red 
The U.S. Treasury Department has launched new efforts to prevent the continued laundering of funds stolen from the Ronin Bridge on March 29 by North Korea’s Lazarus Group. For the first time, the sanctions also targeted Bitcoin mixer Blender.io, which is designed to obfuscate blockchain transactions.
Sanctions – issued by the US Office of Foreign Assets Control (OFAC) – targeted 45 Bitcoin addresses associated with Blender.io and four new wallets associated with the Lazarus Group.
Lazarus Group
On March 29, a North Korean cyber hacking organization stole $540 million from a decentralized protocol that allows users to bridge their funds between Ethereum and the popular blockchain game Axie Infinity. The heist was the second largest cryptocurrency theft of all time.
As identified earlierThe Lazarus group began laundering its funds through centralized exchanges and the popular Ethereum-based mixer Tornado Cash, which soon after announced it would comply with US sanctions. It was previously believed that the Lazarus group had transferred some of the stolen funds to Bitcoin. Today’s sanctioning of Blender.io seems to confirm this.
Between April 24th and May 4th, the Lazarus group sent about $273.9 million worth of ether to the four newly allowed addresses. The transactions involved significantly larger amounts than previous laundering attempts. The ramping up of laundering efforts in this manner potentially reflects the growing desperation of hackers, who were previously targeted by OFAC sanctions on April 14 and 22.
One of the addresses sanctioned today had already managed to send around $37 million via Tornado Cash before the sanctions were announced – leaving just over $236 million in the sanctioned addresses.
Blender.io
Moreover, in Lazarus Group’s continued effort to combat money laundering, today’s actions are the first time a virtual currency mixer has been sanctioned. According to OFAC’s statement, North Korea used Blender.io to support its money laundering activities – including laundering over $20.5 million related to the Ronin hack.
Elliptic’s analysis shows that Blender.io has previously been used to launder funds from the Hydra market, a Russian-language darknet marketplace that was sanctioned by OFAC earlier this month.
Elliptic has taken immediate action to flag the new sanctioned addresses in our systems. Our clients will now be able to review and be alerted to any activity related to these addresses. Check out our transaction tracking and verification tools to learn more or contact us for a demo.
You can also download Elliptic’s “Cryptocurrency Sanctions Compliance” a guide to case studies and examples of how to use blockchain analytics for OFAC compliance.
Sanctions Featured DeFi
