It’s a first. On Friday, May 6, the US Treasury sanctioned a cryptocurrency “mixer”, a service responsible for scrambling the traces of transactions on the blockchain. The company under investigation, Blender.io, is accused of cooperating in the laundering of more than $20 million stolen by the cybercriminal gang Lazarus.
In March, this group of hackers affiliated with the North Korean state hacked into a network called the Ronin Network, which acted as an intermediary between video games based on NFT Axie Infinity and the Ethereum Blockchain. For example, they embezzled the revenue of the platform, for a loot of 620 million dollars.
On public blockchains, such as Bitcoin or Ethereum, anyone can see the amounts of cryptocurrency placed on a wallet, as well as the transactions between them. Admittedly, the identity of the wallet holders is not indicated, but it can be deduced quite easily, especially if the amounts become large.
Some companies, such as Chainalysis and Elliptic for the most famous, have specialized in observing and analyzing blockchains. The government also monitors transactions. In theory, this transparency could prevent criminals from using cryptocurrency conversion as a money laundering technique.
This is where mixers come in. These services will use thousands of different wallets to encrypt cryptocurrency transactions. So if a user wants to transfer 250 bitcoins from wallet A to wallet B, the amount (along with a commission indexed on the complexity of the mix) on wallet A is debited by different wallets, then he receives the same amount on wallet B, from other wallets. Thanks to the mixer, no link can be made between the user’s A and B wallet, which can significantly complicate the work of law enforcement.
The end of an era for mixers?
Friday’s decision by the US Treasury Department could mark the end of an era for blenders. While these services are believed to be most commonly used for legal transactions, their role in laundering cybercriminal activities, including ransomware, is an open secret. †lVirtual currency mixers that support illegal transactions pose a threat to US national securitysaid Brian E. Nelson, the Secretary of the Treasury for Terrorism and Financial Intelligence.
Here the identity of the service user, Lazarus Group, is problematic: the gang is part of the APT (advanced persistent threats)) the most famous in the world and the Treasury has been eyeing it since 2019. The APTs are particularly formidable: funded and backed by a state, these groups of hackers have a more sophisticated attack power than the other traditional cybercriminal gangs. The regulatory arm of the United States Department of the Treasury, theOffice of Foreign Assets Control (OFAC) had already blacklisted cryptocurrency wallets linked to Lazarus’ activity, and last Friday it added new ones.
OFAC accuses Blender.io of “facilitate illegal transactions by disguising their origin, destinations and counterpartiesThe site was not seized, but went offline all weekend, before reappearing Monday. It still seems to be in a bad position: OFAC has also identified links between Blender .io and wallets used by major ransomware operators such as Ryuk, REvil (Sodinokibi), and Conti.Elliptic add that the site was likely used to launder money from the illicit online marketplace Hydra, which was also approved by the Treasure this year.
Blenders do not verify the identities of their users, meaning Blender.io is highly unlikely to stand alone. In August 2021, mixer operator Helix confessed to being involved in $300 million laundering, and in April 2022, Bitcoin mixer operator Frog was charged with $335 million laundering. Bad luck for Blender.io, his case is the first to directly involve the US Treasury. But this tendency of government agencies to seize the subject is not unique to the United States. The British crime organization had already called for blenders to be regulated by March 2022.
Unfortunately, cyber criminals have an easy way out, even if the mixers are sanctioned. Some cryptocurrencies, such as Monero, rely on private, completely opaque blockchains, which completely prevent transaction tracking. Many gangs and other illegal markets are already asking their victims or users to prefer using these cryptocurrencies over Bitcoin and Ethereum (the two most popular cryptocurrencies).