Treasury sanctions virtual currency mixer Blender for money laundering

Blender was used to launder $20.5 million of the $620 million that the Treasury Department alleges North Korean hackers stole in March.
(Via Axie Infinity)

The Treasury Department said Friday it has sanctioned, a so-called virtual currency mixer which Treasury alleges that the North Korean government uses to pay for its hacking program and to launder stolen virtual currency.

The Office of Foreign Assets Control (OFAC) at Treasury issued the sanctions, alleging that on March 23 the North Korean state-sponsored cyber hackers known as the Lazarus Group stole a record-setting $620 million from a blockchain project linked to the Pokemon-inspired blockchain game Axie Infinity.

Blender was used to process more than $20.5 million of the $620 million, which a Treasury Department press release alleged is being used to finance North Korea’s weapons of mass destruction and ballistic missile programs.

Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson said the sanctions are the first for a virtual currency mixer. Blender operates on the Bitcoin blockchain. The Treasury Department press release said it “indiscriminately facilitates illicit transactions by obfuscating their origin, destination” and more.


Blender, one of the most popular mixers in the cybercrime underground, intermingles many transactions before transmitting them to their ultimate destinations, ostensibly for privacy reasons, the press release said. The anonymity that virtual currency mixers afford makes them popular with hackers and criminals, according to Treasury, which said that Blender has helped transfer more than $500 million in Bitcoin since 2017 when it launched.

“Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests,” Nelson said in a statement. “We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”

OFAC sanctioned the Lazarus Group in 2019, alleging it was under the control of North Korean intelligence, which is also involved in the conventional arms trade. The Treasury press release said that in addition to the Lazarus Group, Blender has been used to launder money for Russian-linked malign ransomware groups including Trickbot, Conti, Ryuk, Sodinokibi and Gandcrab.

In recent months, Treasury has also levied other first-of-their-kind crypto sanctions: a cryptocurrency exchange allegedly involved in facilitating ransomware funds and a mining firm.

CyberScoop was not able to immediately reach Blender for comment.

Suzanne Smalley

Written by Suzanne Smalley

Suzanne joined CyberScoop from Inside Higher Ed, where she covered educational technology and from Yahoo News, where she worked as an investigative reporter. Prior to Yahoo News, Suzanne worked as a consultant to the economist Raj Chetty as he launched his Harvard-based research institute Opportunity Insights. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and covered two presidential campaigns for Newsweek. She holds a masters in journalism from Northwestern and a BA from Georgetown. A Miami native, Suzanne lives in upper Northwest Washington with her family.

Latest Podcasts