Skip to main content

US punishes Blender.io for helping North Korea launder millions in stolen Axie crypto

US punishes Blender.io for helping North Korea launder millions in stolen Axie crypto

/

Blender.io is not on the government’s good side

Share this story

It says the Lazarus Group funneled around $20 million through the service.
It says the Lazarus Group funneled around $20 million through the service.
Illustration by Alex Castro / The Verge

The US Treasury Department announced on Friday that it’s sanctioning Blender.io, essentially cutting the Bitcoin mixer off from the US financial system (legally speaking, anyway). The department alleges that the service, which lets people obfuscate the record usually kept by the blockchain, was used by North Korea to “support its malicious cyber activities and money-laundering of stolen virtual currency.”

According to the Treasury’s press release, Blender.io was used by the Lazarus hacking group to launder $20.5 million worth of the cryptocurrency it allegedly stole from the crypto-based game Axie Infinity. The entire proceeds of the hack, which the Treasury linked to Lazarus and North Korea in April, were estimated to be worth around $625 million at the time, though a few million dollars worth of funds have been recovered. The Treasury says that Lazarus is sponsored by North Korea’s government and that the country uses hackers to “generate revenue for its unlawful weapons of mass destruction (WMD) and ballistic missile programs.”

The Treasury’s press release says this is the first time it’s ever levied sanctions against a virtual currency mixer. (It has done other crypto-related sanctions, though; notably, last year, it issued its first sanction against an exchange.) Blender.io wasn’t the only tool the hackers used, though — to start, the funds stolen from Axie Infinity’s Ronin network were originally in Ethereum and USDC, and Blender works with Bitcoin; at some point, there had to be a conversion. There are also reports that the hackers filtered some of the funds through Tornado Cash, a service meant to make it harder to track transactions.

The US Treasury also alleges that Blender laundered money for ransomware organizations like Conti, Trickbot, and Sodinokibi (aka REvil). Now that it’s sanctioned, it won’t be able to access any of its funds that were stored within the US, nor can it do transactions with American companies or citizens.

The Treasury’s description of how Blender.io works.
The Treasury’s description of how Blender.io works.
Image: US Department of the Treasury

Blender and other mixers work by pooling together deposited funds, then randomly distributing them. Because transactions are recorded on the blockchain, it can be very difficult to use stolen funds without using these types of services. Stolen coins go into the blender, and the hackers will, in theory, get clean coins back. (And whoever ends up with the stolen coins can point back to the mixer, saying “Well, you can see I didn’t take them out of the wallet myself.”)

As happened with the Axie hack, governments can sanction wallets that are affiliated with hacking groups, and researchers can track stolen crypto’s movement. If criminals want to convert their ill-gotten crypto into, say, Lamborghinis, they have to make sure that’s not being traced.

Of course, as the Treasury points out, there are perfectly legal uses for this kind of service — people could use them to gain some semblance of privacy when making purchases with crypto, for instance. But with the department keeping such a close eye on crypto crimes, it’s starting to feel like firms will have to be very careful about whose money they take and tumble.