The U.S. Department of Treasury tweeted: “For the first time ever, Treasury has sanctioned a virtual currency mixer. Blender.io is used by the DPRK to support malicious cyber activities & money-laundering of stolen virtual currency”. The tweet included an image that has been labeled as Blender.io Cryptocurrency Mixing Process. It includes a simplified graphic of the process.
The U.S. Department of Treasury website provided more detailed information (on May 6, 2022):
“Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned virtual currency mixer blender.io (Blender), which is used by the Democratic People’s Republic of Korea (DPRK) to support its malicious cyber activities and money-laundering of stolen virtual currency.
“On March 23, 2022, Lazarus Group, a DPRK state-sponsored cyber hacking group, carried out the largest virtual currency heist to date, with almost $620 million, from a blockchain project linked to the online game Axis Infinity; Blender was used in processing over $20.5 million of the elicit proceeds.
“Under the pressure of robust U.S. and UN sanctions, the DPRK has restored to elicit activities, including cyber-enabled heists from cryptocurrency exchanges and financial institutions, to generate revenue for its unlawful weapons of mass destruction (WMD) and ballistic missile programs.”
Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson said: “Today, for the first time ever, Treasury is sanctioning a virtual currency mixer. Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests. We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”
In addition, OFAC is identifying four additional virtual currency wallet addresses used by the Lazarus Group to launder the remainder of stolen proceeds from the March 2022 Axie Infinity heist. This builds on OFAC’s April 14, 2022, attribution of DPRK’s Lazarus Group as the perpetrators of the Axie Infinity heist and identification of the original getaway wallet address. Treasury is committed to tracing illicit virtual currency and blocking associated addresses wherever found.
The Record reported that the U.S. Department of Treasury takes a dim view of cryptocurrency mixers, with are often touted as a way for coin owners to protect their privacy.
CoinDesk reported that LootRush, a Steam-like platform for blockchain games, has raised $12 million in a seed round led by Paradigm with participation from Andreessen Horowitz.
LootRush offers a quick-start platform for blockchain games, which typically have a more complicated onboarding process than traditional video games. According to CoinDesk, Axie Infinity is currently the only game available to play LootRush. The platform plans to roll out additional titles throughout the year, including CryptoKitties and NBA Top Shot.
Based on all of this, it seems to me that cryptocurrency and the blockchain aren’t very well protected. This isn’t the first time a situation occurred that involved stealing cryptocurrency from wallets that are on the blockchain.