On May 6, 2022, the US Department of the Treasury’s Office of Foreign Assets Control (“OFAC”) designated crypto mixer Blender.io as a Specially Designated National (“SDN”), marking the first time a virtual currency mixer has been sanctioned. The move is the latest in a series of sanctions designations and enforcement actions in the virtual currency industry based on a determination of involvement in malicious cyber attacks and laundering the stolen virtual currency proceeds of illicit ransomware attacks.

The May 6 designation follows several sanctions actions in the past few weeks alone in the virtual currency sector, including:

  • The April 20, 2022, designation of Russian crypto mining firm BitRiver and 10 of its subsidiaries for facilitating sanctions evasion by Russia and Russian entities
  • The April 14 and April 22, 2022, designations of several Ethereum addresses as being affiliated with North Korea’s Lazarus Group and involved in the $625 million Ronin bridge hack
  • The April 5, 2022, designations of the world’s largest darknet market, Hydra Market; virtual currency exchange Garantex; and over 100 virtual currency addresses based on their roles in enabling the transfers of ransomware proceeds and other actions deemed a threat to US national security and foreign policy interests

These actions build on last year’s designations of the first sanctioned virtual currency exchanges —Suex (September 2021) and Chatex (November 2021)—based on their roles in facilitating transactions involving the proceeds of ransomware attacks.

Virtual currency mixers such as Blender.io receive a variety of transactions and mix them together before transmitting them to their ultimate destinations. Although proponents of mixers tout their utility in increasing privacy in virtual currency transactions, enforcement officials have highlighted concerns about the exploitation of mixers to assist in sanctions evasion and laundering the proceeds of malicious cyber attacks and other criminal activity by obfuscating the original source of the virtual currency.

In announcing the designation of Blender.io, the Treasury Department stated that Blender.io assisted North Korean state-sponsored cyber hacking organization Lazarus Group, itself an SDN, in processing $20.5 million of the proceeds from the largest virtual currency heist to date, the hack of online game Axie Infinity’s Ronin bridge. OFAC’s investigation of Blender.io also revealed that it facilitated transactions for Russian-linked malign ransomware groups, such as Trickbot, Conti, Ryuk, Sodinokibi and Gandcrab. The designation means that all of Blender.io’s property interests in the United States or in possession or control of US persons are blocked and no US person may engage in any transactions or dealings directly or indirectly involving Blender.io.

In taking the actions described above, OFAC officials have acknowledged that the majority of virtual currency transactions are legitimate, while signaling the increased use of sanctions against platforms and tools that engage in facilitation of sanctions evasion or transactions involving the proceeds of malicious cyber attacks and other criminal conduct. We expect a continued increase in the use of sanctions designations against such actors, as well as increased enforcement action against companies that engage in transactions directly or indirectly involving these sanctioned entities. Moreover, these efforts are part of a multi-agency, coordinated policy and enforcement initiative that includes OFAC, FinCEN, the Department of Justice and other agencies, in coordination with international counterparts.1 Companies involved in virtual currency transactions should continue to track regulatory developments related to the industry at the national and international levels and ensure they have appropriate risk-based measures in place to identify and detect transactions and parties that may raise potential sanctions and money laundering risks.2