- Mixer processed $20.5mln of around $620mln stolen from Axie Infinity as ether and USDC
- Blender.io had laundered money for ransomware organizations linked to Russia
On Friday, the US Treasury Department Office of Foreign Assets Control (OFAC) announced it was enforcing sanctions against crypto mixer Blender.io for its part in laundering funds from the Ronin Bridge hack, CoinTelegraph reported.
Lazarus Group, a hacker team believed to be financed by the government of North Korea, were identified as the perpetrators of the attack.
The first sanction against a mixer in history
Treasury Under Secretary for Terrorism and Financial Intelligence Brian E. Nelson stated:
Today, for the first time ever, Treasury is sanctioning a virtual currency mixer. […] We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.
Blender processed $20.5mln in ether and USDC
According to OFAC, the mixer processed $20.5 million of around $620 million stolen from Axie Infinity as ether and USDC. The respective amounts were 173,600 ether and 25.5 million USD Coin.
In the course of its investigation, OFAC also found Blender.io had laundered money for ransomware organizations linked to Russia, such as Conti, Trickbot, Ryuk, Gandcrab, and Sodinokibi. At the time of publication, the Blender.io website was offline.
As part of the sanctions facing Blender.io, all of the mixer’s property in the US or held by US nationals has to be reported to OFAC and will be blocked.
The Treasury agency also added four wallet addresses used by Lazarus Group to launder some of the stolen funds to its List of Specially Designated Nationals and Blocked Persons.
Ronin Bridge hack took a week to detect
While the Ronin Bridge hack took place on March 23, it was detected the next week. The point of entry of the hackers was Sky Mavis, the developer of Axie Infinity. Sky Mavis had been whitelisted indefinitely after they helped process an increase in transactions.
OFAC identified Lazarus Group as the perpetrators in the middle of last month. Binance recovered just under $6 million of the funds from tens of accounts, while Sky Mavis raised $150 million to reimburse the victims of the hack.