The Blender.io sanction is the latest in a series of moves by U.S. authorities to crack down on cryptocurrency-related crime. While this may cause concern among some members of the crypto community, it’s important to remember that these crackdowns are happening because regulators are just starting to come to terms with this new technology. In the long run, these sanctions will prove to be nothing more than a speed bump on the road to mainstream adoption of cryptocurrencies. First, let’s see this sanction and how it happened.
While the cryptocurrency world was looking at eth price prediction 2025, Axie infinity, one of the most popular play-to-earn games, was hacked and lost $625 million. This is one of the biggest crypto hacks to date, and there is no other person to blame except North Korean hackers, the Lazarus group.
While this was the first popular Lazarus group attack of the year, their tally for last year (seven) shows they are not done yet.
One of the U.S. agencies involved in Financial Intelligence and Terrorism reported that the treasury is sanctioning a digital currency mixer for the first time in history. There will also be sanctions placed on the Democratic People’s Republic of Korea for illegal financial activities. It is worth knowing that the Lazarus group is one of the many DPRK hacking companies.
As part of the sanctions, Blender.io has to report all its property in the United States or under the custody of a U.S. citizen to the Office of Foreign Assets Control.
Although Blender was not involved in processing the full stolen amount, roughly $20.5 million, or 3% of the money, was processed through them. This was in the form of 173,000 Ether and over 25 million USDC.
Another reason why the state is sanctioning Blender is that it has had money laundering experience for other scam groups, most notably, Russia-linked hacking groups like Ryuk, TrickBot, and Gandcrab.
At the time of writing, the Blender website has been taken offline.
Also, four wallets have been identified as conspirators in the hack. And they have been added to the list of (SNDPs) Specially Designated Nationals and Blocked Persons. According to a tweet from the U.S. government department, shortly after the hack was discovered, the ethereum addresses were added to the watch list to counter North Korea’s move to avoid sanctions by the United States.
Surprisingly, the Ronin bridge attack took place towards the end of March, but no one knew about it until a week later. Thankfully, over $150 million has been raised by Sky Mavis, a game development organization responsible for accessing the game, and Binance has recovered almost $6 million of the money spread across 86 different wallets.
This is not the first time a hack of this magnitude is happening. Over $300 million was stolen through a Solana wormhole earlier this year. The hope in the crypto world is that, like the Solana wormhole hack, the hackers of Axie infinity would return the laundered funds. There is no proof to suggest this will happen as the hackers leave no room for communication.
All hopes are not lost, though, as Elliptic, a renowned crypto data analytics company, has followed through with $540 million of the stolen crypto and has announced that the hackers have begun laundering the funds by sending them to decentralized exchanges.
Could this hack have been avoided?
One thing that has made blockchain technology quite popular is the feature of decentralization. Removing power from the hands of one entity means a lot more work would have to be done if the system is breached. Many protocols have to lend a leaf from the Ethereum 2.0 beacon chain and understand that none is concerned about how delayed the product seems since it is a good fit for their needs.
The Ronin bridge has nine validation slots, which is still acceptable for a system its size, but one person controls four out of these nine. That right there proved to be the Achilles heels.
The game developers have tried to shift the fault from technical lags, but since the entry point of the user was through a backdoor entry from a validator node, seeing that there is no method of revoking access to third-party validators, it shows the system still has an overwhelming level of centralization.
Perhaps, there was the assumption that it could not have happened, or its $4 billion valuation meant it was too big to be hacked, but that notwithstanding, a lot more could have been done in its cross-bridge security, seeing that cross-bridge hacks have been the norm for some years now.
Either way, the plan is to increase the number of nodes to 21 and have a community vote if the funds are not recovered in the next two years.
