Mixing Service Sanctioned Over North Korean Link

Reading Time: 2 minutes
  • Crypto mixing service has been sanctioned by OFAC for assisting North Korean hackers
  •, which has since gone offline, was implicated in over $500 million worth of money laundering
  • Ronin hackers Lazarus washed over $20 million there recently

Mixing service has been hit with sanctions by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) because of its links to North Korean hacking groups. OFAC implicated as the route through which Lazarus, the state sponsored hacking group, laundered some of the $620 million worth of cryptocurrency it stole from the Ronin bridge in March as well as helping launder more than $500 million from other bad actors. Goes Offline

Mixing services have always been a source of concern for law enforcement agencies as they offer a way for hackers to obfuscate the source of funds and cash out their ill gotten gains. Never before has a single mixing service been targeted by authorities in this way however, with OFAC singling out as helping a multitude of hackers get their money out safely.

OFAC claims that was used in processing over $20.5 million of the proceeds from the Ronin bridge hack, and as such any entity using the service from now on will be considered in breach of sanctions and face years behind bars. This will be particularly hard to do now however, since has now gone offline.

Mixing Service Targeted for the First Time

Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson explained in a press release the level of importance that mixing services were now being afforded:

Today, for the first time ever, Treasury is sanctioning a virtual currency mixer. Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests. We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.

OFAC’s investigation also found that was used to launder money by, among others, Russian-linked malign ransomware groups including Trickbot, Conti, Ryuk, Sodinokibi, and Gandcrab.