North Korea’s Lazarus Group Used Mixer to Launder Stolen Cryptocurrency

North Korea’s Lazarus Group Used Mixer to Launder Stolen Cryptocurrency

The United States sanctioned virtual currency mixer on Friday for its role in enabling the Democratic People’s Republic of Korea North Korea to conduct malicious cyber activities and money laundering of stolen virtual currency.

Virtual currency mixers or tumblers help obscure the original source of funds.

For instance, if you put in one crypto coin that needs obfuscation, the tumbler breaks it up into multiple pieces, mixes the pieces up with other clean coins and then redistributes random increments of the tumbled coins to designated cryptocurrency wallets at random times. This is the first instance of the Treasury Department’s Office of Foreign Assets Control imposing sanctions on a digital asset mixing service.

The Treasury’s move is a significant one, as it clearly sends a message to the cryptocurrency industry that anyone who facilitates the movement or obfuscation of sanctioned entities will be held accountable. The same goes if you assist a sanctioned entity, says William Callahan, a Drug Enforcement Administration veteran who established the agency’s money laundering audit team and helped develop policy and procedures for undercover operations involving cryptocurrency.


The latest sanctions indicate that all property belonging to, owned in the U.S. or by U.S. citizens, will be blocked. If any of the blocked individuals own more than 50% of any entity, that entity will also be blocked.

The sanctions also prohibit U.S. persons from conducting any transactions with the blocked persons. The Treasury released a 28-page document in October 2021 on sanctions compliance guidance for the virtual currency industry.

“Today, for the first time ever, Treasury is sanctioning a virtual currency mixer,” says Brian E. Nelson, undersecretary of the Treasury for terrorism and financial intelligence. “Virtual currency mixers that assist illicit transactions pose a threat to U.S. national security interests. We are taking action against illicit financial activity by the DPRK and will not allow state-sponsored thievery and its money laundering enablers to go unanswered.”

The Treasury Department, in its statement, adds: “The DPRK has resorted to illicit activities, including cyber-enabled heists from cryptocurrency exchanges and financial institutions to generate revenue for its unlawful weapons of mass destruction and ballistic missile programs.”, operating on the Bitcoin blockchain, “indiscriminately facilitates illicit transactions by obfuscating their origin, destination, and counterparties,” the Treasury statement says. “ has helped transfer more than $500 million worth of Bitcoin since its creation in 2017.”

The agency did not immediately respond to Information Security Media Group’s request for comment on how it traced the illicit transactions to, whether the laundered funds have been recovered or not, or what its next steps are.

The sanctioned mixer was used by North Korean hacking group Lazarus to launder more than $20.5 million of the $620 million it stole from Axie Infinity, a non-fungible token-based online video game, according to the Treasury statement. The state-sponsored group’s attack on Axie is the largest virtual currency heist recorded, to date.