Tag Archives: U.S Department of Treasury

U.S. Department of Treasury Took Actions Against Bittrex



The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and Financial Crimes Enforcement Network (FinCEN) announced settlements for over $24 million and $29 million, respectively, with Bittrex, Inc. (Bittrex), a virtual currency exchange based in Bellevue, Washington. This is OFAC’s largest virtual currency enforcement action to date.

It also represents the first parallel enforcement actions by FinCEN and OFAC in this space. Investigations by OFAC and FinCEN found apparent violations of multiple sanctions programs and willful violations of the Bank Secrecy Act’s (BSA’s) anti-money laundering (AML) and suspicious activity report (SAR) reporting requirements. These enforcement actions emphasize to the virtual currency industry the importance of implementing appropriate risk-based sanctions compliance controls and meeting obligations under the BSA. The failure to take action can result in violations of OFAC and FinCEN regulations and expose exchanges and others in the virtual currency industry to potential abuse by illicit actors.

“When virtual currency firms fail to implement effective sanctions compliance controls, including screening customers located in sanctioned jurisdictions, they can become a vehicle for illicit actors that threaten U.S. national security,” said OFAC Director Andrea Gacki. “Virtual currency exchanges operating worldwide should understand both who – and where – their customers are. OFAC will continue to hold accountable firms, in the virtual currency industry and elsewhere, whose failure to implement appropriate controls leads to sanctions violations.”

“For years, Bittrex’s AML program and SAR reporting failures unnecessarily exposed the U.S. financial system to threat actors,” said FinCEN Acting Director Himamauli Das. “Bittrex’s failures created exposure to high-risk counterparts including sanctioned jurisdictions, darknet markets, and ransomware attackers.Virtual asset service providers are on notice that they must implement robust risk-based compliance programs and meet their BSA reporting requirements. FinCEN will not hesitate to act when it identifies willful violations of the BSA.”

The press release states that Bittrex has agreed to remit $24,280,829.20 to OFAC to settle its potential civil liability for 116,421 apparent violations of multiple program sanctions. As a result of deficiencies related to Bittrex’s sanctions compliance procedures, Bittrex failed to prevent persons apparently located in the Crimea region of Ukraine, Cuba, Iran, Sudan, and Syria from using its platform to engage in approximately $263,451,600.13 worth or virtual currency related transactions between March 2014 and December 2017.

The press release also stated that Bittrex has agreed remit $29,280,829.20 for its willful violation of the BSA’s AML program and SAR requirements. FinCEN will credit the payment of $24,280,829.20 as part of Bittrex’s agreement to settle its potential liability with OFAC. FinCEN’s investigation found that, from February 2014 through December 2018, Bittrex failed to maintain an effective AML program. This included deploying inadequate and ineffective transaction monitoring on its platform resulting in significant exposure to illicit finance. Further, Bittrex failed to file any SARs between February 2014 and May 2017, a period of over three years.

To me, it sounds like Bittrex either intentionally chose not to do the things that would have prevented them from having to settle with both OFAC and FinCEN, or the company hoped that it wouldn’t be noticed by the U.S. Department of Treasury. Either way, it is clear that Bittrex is going to be paying a very large amount of money due to their inadequate actions.


U.S. Treasury Sanctioned Cryptocurrency Mixer Blender.io



The U.S. Department of Treasury tweeted: “For the first time ever, Treasury has sanctioned a virtual currency mixer. Blender.io is used by the DPRK to support malicious cyber activities & money-laundering of stolen virtual currency”. The tweet included an image that has been labeled as Blender.io Cryptocurrency Mixing Process. It includes a simplified graphic of the process.

The U.S. Department of Treasury website provided more detailed information (on May 6, 2022):

“Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned virtual currency mixer blender.io (Blender), which is used by the Democratic People’s Republic of Korea (DPRK) to support its malicious cyber activities and money-laundering of stolen virtual currency.

“On March 23, 2022, Lazarus Group, a DPRK state-sponsored cyber hacking group, carried out the largest virtual currency heist to date, with almost $620 million, from a blockchain project linked to the online game Axis Infinity; Blender was used in processing over $20.5 million of the elicit proceeds.

“Under the pressure of robust U.S. and UN sanctions, the DPRK has restored to elicit activities, including cyber-enabled heists from cryptocurrency exchanges and financial institutions, to generate revenue for its unlawful weapons of mass destruction (WMD) and ballistic missile programs.”

Under Secretary of the Treasury for Terrorism and Financial Intelligence, Brian E. Nelson said: “Today, for the first time ever, Treasury is sanctioning a virtual currency mixer. Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests. We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”

In addition, OFAC is identifying four additional virtual currency wallet addresses used by the Lazarus Group to launder the remainder of stolen proceeds from the March 2022 Axie Infinity heist. This builds on OFAC’s April 14, 2022, attribution of DPRK’s Lazarus Group as the perpetrators of the Axie Infinity heist and identification of the original getaway wallet address. Treasury is committed to tracing illicit virtual currency and blocking associated addresses wherever found.

The Record reported that the U.S. Department of Treasury takes a dim view of cryptocurrency mixers, with are often touted as a way for coin owners to protect their privacy.

CoinDesk reported that LootRush, a Steam-like platform for blockchain games, has raised $12 million in a seed round led by Paradigm with participation from Andreessen Horowitz.

LootRush offers a quick-start platform for blockchain games, which typically have a more complicated onboarding process than traditional video games. According to CoinDesk, Axie Infinity is currently the only game available to play LootRush. The platform plans to roll out additional titles throughout the year, including CryptoKitties and NBA Top Shot.

Based on all of this, it seems to me that cryptocurrency and the blockchain aren’t very well protected. This isn’t the first time a situation occurred that involved stealing cryptocurrency from wallets that are on the blockchain.