US gov sanctions cryptocurrency mixer Blender also used by North Korea-linked Lazarus APT

The U.S. Department of Treasury sanctioned cryptocurrency mixer Blender.io used by North Korea-linked Lazarus APT.

The U.S. Department of Treasury sanctioned the cryptocurrency mixer Blender.io used by the North Korea-linked Lazarus APT to launder the funds stolen from Axie Infinity’s Ronin bridge. This is the first time ever, Treasury is sanctioning a virtual currency mixer.

Threat actors have stolen almost $625 million in Ethereum and USDC (a U.S. dollar pegged stablecoin) tokens from Axie Infinity’s Ronin network bridge. The attack took place on March 23rd, but the cyber heist was discovered today after a user was unable to withdraw 5,000 ether.

The Ronin Network is an Ethereum-linked sidechain used for the blockchain game Axie Infinity.

The attackers have stolen roughly 173,600 ether and 25.5 million USDC. The Ronin bridge and Katana Dex have been halted following the attack.

“Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned virtual currency mixer Blender.io (Blender), which is used by the Democratic People’s Republic of Korea (DPRK) to support its malicious cyber activities and money-laundering of stolen virtual currency.” reads the announcement published by the U.S. DEPARTMENT OF THE TREASURY.

The U.S. Office of Foreign Assets Control (OFAC) blocked 45 Bitcoin addresses linked to Blender.io and four wallets associated with Lazarus APT.

Blender.io (Blender) is a virtual currency mixer that operates on the Bitcoin blockchain to make transactions untrackable. Blender receives a variety of transactions and mixes them together before transmitting them to their ultimate destinations. The mixers are essential components for cybercriminals that use them for money laundering, it was used to launder the funds stolen from DPRK’s Axie Infinity, processing over $20.5 million in illicit proceeds. It has been estimated that Blender has helped transfer more than $500 million worth of Bitcoin since its creation in 2017. OFAC states that Blender was also used by several ransomware groups, including Trickbot, Conti, Ryuk, Sodinokibi, and Gandcrab.

“The virtual currency mixers that assist criminals are a threat to U.S. national security interests. Treasury will continue to investigate the use of mixers for illicit purposes and consider the range of authorities Treasury has to respond to illicit financing risks in the virtual currency ecosystem.” concludes the OFAC.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: https://docs.google.com/forms/d/e/1FAIpQLSfxxrxICiMZ9QM9iiPuMQIC-IoM-NpQMOsFZnJXrBQRYJGCOw/viewform  

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, domain name system)

[adrotate banner=”5″]

[adrotate banner=”13″]