The U.S. Treasury Department’s Office of Foreign Assets Control today issued first-of-its-kind sanctions against a cryptocurrency mixing service, Bender.io, with links to North Korea.

In a press release on Friday, OFAC said that the mixer is allegedly being used by hackers in North Korea to “support its malicious cyber activities and money-laundering of stolen virtual currency.”

Crypto mixers are privacy-enhancing services that allow users to erase the digital money trail left by most transactions on blockchain networks like Bitcoin and Ethereum. Data for all ordinary transfers on such networks is publicly accessible, which is helpful to authorities when cracking down on illicit finance. Mixers can make that job more difficult, however. 

OFAC claims that Blender has been used to launder funds for Russian-linked ransomware groups such as Trickbot, Conti, Ryuk, Sodinokibi, and Gandcrab. It also alleges that Blender was used to obfuscate $20.5 million of illegal proceeds connected to the infamous Ronin hack in March. The theft—one of the largest ever in crypto at $620 million—drained the treasury of the popular play-to-earn game Axie Infinity, and hackers then dispersed the funds to various exchanges and mixers afterward.

“Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson in a press release. “We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”

The department will also update its List of Specially Designated Nationals and Blocked Persons (SDN List) to include crypto addresses linked to the Lazarus Group, an anonymous cybercrime group linked to the North Korean state that has been sanctioned by the Treasury since 2019.

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.