The Treasury Department on Friday issued its first sanctions against a cryptocurrency mixer, a service that pools digital assets to obscure their owners, as it continues its pursuit of more than $600 million that North Korean hackers stole from the Axie Infinity video game.
The Lazarus Group, a cybercriminal gang which United Nations investigators have said is a key funding source for North Korean weapons programs, had laundered nearly $100 million as of late last month, The Washington Post reported, citing data from blockchain analytics firm Elliptic.
Using another mixer called Tornado Cash, the hackers continued to process batches of their stolen crypto even after it was known they were the thieves, highlighting the challenge U.S. authorities confront in keeping pace with cybercriminals rapidly moving millions of dollars across the globe with mere keystrokes.
“Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests,” Treasury undersecretary for terrorism and financial intelligence Brian Nelson said in a statement. “We are taking action against illicit financial activity by” North Korea and “will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”
Blender has processed more than $500 million worth of bitcoin since its 2017 launch, Treasury said it found in an investigation of the service. The department said that, beyond the North Koreans, a number of Russian-linked ransomware groups have used the service to launder stolen crypto. Blender did not respond to a request for comment.
It was not clear why Treasury designated only Blender. “Sanctions are one tool the Administration uses to counter malicious cyber activities,” a Treasury spokesperson said in a statement. “Treasury will continue to assess all available tools and authorities to address malign activity” including malicious North Korean cyber activity. “This includes all nodes within the virtual currency ecosystem such as exchanges, mixers, and darknet marketplaces.”
Treasury noted in its announcement that although most crypto activity is legal, “it can be used for illicit activity, including sanctions evasion, through mixers, peer-to-peer exchangers, dark net markets, and exchanges. This includes the facilitation of heists, ransomware schemes, and other cybercrimes.”
The department called mixers that assist criminals “a threat to U.S. national security interests,” and said it would continue to investigate them and “consider the range of authorities” it has to respond. “Criminals have increased use of anonymity-enhancing technologies, including mixers, to help hide the movement or origin of funds,” the announcement said.
The Treasury action comes as federal agencies take a tougher approach to policing illicit activity and fraud in the booming cryptocurrency industry. The Securities and Exchange Commission earlier this week announced it is nearly doubling its crypto enforcement team by adding 20 new staff members, including investigative staff attorneys, trial lawyers and fraud analysts.
On Friday, the Justice Department said it is charging Luiz Capuci Jr., the chief executive of Mining Capital Coin, with orchestrating a $62 million global fraud scheme, alleging he told investors he would use their crypto funds to mine new digital assets and instead diverted them into wallets he controlled.
Industry leaders say the sector has been unfairly maligned as a haven for criminal activity. They often cite a report by blockchain analytics firm Chainalysis that shows while cryptocurrency crime hit a record high last year, with illicit accounts receiving $14 billion, those transactions made up their smallest share of total volume ever in the space. They represented 0.15 percent of activity, a discrepancy explained by the surging growth of digital markets.
But digital thefts like the one the Lazarus Group perpetrated in March are growing in frequency and scale, a separate Chainalysis report recently found. Hackers focused on stealing cryptocurrency are on course to break a record this year, having absconded with $1.3 billion worth of digital assets in the first three months of the year, after seizing $3.2 billion in 2021.