U.S. Sanctions More North Korean ETH Addresses Over $600M Ronin Hack

The U.S. Department of the Treasury last week connected North Korean hacking organization Lazarus to an ETH wallet used in last month’s $622 million Ronin Network hack, a sidechain established for the play-to-earn game Axie Infinity.

Now, the Treasury Department’s Office of Foreign Asset Control (OFAC) has added three Ethereum addresses to its blacklist, including an address already named as being associated with the Ronin hack.

The Treasury department suggested in a Friday tweet that the addresses were added to the sanctions list to prevent North Korea from circumventing U.S. and UN sanctions.

Suggested Reading | Polygon Allots $100 Million For Expansion Of Blockchain ‘Supernets’

Moving ‘Dirty Money’

At least one of the wallet addresses tied to the Ronin hackers transmitted payments to cryptocurrency mixer services such as Tornado Cash, according to blockchain records.

Additionally, the Treasury stated that anyone who transacts with the identified addresses “exposes themselves to U.S. sanctions.” As so, further sanctions may be forthcoming.

The addition of the wallet addresses to the list of sanctioned entities associated with the state-sponsored Lazarus is significant because Tornado Cash — a transaction mixing facility that makes it harder to track down cryptocurrency movement between wallets — revealed last week that it will automatically prevent any wallet addresses included on OFAC’s sanctions list.

The mixer implemented a certification tool developed by blockchain analytics firm Chainalysis that enables it to blacklist specific addresses, but only on the user-facing decentralized software that Tornado Cash’s operators control.

Individuals can still circumvent this compliance tool by using the protocol itself.

ETH total market cap at $356.25 billion on the weekend chart | Source: TradingView.com

Biggest ETH Hack To Date

The so-called bridge connecting the Ronin Network to the Ethereum mainnet was breached in late March, resulting in the theft of around $622 million worth of ETH and USDC stablecoin.

According to Sky Mavis of Axie Infinity, the bridge was compromised via “hacked private keys” that let the attacker to sign false transactions.

North Korea stole over $400 million in cryptocurrencies through hacks in 2021, according to Chainalysis, implying that the Ronin theft may be its largest to date.

Illicit monies related to the reclusive nation’s hacking gangs were predominantly in Ether at approximately 60%, Bitcoin at 20%, and other tokens at 20%, reports revealed.

Recovering The Stolen Crypto

In a related news, Binance disclosed Friday that it has recovered $5 million in funds stolen during the Ronin blockchain hack. According to Binance CEO Changpeng “CZ” Zhao, the cash were divided over 86 Binance accounts.

The U.S. government said earlier this month that it had targeted Russia’s darknet marketplace Hydra and digital currency exchange Garantex for alleged ties to ransomware and other cybercrime payments, as well as crypto mining firm BitRiver.

Suggested Reading | Binance Hits Back At Reuters, Claims Data Sharing Report With Russia Is ‘Categorically False’

Featured image from Panda Security, chart from TradingView.com