US sanctions Bitcoin laundering service used by North Korean hackers

The U.S. Department of Treasury today sanctioned cryptocurrency mixer Blender.io used last month by the North Korean-backed Lazarus hacking group to launder funds stolen from Axie Infinity's Ronin bridge.

In the wake of the attack, Sky Mavis (the bridge's creator) revealed that hackers breached the Ronin bridge on March 23 to steal 173,600 Ethereum and 25.5M USDC tokens in two transactions worth $617 million at the time, the largest cryptocurrency hack in history.

The previous most significant theft of cryptocurrency was the $611 million Poly Network hack in August 2021.

The FBI linked the Lazarus hackers to the incident in April and sanctioned the 0x098B716B8Aaf21512996dC57EB0615e2383E2f96 address that received the stolen funds.

Today, the Treasury's Office of Foreign Assets Control (OFAC) said Lazarus used the Blender.io virtual currency mixer to launder over $20.5 million of the illicit proceeds.

"Blender has helped transfer more than $500 million worth of Bitcoin since its creation in 2017," OFAC said.

"OFAC's investigation also identified Blender's facilitation of money-laundering for, among others, Russian-linked malign ransomware groups including Trickbot, Conti, Ryuk, Sodinokibi, and Gandcrab."

Blender.io is not the first cryptomixing service sanctioned by the U.S., with the Financial Crimes Enforcement Network (FinCEN) issuing the first-ever penalty against the Helix and Coin Ninja mixer services in October 2020.

Lazarus was also sanctioned in September 2019 for funneling financial assets they stole in cyberattacks to the North Korean government.

In April, CISA, the FBI, and U.S. Treasury warned in a joint advisory that the hacking group is targeting cryptocurrency and blockchain companies with trojanized cryptocurrency apps.

Last year, in another joint advisory, they shared info on malicious and fake crypto-trading applications injected with AppleJeus malware used by Lazarus to steal cryptocurrency from individuals and companies worldwide.

A confidential United Nations report from 2019 revealed that the North Korean hackers stole an estimated $2 billion in at least 35 cyberattacks against banks and crypto exchanges across more than a dozen countries.

"The virtual currency mixers that assist criminals are a threat to U.S. national security interests," OFAC added.

"Treasury will continue to investigate the use of mixers for illicit purposes and consider the range of authorities Treasury has to respond to illicit financing risks in the virtual currency ecosystem."