Sanctioning an Ether Address Isn't Stopping Transactions

The operators of a crypto wallet added to the U.S. sanctions list continue to offload their funds.

AccessTimeIconApr 22, 2022 at 5:20 p.m. UTC
Updated May 11, 2023 at 3:47 p.m. UTC
Drive the Crypto Policy Conversation Forward
October 24, 2023 • Convene • Washington D.C.Where the industry establishes the digital economy’s legal, regulatory and compliance best practices for the future.Register Now

I heard some of y’all took issue with my suspicion that a spot bitcoin ETF won’t be approved this year. Come tell me why I’m wrong! But in the meantime, let’s talk about crypto and its relationship to sanction enforcement, specifically within the context of last week’s revelation that North Korea was behind the Axie Infinity Ronin breach.

And apologies for the lateness of this week’s newsletter. Need to claim extenuating circumstances, and next week’s will be in your inbox on Tuesdays as normal.

You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

Sanctions evasion

The narrative

According to the U.S. government, a North Korea-linked hacking group was behind last month’s $625 million Ronin bridge hack. In other words, a nation state was behind one of the largest crypto hacks. There's a growing story in North Korea’s actions here, but that actually isn’t the main point of interest for me.

Why it matters

North Korea appears to be hacking crypto exchanges and networks to seize funds for its own personal usage. And of more immediate interest, adding an Ethereum address to the U.S. sanctions list does not appear to have halted the laundering of funds.

Breaking it down

The U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) added a single, solitary Ethereum address to its Specially Designated Nationals list, otherwise known as its sanctions list.

The address was tied to the hack of Axie Infinity’s Ronin Bridge, which saw some 173,000 ETH and 25.5 million USDC (worth around $625 million on March 29) stolen from the bridge network.

What’s really interesting is the wallet continued to send funds out after it was added to the sanctions list. Within 24 hours the controller of the wallet – said to be the North Korean hacker organization known as Lazarus – sent nearly 3,000 ETH to coin mixer Tornado Cash, repeating a pattern the hackers began after stealing the ether.

These transfers out continued through earlier this week. In many cases, the funds appear to have gone to an intermediary wallet before being sent to Tornado Cash.

In the past, parties that assisted sanctioned entities faced being added to the U.S. sanctions list themselves.

Anand Sithian, counsel at Crowell & Moring and a former trial attorney in the money laundering division at the U.S. Department of Justice, said crypto companies should watch for addresses and wallets tied to mixers, and in particular the fact that regulators like the Financial Crimes Enforcement Network (FinCEN) have “highlighted the financial crimes risks associated with mixers, which obfuscate the source of transactions, and thereby prevent tracing transactions on the blockchain.”

“To the extent there are U.S. touch points, or U.S. persons involved in such transactions, crypto companies could face enforcement from FinCEN, OFAC and/or the U.S. Department of Justice, depending on the activity at issue and whether any U.S. laws were violated,” he said. “Even without a violation, an investigation can be incredibly taxing on resources and distracting to leadership. As a result, crypto companies may wish to steer clear of mixers, to the extent possible.”

Tornado Cash’s executives have said that sanctions cannot be applied to the protocol itself, former CoinDesker and current Bloomberger Muyao Shen reported last month.

On Friday, the mixer added a Chainalysis compliance tool to its user-facing decentralized application that blocks transactions from the sanctioned address – though, again, the protocol itself is unaffected.

Regulators may not agree, but at least so far, the funds are continuing to move.

Meanwhile, on the North Korea front, the U.S. government is warning that the nation may continue to try and exploit crypto companies (and others) to raise funds.

Biden’s rule

Changing of the guard

Key: (nom.) = nominee, (rum.) = rumored, (act.) = acting, (inc.) = incumbent (no replacement anticipated)
Key: (nom.) = nominee, (rum.) = rumored, (act.) = acting, (inc.) = incumbent (no replacement anticipated)

U.S. President Joe Biden formally announced his intention to nominate former Treasury official, former Ripple board member and current University of Michigan Dean Michael Barr to be the Fed vice chair for supervision.


  • Some Indian Payment Processors Cut Off Local Crypto Exchanges: A handful of Indian crypto exchanges announced they were halting rupee deposits or withdrawals.
  • Attacker Drains $182M From Beanstalk Stablecoin Protocol: So my understanding is this wasn’t a hack or exploit, and can perhaps only technically be described as an attack. At any rate, the perpetrator here used a flash loan (a loan that is repaid almost instantaneously, perhaps within the same block) to borrow a hefty number of Beanstalk’s governance tokens, which the attacker used to vote in favor of a protocol change that sent all of Beanstalk’s funds to the attacker. All of this was “legal” in terms of the code’s setup.
  • Crypto Proponents Fear SEC 'Backdoor' Regulations on Exchanges, Dealers: CoinDesk’s Jesse Hamilton digs into a pair of SEC proposals that has the crypto industry up in arms: Basically each proposal would appear to redefine the terms “exchange” and “dealer” (respectively) in such a way that they might encompass crypto protocols and decentralized platforms. However, it’s not clear – and this uncertainty has industry advocates worried.

Outside CoinDesk:

  • (CNBC) The U.S. Secret Service has seized roughly $102 million in cryptocurrencies over the past seven years, according to assistant director of investigations David Smith.
  • (Mel Magazine) An older article, but in honor of Monday being the tax deadline in the U.S., here’s a reminder that you should track all of your transactions because it will terrify your tax professional.
  • (Politico) Prime Trust was listed as the contributor of $14 million sent to the Protect Our Future super Political Action Committee in Federal Election Commission filings. In reality, it seems Prime Trust was actually the intermediary for funds sent by FTX founder Sam Bankman-Fried and FTX engineering director Nishad Singh.
  • (The New York Times) Last week, my commute to the office was interrupted when my subway line stopped for what the engineer running the train described as “police activity ahead.” It wasn’t until I got into the office that I learned there had been a mass shooting several stops ahead. This Times ticktock details how it all unfolded.
  • (University of Wisconsin) Researchers at the University of Wisconsin looked into whether muting video conferencing apps actually stopped them from recording audio. The privacy-focused amongst you will not be thrilled by their results. The actual paper is here.

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at or find me on Twitter @nikhileshde.

You can also join the group conversation on Telegram.

See ya’ll next week!


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Nikhilesh De

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.