US Treasury Sanctions First Crypto Mixing Service Following Record Hack

In its first sanction against a crypto mixing service, the Treasury targets Blender.io, which it says was used in the Ronin Network breach

by Casey Wagner /
article-image

Blockworks exclusive art by axel rangel

share

key takeaways

  • North Korean mixer Blender.io was used to conceal funds from the Ronin Network hack
  • The Treasury has already sanctioned the group the FBI said is responsible for the largest cryptocurrency hack to date

The US Treasury Department has levied its first sanctions against a crypto mixing service, or a means of obscuring the origin of a digital asset. 

Newsletter

Subscribe to Blockworks Daily

The Treasury on Friday alleged North Korea-based hacker Lazarus Group — which in March allegedly stole $625 million from Ethereum-linked sidechain Ronin Network — used the sanctioned company, Blender.io, to conceal the illicit funds.

Blender was used to launder more than $20.5 million of the hacked cryptocurrency, the Treasury said in a statement. The attack remains the largest crypto hack on record. 

“Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests,” said Brian Nelson, under secretary of the Treasury for terrorism and financial intelligence. “We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money-laundering enablers to go unanswered.”

In April, the Treasury in its first move sanctioned Ethereum addresses linked to Lazarus Group.

The news comes as the digital asset industry continues to evaluate the role and risks of mixer services. Hackers used mixing service Tornado Cash to try to conceal 5,400 stolen ether linked to April’s $80 million Fei Protocol hack, according to BlockSec Chief Technology Officer Lei Wu.

The services, while known to be often linked to money laundering, are not illegal.

“There are legitimate privacy concerns that [mixers] can help address,” Kim Grauer, director of research at Chainalysis, said during a panel at the Cornell Blockchain Conference in New York. “There is a lot of hacking happening, which is another bad impact of growing so fast, but there’s also an opportunity there to build more secure platforms.”

Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Permissionless IV Hackathon

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

learn more

Permissionless IV

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

buy ticketslearn more

Digital Asset Summit 2025

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

buy ticketslearn more

recent research

Research Report Templates.png

Research

Hyperliquid: Not Done

Despite ending its points program, Hyperliquid has maintained a dominant market position with 77% of perpetuals DEX volumes, though overall volume has decreased from early 2025. It is the only DEX that has been able to compete with CEX volumes. Hyperliquid's success stems primarily from rapid, relevant token listings and superior UX for users and market makers, particularly its API - which is how market makers interact with the protocol. The controversial oracle price override during the JELLY incident exposed risks in the Hyperliquid Liquidity Pool (HLP), though the team has since implemented risk management adjustments. The HyperEVM is currently underoptimized and lacks necessary precompiles, but represents an important strategic expansion to enable asset issuance and DeFi composability.

by Boccaccio

/

news

article-image

Business

Exclusive: Securitize acquires MG Stover’s Fund Administration business

Securitize announced it acquired a crypto-focused fund administration firm

by Katherine Ross /
article-image

0xResearch NewsletterDeFi

What would it take for ETH to succeed?

ETH’s success hinges on the resource of data availability, particularly how much it sells to L2s

by Donovan Choy /
article-image

BusinessThe Drop

Exclusive: Solayer launches crypto rewards Visa debit card

Solayer’s Emerald Card integrates SolanaID so users can build their “onchain reputation.”

by Kate Irwin /
article-image

DeFiSupply Shock

Crypto Singularity: How Bitcoin redefined value at $1

In 2011, bitcoin blew past the one-dollar event horizon and never looked back

by David Canellis /
article-image

Sponsored

WalletConnect unlocks transferability of WCT token, marking a major step in its decentralization journey

Transferability of WCT brings the onchain economy closer to a more open, permissionless, and community-driven experience

article-image

Empire NewsletterMarkets

USDC’s ‘fueling’ stablecoin market cap rise: Wintermute

Taking a look at the biggest stablecoin players and where they stand

by Katherine Ross /