The US Treasury Department on Friday decided to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subject to economic lockdowns.

The move signals continued efforts by the government to prevent North Korean group Lazarus from laundering funds stolen in the unprecedented Ronin Bridge hack in late March.

The newly imposed sanctions, issued by the United States Office of Foreign Assets Control (OFAC), target 45 Bitcoin addresses linked to Blender.io and four new wallets linked to the Lazarus Group, an advanced persister linked to the Democratic People’s Republic of Korea (DPRK). ).

“Blender was used to process more than $20.5 million worth of illicit proceeds,” the Treasury said, adding that it was used by the DPRK to “support its malicious cyber activities and money laundering of virtual currency stolen”.

Cryptocurrency mixers, also known as tumblers, are privacy-focused services that allow users to move cryptocurrency assets between accounts without leaving a transaction trail by obscuring their origins.

Blenders like Blender have been known to levy a “dynamic” service fee that varies between 0.6% and 2.5% each time money is transferred to a wallet address under its control. Since its launch in 2017, Blender is said to have transferred over $500 million worth of Bitcoin.

“Through these services, threat actors can achieve their end goal of cashing in and keeping criminal underground cash through the trade of illicit goods and services,” Intel 471 noted in a November 2021 report.

The Ronin Bridge hack saw the state-sponsored cyber-hacking group steal $540 million from a decentralized protocol that allows users to transfer their crypto between Ethereum and popular blockchain game Axie Infinity.

On April 16, the Treasury Department blocked the address of the Ethereum wallet that received the stolen digital currency, although by then the Lazarus Group had managed to launder 18% of the embezzled funds (approximately $97 million). dollars) through centralized exchanges and an Ethereum mixing service called Tornado Cash.

In the past two weeks, around $273.9 million worth of Ether has been sent to four of the newly sanctioned addresses, according to blockchain analytics firm Elliptic, with one of those addresses already transferring $37 million through Tornado. Cash, leaving behind $236 million.

“The transactions involved amounts significantly larger than their previous laundering efforts,” the company said. “The intensification of laundering efforts in this way potentially reflects growing desperation by hackers.”

Additionally, Blender’s sanction is proof that “the Lazarus Group moved some of the stolen funds to Bitcoin,” Elliptic pointed out.

On top of that, Blender also allegedly helped a number of Russian-aligned ransomware gangs launder their money, including TrickBot, Conti (formerly Ryuk), Sodinokibi (aka REvil), and Gandcrab.

In the midst of all this crypto exchange Binance on April 22 revealed that he managed to recover $5.8 million of stolen funds from Axie Infinity which were spread across 86 accounts.

The development comes a month after the Treasury sanctioned virtual currency exchange Garantex for helping criminal actors launder more than $100 million in ill-gotten funds.

Last year, the department sanctioned two cryptocurrency exchanges SUEX and CHATEX for facilitating ransomware actors’ financial transactions and collecting money extorted from victims.

In recent years, North Korea has been tied to a series of heists enabled by cyber-cryptocurrency exchanges and financial entities in order to circumvent international sanctions and generate revenue for its terrorist program. ‘nuclear weapons.

Last month, US cybersecurity and intelligence agencies warned of a new round of cyberattacks by the Lazarus Group targeting blockchain companies with rogue cryptocurrency apps.

“Virtual currency mixers that facilitate illicit transactions pose a threat to the national security interests of the United States,” said Brian E. Nelson, Under Secretary of the Treasury for Terrorism and Financial Intelligence.

“We are taking action against the DPRK’s illicit financial activities and will not let state-sponsored thefts and their money laundering enablers go unaddressed.”