News

North Korea Allegedly Used Blender.io To Launder Millions Stolen From Crypto Game Axie Infinity

Axie Infinity is an online game, developed by Vietnam-based Sky Mavis, that finds players collecting and trading digital pets known as Axies which are minted as NFTs. Last month it appeared that hackers had run off with millions of dollars worth of cryptocurrency, allegedly stolen from Axie Infinity, by a group known as Lazarus that the FBI claims is sponsored by the North Korean state. Now, a service allegedly used by Lazarus to launder their crypto millions has been sanctioned by the US Treasury Department.

The Treasury named the Bitcoin mixer service Blender.io in a press release, claiming that it had been used by Lazarus to launder $20.5 million worth of the cryptocurrency it allegedly stole from Axie Infinity (as reported by The Verge). The original hack had made off with around $625 million of cryptocurrency, but the stolen funds clearly needed to be exchanged for something less stolen-y. Blender is a service that allows users to "conduct anonymous transactions without using VPN" according to its own website, and which has now been targeted by the US Treasury.

Blender mixes a users' Bitcoins with its own reserve, which breaks the connection with prior transactions. The US department alleges that the service was used by the hacker group to "support its malicious cyber activities and money-laundering of stolen virtual currency". With the sanction Blender should be legally cut off from the US financial system. This is the first time the Treasury has sanctioned a virtual currency mixer. However, the funds taken from Axie Infinity's Ronin network were in Ethereum and USDC but Blender works only with Bitcoin, which means the original cryptocurrency had to have been converted at some point.

Blender and other virtual currency mixers operate by using deposited funds that are randomly distributed to users who exchange their own cryptcurrencies for the ones that are in the service's pool, thus obscuring the provenance of the coins, and usually charge a fee for the service. Stolen coins can go into the pool and be redistributed but those who receive them can simply point to the mixer as the provider, while those disposing them could get clean coins in return.

In the press release the Treasury gestured toward legal uses of these services as people may want some privacy associated with their virtual currencies since crypto transactions are recorded on the blockchain. But with criminal groups using these services, the eyes of law enforcement and regulatory bodies could grow increasingly large.

Lazarus Group meanwhile has been known by the FBI for some time. It was said to be behind the 2014 hack of Sony Pictures as well as stealing $101 million from Bangladesh Bank in 2016, among other illegal activities.

Source: Read Full Article