US Treasury Sanctions More North Korea-Linked ETH Wallets Over $600M Ronin Hack
The three new wallets join an Ethereum address added to the sanctions list last week.
Apr 22, 2022 at 6:04 p.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/OL7FC4LRBBBQJLBZD7YLKIVKY4.png)
/arc-photo-coindesk/arc2-prod/public/LXF2COBSKBCNHNRE3WTK2BZ7GE.png)
U.S. government officials are throwing a wider sanctions dragnet over alleged North Korean crypto wallets.
On Friday, the Treasury Department's Office of Foreign Asset Control (OFAC) added three Ethereum addresses to its sanctions list, joining an address listed last week that the federal government tied to the theft of around $600 million in crypto from Axie Infinity's Ronin bridge. All three addresses had received sizable inbound transfers of stolen ether (ETH) from the originally sanctioned wallet over the past week.
The operators of the Ronin exploit wallet, said by the FBI and OFAC to be North Korea's Lazarus hacking group, have been laundering funds by moving them from a sanctioned address to an intermediary address before sending the funds to Tornado Cash, a mixer designed to obfuscate the source and destination of funds moved through the service.
This pattern repeated on Friday, when funds moved from one of the newly sanctioned addresses to another intermediary before once again landing at Tornado Cash.
None of the sanctioned addresses have directly interacted with Tornado Cash.
The nature of Tornado Cash makes it difficult for the operators of the service to blacklist addresses, as OFAC requires any entities touching the U.S. financial system to do. The mixer adopted a compliance tool offered by blockchain analytics firm Chainalysis that lets it blacklist certain addresses, but only on the user-facing decentralized app that Tornado Cash's operators can influence. Individuals can still use the protocol itself to bypass this compliance tool.
Also, at least as of last week, the Chainalysis tool only listed the originally sanctioned address.
A representative for Tornado Cash previously told CoinDesk that "OFAC is the judge of what addresses need to be banned."
"It’s a guessing game so far. I assume only 1 address has been identified by OFAC that should be sanctioned relating to that event. Which means Chainalysis update[s] whatever is in sanction’s list," the representative said.
Officials have accused the Hermit Kingdom of mounting an aggressive hacking spree against the crypto economy.
This is a developing story and will be updated.
Disclosure
Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is an award-winning media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. In November 2023, CoinDesk was acquired by Bullish group, owner of Bullish, a regulated, institutional digital assets exchange. Bullish group is majority owned by Block.one; both groups have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary, and an editorial committee, chaired by a former editor-in-chief of The Wall Street Journal, is being formed to support journalistic integrity.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/fa5ce9a3-9c4d-4ed4-bb04-c7af51bf1a0d.jpg)
Danny is CoinDesk's Managing Editor for Data & Tokens. He owns BTC, ETH and SOL.
:format(webp)/www.coindesk.com/resizer/BETd9o0r2OHtd2vT2ZqY9QPrJps=/arc-photo-coindesk/arc2-prod/public/ODFQHDRZFJG7XNVO7P6PUYMWS4.png)
Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.
Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.