On Friday, the U.S. Treasury Department sanctioned Blender.io, for its role in laundering stolen money from Axie Infinity. According to the department, this marked the first time the U.S. Treasury has ever sanctioned a virtual currency mixer.
Background on the Ronin Network hack
On the 23rd of March this year, a North Korean hacking group, Lazarus, stole almost $620 million from the Ronin Bridge supporting the popular blockchain game called Axie Infinity. According to the department’s Office of Foreign Assets Control (OFAC), these hackers used Blender.io to process more than $20.5 million of the illicit proceeds. In fact, at the time of writing, Blender’s website is no longer accessible to the public.
What is Blender.io?
For a start, Blender.io (Blender) is a virtual currency mixer that operates on the Bitcoin blockchain. How it works is that Blender will mix a variety of transactions before transmitting them to their final destinations. As a result, there’s no way for us to tell apart the stolen funds after the mixing process. Although the intent was to increase privacy, many cybercriminals abused these crypto mixers for money laundering instead.
Not surprisingly, Blender has helped transfer more than $500 million worth of Bitcoin since its creation in 2017. According to OFAC, Blender.io facilitated money laundering for several other Russian-linked ransomware groups as well. Some on the list include Trickbot, Conti, Ryuk, Sodinokibi, and Gandcrab.
Were there any refunds for the victims of the Ronin Bridge hack?
As a matter of fact, yes, there were. In April, the team behind Axie Infinity, Sky Mavis, set aside $450 million worth of its own funds to refund victims of the Ronin Bridge hack. In addition, the company raised $150 million in a financing round led by Binance to repay users. This summed up to $600 million worth of funds, which should be enough to compensate for most of the lost funds.