NEW YORK: The United States announced sanctions Friday on virtual currency mixer Blender.io, saying the service was used by a North Korean hacker group to support weapons programs, the Treasury Department said.
US officials said the case marks the first US sanctions on a virtual currency “mixer,” which is used to conceal participants in transactions involving Bitcoin and other cryptocurrencies.
Officials said the Lazarus Group, a North Korean-backed hacker group, stole $620 million from the online game Axie Infinity, employing Blender to process more than $20.5 million of the illicit funds that went to the benefit of the Democratic People’s Republic of Korea (DPRK).
“Today, for the first time ever, Treasury is sanctioning a virtual currency mixer,” said Brian Nelson, a Treasury undersecretary for terrorism and financial intelligence.
“We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”
The action comes just days after Seoul reported the latest North Korean ballistic missile test, its 14th since January in a provocative streak that has drawn criticism from the United Nations and Washington.
US Secretary of State Antony Blinken said sanctions were needed on Blender, which has “enabled DPRK malicious cyber actors to mix illicit virtual currency with anonymous virtual currency to facilitate money laundering,” according to a State Department statement.
“The United States remains committed to seeking diplomacy with the DPRK and calls on the DPRK to engage in dialogue,” Blinken said. “At the same time, we will continue to address the DPRK’s unlawful cyber activities, as well as violations of UN Security Council resolutions.”
Blender has been used to transfer more than $500-million worth of Bitcoin since 2017. Besides aiding the DPRK, Treasury officials also found the service supported Russian-linked malign ransomware groups.
“While the purported purpose is to increase privacy, mixers like Blender are commonly used by illicit actors,” said the Treasury Department.
The crackdown on Blender.io comes after US authorities on April 14 tied Lazarus Group to the Axie heist, one of the biggest to hit the crypto world.
Lazarus Group gained notoriety in 2014 when it was accused of hacking into Sony Pictures Entertainment as revenge for “The Interview,” a satirical film that mocked North Korean leader Kim Jong Un.
In Axie Infinity, players participate in battles using colorful blob-like Axies, and are mainly rewarded with “Smooth Love Potion” (SLPs) that can be exchanged for cryptocurrency or cash — or invested back into the game’s virtual world Lunacia.
Attackers exploited weaknesses in the set-up put in place by the Vietnam-based firm behind Axie Infinity, Sky Mavis, which created an in-game currency and a sidechain with a bridge to the main ethereum blockchain.
The result was faster and cheaper — but ultimately less secure.