Blog
Insights

OFAC Adds Crypto Mixer ‘Blender.io’ To SDN List

February 12, 2024

Earlier this month, the US Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned virtual currency mixer Blender.io over its links to North Korean state-sponsored malicious cyber group Lazarus Group.  

OFAC sanctioned Blender due to its alleged role in processing $20.5 million of illicit proceeds from the Axie Infinity heist.  The theft, which occurred in March 2022, saw Lazarus steal over $600 million in virtual currency (173,600 ETH and 25.5 million USDC) from the play-to-earn game Axie Infinity by hacking private keys to its sidechain Ronin and forging fake withdrawals.  

Created by the North Korean government in the mid-2000s, Lazarus has been involved in several high-profile attacks against Western targets, including most notably the WannaCry 2.0 ransomware attack that caused an estimated $4 billion in losses worldwide in 2017.  

Since first sanctioning Lazarus in September 2019, OFAC has tied numerous virtual currency addresses to the group. This time, OFAC listed over 40 BTC and ETH addresses.  All BTC addresses were added to Blender’s entry in the SDN list; four new ETH addresses were added to Lazarus’ existing entry.

According to OFAC, Blender “indiscriminately facilitates illicit transactions by obfuscating their origin, destination, and counterparties.”  While not in themselves illegal, mixers like Blender – also known as cryptocurrency tumblers – are frequently used to provide anonymity to users, but also to obscure illicit activity.  

Mixers work by pooling together funds from multiple sources and distributing them out at random times, obscuring the path of virtual currency transactions.  As such, they are prone to being used for money-laundering.  But they are by no means fool proof.

As shown by OFAC’s sanctioning of Blender, it is possible to trace the origin of cryptocurrency transactions that have gone through mixers using blockchain data.  

This has been demonstrated in recent cases involving the Ethereum-based Tornado.cash mixer.  Earlier in May crypto investigators were able to follow funds routed through Tornado by a perpetrator of an alleged pump-and-dump scheme.  They did this by linking the size of deposits to withdrawals from the service.  They then follow the thread to a centralised exchange service where they raised the alarm.  That case has resulted in an active investigation with the FBI.  

Notably, Tornado Cash was reportedly used to process 21,000 ETH ($56 million) in proceeds from the Axie Infinity heist.  It is highly likely that investigators were able to follow traces from the service once stolen funds were deposited.  

It is possible that Lazarus knew this.  Data shows it used a variety of methods to cover its tracks, including decentralised exchanges - where KYC is not required - to swap USDC for ETH.  

So what can we tell from this?  Certainly that the speed of innovation in crypto is driving threats; but that very same innovation is creating new opportunities for crime fighters.  Expect more updates from OFAC!

All ETH addresses have been added to our Ethereum red flag checker: ethscamcheck.io
All BTC addresses have been added to Hoptrail’s databases.

Insights

Hoptrail Intelligence: Real-Time Risk Alerts on Wallets & VASPs

April 18, 2024
Alerts is the latest feature in the Hoptrail crypto compliance toolkit, designed to ensure users stay on top of counterparty risk issues in real-time.We are thrilled to announce the release of Alerts, our real-time risk monitoring tool for cryptocurrency wallets and Virtual Asset Service Providers (VASPs).
Insights

HM Treasury applies first-ever crypto sanctions amid coordination with US and Israel

April 8, 2024
HM Treasury issues sanctions on crypto addresses as part of wider efforts from allies to crack down on crypto use by terrorist groups
Media & Press

Hoptrail and Recap secure InnovateUK grant funding to develop crypto onboarding tools 

March 14, 2024
A consortium including Hoptrail and led by UK crypto tax software provider Recap has secured a £300,000 Innovate UK grant to build crypto onboarding and AML tools for professional services.

Subscribe to the Hoptrail newsletter

Sign up with your email address to get the latest insights from our crypto experts.

No spam! We respect your privacy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.