The US Treasury Department linked North Korea’s hacker group, Lazarus, to an ETH wallet involved in last month’s $622 million Ronin Network attack.
The Treasury Department’s Office of Foreign Asset Control (OFAC) has now added three Ethereum addresses to its blacklist, one of which has already been linked to the Ronin attack.
On April 22nd, funds were transferred from one of the newly blacklisted addresses to another intermediary before landing again at Tornado Cash, a decentralized mixer on the Ethereum blockchain. Tornado Cash has not communicated with any of the blacklisted addresses.
The Treasury’s Office of Foreign Asset Control (OFAC) added the wallets to the list of sanctions related to the state-sponsored Lazarus on March 23rd. Over the last week, the three wallets have received over $150 million of the stolen ETH from the initial wallet linked to the Ronin attack. In total, over $281 million remains in the original Ethereum address used to receive the funds stolen from Ronin.
OFAC mandates that any sanctioned entities dealing with the US banking system be blacklisted. To this effect, Tornado Cash announced that they would block funds from OFAC sanctioned addresses. According to a tweet from the Tornado Cash team, “Tornado Cash uses @chainalysis oracle contract to block OFAC sanctioned addresses from accessing the dapp. Maintaining financial privacy is essential to preserving our freedom, however, it should not come at the cost of non-compliance”.
The mixer used a compliance tool provided by blockchain analytics firm, Chainalysis, that allowed it to blacklist specific addresses but only on the user-facing decentralized software that Tornado Cash’s administrators have control over. Individuals can still bypass this compliance tool by using the protocol itself.
The bridge that connects the Ronin Network to the Ethereum mainnet was compromised in late March. According to Sky Mavis, an Axie Infinity developer, the bridge was compromised using “hacked private keys” that let the attacker sign false transactions.
If you would like to read more news articles like this, follow DeFi Planet on Twitter, LinkedIn, Instagram and Facebook.
