US Officials Add North Korea-Linked Bitcoin Mixer, More BTC and ETH Addresses to Sanctions List
The U.S. Treasury Department is ramping up efforts to ice the flow of stolen crypto from a historic $620 million hack.
Three North Korean front companies and one Russian national have been sanctioned for their roles in laundering funds from the now-infamous hack of South Korean crypto exchange Bithumb in 2018, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced Thursday.
The three North Korean entities — BTC Limited , Marine China Limited, and Interface Tech Limited — are all owned or controlled by the government of North Korea, according to OFAC. They used a “complex network of shell companies” to launder approximately $229 million in stolen crypto from Bithumb through 25,000 transactions on 300 different days, the agency said.
By routing the money through “hundreds of virtual currency addresses,” the companies were able to avoid U.S. sanctions and convert the money into fiat currency, OFAC said in its press release.
In addition to designating the three companies, OFAC also added seven individuals and two more BTC addresses — one belonging to BTC Limited and the other to Marine China — to its Specially Designated Nationals (SDN) List. Those on the list are subject to freezing of assets under U.S. jurisdiction and barred from doing business with Americans.
“North Korea continues to perpetrate cyberattacks to exploit digital currencies in order to obtain funds to support its WMD programs,” Treasury Secretary Steven Mnuchin said in a statement. “The United States is committed to tracking down and exposing cryptocurrency wallets used by malicious actors to prevent illicit actors from profiting from their crimes.”
The U.S. Department of Justice (DOJ) also announced indictments against the three companies and the seven individuals, alleging they had laundered millions in digital and fiat currencies.
“These actions build on our efforts to cut off North Korea’s illicit avenues of finance,” said Assistant Attorney General for National Security John C. Demers. “We will not allow North Korea to undermine global cybersecurity to advance its WMD and ballistic missile programs. We also warn the private sector that our sanctions tools can reach those who use cyber-enabled means to violate our laws, wherever located.”
This is not the first time DOJ has taken action against North Korea for its involvement in cryptocurrency crimes. In November 2019, the Treasury Department’s Office of Foreign Assets Control (OFAC) took action against two Chinese nationals and their companies for laundering more than $100 million in virtual assets stolen from a now-defunct cryptocurrency exchange
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned Blender.io, a North Korea-linked crypto mixing service that obfuscates the origin and destination of bitcoin transactions on Friday, and added bitcoin and ether addresses to its blacklist.
The move signals increasing pressure on North Korea’s illicit use of cryptocurrency to skirt sanctions and generate revenue for the cash-strapped regime, which has been hit hard by international sanctions over its nuclear weapons program.
“Treasury is targeting North Korea’s illicit activities conducted in the cyber space, including through cryptocurrencies. We will continue to enforce our sanctions against North Korea and work with the private sector to prevent sanctions evasion,” said Treasury Secretary Steven Mnuchin in a statement.
Blender was first identified as a North Korean bitcoin mixer in 2018 by researchers at Recorded Future. The firm said at the time that it had observed “a significant increase in flux activity” emanating from North Korea since early 2017, when international sanctions were tightened in response to the country’s aggression.
This is the first time a crypto mixing service has been added to OFAC’s sanctions list.
“Today, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned virtual currency mixer Blender.io (Blender), which is used by the Democratic People’s Republic of Korea (DPRK) to support its malicious cyber activities and money-laundering of stolen virtual currency,” OFAC said in a press release.
In its release, OFAC said that it had identified two North Korean addresses associated with Blender.io and added them to its list of Specially Designated Nationals (SDNs).
The move comes as part of the U.S. government’s “ongoing efforts to counter the financing of North Korea’s proliferation and development of weapons of mass destruction and ballistic missiles,” OFAC said.