Blender.io matters in enforcement history because it was the first Bitcoin mixer formally sanctioned by OFAC. On May 6, 2022, the U.S. Treasury designated the service after alleging that it helped launder funds tied to North Korea's Lazarus Group, including proceeds from the Ronin bridge exploit. That decision changed the policy conversation immediately: mixers were no longer treated only as AML-risk services, but as sanctions-risk infrastructure when linked to state-backed hacking campaigns.
The case also marked a shift in operational risk for everyone around mixer ecosystems. Once OFAC publicly lists service addresses, the effect propagates across exchanges, payment processors, wallets, and compliance vendors. Even users with lawful intent can feel second-order consequences when risk systems tighten around related clusters and counterparties.
Timeline
The progression from service activity to sanctions followed a pattern now common in later actions:
- 2017–2021: Blender is active in public forums and underground channels, promoting custodial mixing features.
- March 2022: investigators tie portions of post-hack laundering activity to Blender-linked infrastructure.
- May 6, 2022: OFAC adds Blender to the SDN list and publishes associated addresses and warning language.
- Late 2022 onward: market observers connect successor activity to Sinbad, later followed by the 2023 Sinbad sanctions.
For operators, the important point is that enforcement pressure does not reset when branding changes. Address intelligence, infrastructure overlap, and partner records often outlive domain names.
OFAC Findings
OFAC's public framing emphasized that Blender allegedly processed major illicit flows tied to sanctioned actors and other criminal proceeds. The designation narrative highlighted three recurring concerns:
- Routing value from high-profile Lazarus-linked thefts and related laundering chains.
- Handling additional criminal proceeds beyond one single incident.
- Relying on counterparties and processors with weak or non-existent AML controls.
Another practical takeaway was that the listing did not stop at core hot wallets. Publicly attributed addresses linked to operations and promotion were also surfaced, showing how marketing activity can become evidentiary context during sanctions actions.
Lessons & Compliance
- Rebrands do not erase exposure: sanctions risk can carry forward across overlapping infrastructure and flows.
- Public promotion creates records: forum posts, ad wallets, and payout trails can later support attribution work.
- SDN effects propagate fast: once listed, related UTXOs and counterparties face freeze/reporting pressure at compliant venues.
If you operate or integrate privacy infrastructure, treat sanctions controls as core operations, not an afterthought. Screen inbound flows, log policy decisions, and keep evidence of SDN-blocking controls. For user-side checks, the BitMixList AML Checker helps surface obvious exposure before funds reach regulated endpoints.
References
- U.S. Treasury sanctions Blender.io (2022)
- FIOD press release on Sinbad seizure (2023)
- Reuters coverage of Sinbad sanctions
Author
NotATether
Bitcoin privacy researcher and maintainer of BitMixList. Focused on mixer history, enforcement timelines, and practical privacy workflows for users operating in high-friction jurisdictions.
