The US Treasury has sanctioned cryptocurrency mixer Blender.io, preventing transactions with US citizens. Blender.io is accused of providing its services to attackers who stole $600 million from the Ronin sidechain in March.
Last month, the Treasury said the theft was carried out by North Korean group Lazarus, and updated the cryptocurrency addresses listed then and again on Friday.
After the attack, Blender was used to launder $20.5 million.
“For the first time ever, the Treasury is sanctioning a virtual currency mixer,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson.
“Virtual currency mixers that aid in illicit transactions pose a threat to the national security interests of the United States. We are taking action against North Korea’s illicit financial activity and will not let this theft go unaddressed. sponsored by the state.
Treasury added that Blender was also involved in money laundering for Russian-linked ransomware groups, including Trickbot, Conti, Ryuk, Sodinokibi and Gandcrab.
“Blender.io is a virtual currency mixer that runs on the Bitcoin blockchain and facilitates illicit transactions by concealing their origin, destination and counterparties. Blender receives a variety of transactions and mixes them before passing them on to their final destination” , said the Treasury.
“Although the purported goal is to increase privacy, mixers like Blender are commonly used by malicious actors.”
The sanctions mean that any property owned by Blender or a majority of Blender that is in the United States must be reported, and that all transactions made by Americans in the United States through Blender.io are blocked unless authorized. is issued. Sanctions cover funds, goods and services.
The attack on the Ronin sidechain allowed the attackers to steal 173,600 Ether and 25.5 million in US Coin, which was not noticed until a week later. Ronin was launched in mid-2020 by the Axie Infinity game created by Vietnamese blockchain game maker Sky Mavis. This “sidechain”, a secondary blockchain backed by that of Ethereum, was designed as a way to overcome the congestion of the Ethereum network.
For the attack to occur, the attacker took control of four validators operated by Sky Mavis, and one operated by Axie DAO.
In a post mortem, the company admitted that it did not have a proper tracking system in place. The replacement system will require human interaction for larger amounts, she said.
Through a combination of spear-phishing, and an allowlist on the Axie DAO validator that was not removed, the Lazarus group was able to take control of the sidechain.
Image: US Treasury
Source: “ZDNet.com”