US Sanctions Cryptocurrency ‘Mixing’ Service for Aiding North Korean Hackers

The service, called, allegedly helped the North Korean state-sponsored hacking group Lazarus launder funds stolen from the $620 million Ronin Network hack.

For the first time, the US is sanctioning a cryptocurrency “mixing” service for helping North Korea launder some of the funds stolen in the $620 million hack of Ronin Network.

The sanctions target, a website that charges to “anonymize bitcoin transactions” by mixing it with funds from other users. The US Treasury Department claims the North Korean hackers behind the Ronin Network heist recently tried to launder $20.5 million of the stolen funds through

In addition, the US Treasury Department is signaling it’ll go after other cryptocurrency mixing services that are found helping hackers. The sanctions against essentially outlaw US persons and groups from conducting any business with the cryptocurrency service. Hence, using is against US law unless the Treasury Department grants a license to do so.

“Virtual currency mixers that assist illicit transactions pose a threat to US national security interests,” said Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson in the announcement.

The sanctions represent the US’s latest effort to stop the North Korean state-sponsored hacking group Lazarus, which is best known for the Sony Pictures hack of 2014 and the WannaCry ransomware outbreak. Last month, the FBI linked the Ronin Network heist to Lazarus, too.

In recent years, the hacking group has been focused on stealing from banks and cryptocurrency-related services. But to cash out the stolen funds, Lazarus has had to rely on laundering services, which can help mask the origins of the ill-gotten gains. This led North Korean hackers to launder over 65% of their stolen funds through multiple mixing services, according to the cryptocurrency tracking firm Chainalysis.

The US Treasury Department claims is “commonly used by illicit actors,” and has already helped mix and transfer more than $500 million worth of Bitcoin since the site’s creation in 2017. Other hacking groups that have used the service include several Russian-linked ransomware groups behind Trickbot, Conti, Ryuk, Sodinokibi, and Gandcrab.

Chainalysis added that sanctioning shows the US “is focused on fighting not just the hackers themselves, but also the illicit services they rely on to launder stolen funds.” However, the company is warning that more needs to be done or else the North Korean hackers will continue to loot from cryptocurrency projects.

“In the long term, Web 3.0 and DeFi practitioners must band together to fight the advanced persistent threats targeting them. This problem can only be solved by the entire ecosystem working together, with the help of law enforcement,” Chainalysis added. didn’t immediately respond to a request for comment.

Content retrieved from: