OFAC Issues First Sanctions Against Virtual Currency Mixer | Practical Law

OFAC Issues First Sanctions Against Virtual Currency Mixer | Practical Law

The US Department of the Treasury's Office of Foreign Assets Control (OFAC) announced designation of virtual currency (VC) mixer Blender.io to OFAC's List of Specially Designated Nationals and Blocked Persons (SDN List) pursuant to Executive Order 13694 and updated the SDN List to include certain VC addresses used by an SDN known as the Lazarus Group.

OFAC Issues First Sanctions Against Virtual Currency Mixer

Practical Law Legal Update w-035-5198 (Approx. 5 pages)

OFAC Issues First Sanctions Against Virtual Currency Mixer

by Practical Law Finance
Published on 11 May 2022USA (National/Federal)
The US Department of the Treasury's Office of Foreign Assets Control (OFAC) announced designation of virtual currency (VC) mixer Blender.io to OFAC's List of Specially Designated Nationals and Blocked Persons (SDN List) pursuant to Executive Order 13694 and updated the SDN List to include certain VC addresses used by an SDN known as the Lazarus Group.
On May 6, 2022, the US Department of the Treasury's Office of Foreign Assets Control (OFAC) announced:
  • The designation of virtual currency (VC) mixer Blender.io to OFAC's List of Specially Designated Nationals and Blocked Persons (SDN List) pursuant to Executive Order 13694. According to OFAC, Blender.io was used by North Korean actors to support malicious cyber activities and laundering of stolen VC (see Blender Sanctions).
  • That it had updated the SDN List to include certain VC addresses used by an SDN known as the Lazarus Group to launder stolen proceeds from a March 2022 heist of online game Axie Infinity, in addition to other VC wallets previously identified by OFAC (see Lazarus Group).

Blender Sanctions

Blender is being designated under EO 13694 for having materially assisted, sponsored, or provided financial or technological support for, a cyber-enabled activity originating from, or by persons located outside the US that is reasonably likely to result in a significant threat to the national security, foreign policy, or economic health or financial stability of the US. EO 13694 authorizes designation for such party's activity that has the purpose or effect of causing a significant misappropriation of funds or economic resources, trade secrets, personal identifiers, or financial information for commercial or competitive advantage or private financial gain (see Legal Update, New Executive Order Authorizes OFAC to Impose Sanctions on Perpetrators of Malicious Cyber Threats).
According to OFAC, this is the first time that Treasury is sanctioning a VC mixer, which OFAC asserts has assisted in conducting illicit transactions that posed a threat to US national security interests by aiding financial activity by North Korea.
According to OFAC, Blender is a VC mixer that operates on the Bitcoin blockchain and indiscriminately helps illicit transactions by obfuscating their origin, destination, and counterparties. Blender receives a variety of transactions and mixes them together before transmitting them to their ultimate destinations to increase privacy. OFAC asserts that mixers like Blender are commonly used by illicit actors. According to OFAC, Blender has helped transfer more than $500 million worth of Bitcoin since its creation in 2017. Blender was also used in the laundering process for North Korea's Axie Infinity heist, processing over $20.5 million in illicit proceeds.
OFAC’s investigation also identified Blender’s facilitation of money-laundering for Russian-linked malign ransomware groups including Trickbot, Conti, Ryuk, Sodinokibi, and Gandcrab among others. OFAC has previous identified Sodinokibi is one of the most prolific ransomwares on the dark web where its affiliates have targeted thousands of technology companies, managed service providers, and retailers around the world (see Legal Update, OFAC Adds Russian-Based Crypto Exchange SUEX OTC and Related Parties to Specially Delegated Nationals (SDN) List Over Ransomware Attacks).

Lazarus Group

On April 14, 2022, OFAC updated its SDN List, and on May 6, 2022 Treasury further updated its SDN List, to add certain VC addresses used by the Lazarus Group (Lazarus), which, according to OFAC, is a North Korean state-sponsored cyber hacking group that laundered illicit proceeds. OFAC previously sanctioned the Lazarus on September 13, 2019, under EO 13722, and identified it as an agency, instrumentality, or controlled entity of North Korea, based on its relationship to the US- and UN-designated Reconnaissance General Bureau, North Korea’s premiere intelligence organization.
On March 23, 2022, according to OFAC, Lazarus carried out the largest VC heist to date, worth almost $620 million, from a blockchain project linked to the online game Axie Infinity. According to OFAC, Blender was used by Lazarus in processing over $20.5 million of the illicit proceeds.
As a result of OFAC's SDN designation actions, all property and interests in property of the sanctioned parties and any entity that is at least 50% percent owned by a sanctioned party that is subject to US jurisdiction is blocked, meaning US persons are prohibited from engaging in transactions with such party. Any financial institution or other persons engaging in blocked transactions or activities with a blocked entity may be exposed to sanctions or enforcement action (see Practice Note, OFAC Economic Sanctions: Cryptocurrency and Blockchain ).