OFAC sanctioned Blender due to its alleged role in processing $20.5 million of illicit proceeds from the Axie Infinity heist. The theft, which occurred in March 2022, saw Lazarus steal over $600 million in virtual currency (173,600 ETH and 25.5 million USDC) from the play-to-earn game Axie Infinity by hacking private keys to its sidechain Ronin and forging fake withdrawals.
Since first sanctioning Lazarus in September 2019, OFAC has tied numerous virtual currency addresses to the group. This time, OFAC listed over 40 BTC and ETH addresses. All BTC addresses were added to Blender’s entry in the SDN list; four new ETH addresses were added to Lazarus’ existing entry.
Mixers work by pooling together funds from multiple sources and distributing them out at random times, obscuring the path of virtual currency transactions. As such, they are prone to being used for money-laundering. But they are by no means fool proof.
This has been demonstrated in recent cases involving the Ethereum-based Tornado.cash mixer. Earlier in May crypto investigators were able to follow funds routed through Tornado by a perpetrator of an alleged pump-and-dump scheme. They did this by linking the size of deposits to withdrawals from the service. They then follow the thread to a centralised exchange service where they raised the alarm. That case has resulted in an active investigation with the FBI.
It is possible that Lazarus knew this. Data shows it used a variety of methods to cover its tracks, including decentralised exchanges - where KYC is not required - to swap USDC for ETH.
All ETH addresses have been added to our Ethereum red flag checker: ethscamcheck.io
All BTC addresses have been added to Hoptrail’s databases.