US Officials Add North Korea-Linked Bitcoin Mixer, More BTC and ETH Addresses to Sanctions List

The U.S. Treasury Department is ramping up efforts to ice the flow of stolen crypto from a historic $620 million hack.

AccessTimeIconMay 6, 2022 at 1:08 p.m. UTC
Updated May 11, 2023 at 3:47 p.m. UTC

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Blender.io, a North Korea-linked crypto mixing service that obfuscates the origin and destination of bitcoin transactions on Friday, and added bitcoin and ether addresses to its blacklist.

In adding Blender.io, ether (ETH) and bitcoin (BTC) addresses, OFAC is seeking to block the service and its operators from tapping the global financial system. Friday's update listed 46 bitcoin addresses and 12 ether addresses. The bitcoin addresses were all tied to Blender, while the ether addresses were linked to the North Korean hacking group Lazarus. OFAC has previously sanctioned several ether addresses and Lazarus itself on suspicion of stealing over $600 million worth of crypto from play-to-earn game Axie Infinity's home-brewed sidechain, Ronin.

Blender is allegedly involved in ransomware attacks, the Treasury Department said in a press release, as well as various other cyberattacks, including March's infamous Ronin hack, which saw Lazarus Group allegedly compromise Axie's sidechain. OFAC has already sanctioned several ether addresses linked to the attack.

This is the first time a crypto mixing service has been added to OFAC's sanctions list.

"Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned virtual currency mixer Blender.io (Blender), which is used by the Democratic People’s Republic of Korea (DPRK) to support its malicious cyber activities and money-laundering of stolen virtual currency," OFAC said in a press release.

According to the release, about $20.5 million in proceeds from the Ronin attack was laundered through Blender. While OFAC only sanctioned Blender on Friday, other mixing services like Tornado Cash have also featured prominently in chain analyses tracking the stolen funds. Over 21,000 ETH (worth about $56 million at press time) stolen from the Ronin network were laundered through Tornado Cash last month.

"While the purported purpose is to increase privacy, mixers like Blender are commonly used by illicit actors. Blender has helped transfer more than $500 million worth of Bitcoin since its creation in 2017. Blender was used in the laundering process for DPRK’s Axie Infinity heist, processing over $20.5 million in illicit proceeds," Treasury's statement said Friday.

The statement went on to add that "virtual currency mixers that assist criminals" threaten the nation's national security, and that the Treasury Department would continue to crack down on these services.

UPDATE (May 6, 2022, 14:25 UTC): Updated with additional context.


Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Nikhilesh De

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.