalation, and (where appropriate) STR filing.
4. Ensure travel rule readiness under TFR. If you transfer to/from other CASPs or interact with self-hosted wallets, data capture, verification and retention must be engineered and auditable under 2023/1113 and EBA guidelines.
5. Treat ICT resilience as part of compliance, not a separate workstream. Enforcement operations target infrastructure; weak ICT governance can quickly become a regulatory problem. DORA requires evidence-based ICT risk management and testing discipline.

Do you manage a company operating in the crypto market?

Check whether your AML procedures are ready for the real risks associated with mixers and flow anonymization. We will help you assess your exposure, adapt your policies to TFR/AMLR/MiCA, and implement DORA compliance. Contact the Dudkowiak & Putyra team for expert support.