Reports said that the United States Treasury Department Office of Foreign Assets Control (OFAC) announced that it was sanctioning cryptocurrency mixer Blender.io for its role in laundering proceeds from the hacking of Axie Infinity's Ronin Bridge.
It has been reported that North Korean state-sponsored hackers Lazarus Group have been identified as the perpetrators of the attack.
Brian E. Nelson, the Treasury Under Secretary for Terrorism and Financial Intelligence, said in a statement:
“Today, for the first time ever, Treasury is sanctioning a virtual currency mixer. […] We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”
However, under the sanctions, all Blender.io property in the United States or in the possession of US persons is blocked and must be reported to OFAC. According to OFAC, Blender.io processed $20.5 million out of approximately $620 million stolen from the Vietnam-based play-to-earn game in the form of around 173,600 Ether (ETH) and 25.5 million USD Coin (USDC).
The report said that OFAC also found during its investigation that Blender.io had facilitated money laundering for Russia-linked ransomware groups including Trickbot, Conti, Ryuk, Sodinokibi, and Gandcrab. The Blender.io website was offline, as of May 6.
Likewise, the Treasury agency also added the addresses of four wallets used by Lazarus Group to launder some of the stolen funds to its list of Specially Designated Nationals and Blocked Persons.
The Ronin Bridge hack took place on March 23, but it was only discovered the following week. The bridge was accessed through game developer Sky Mavis. That organization had been indefinitely whitelisted after helping process a surge in transactions.
Thus, Sky Mavis raised $150 million to reimburse users who lost money in the exploit, and Binance was able to recover $5.8 million of the money from 86 accounts. Lazarus Group was identified as the hackers by OFAC in mid-April.