Join the hunt for $12,000,000+ in NEXO Tokens!

Learn More

Treasury Sanctions Additional North Korean Wallets Tied to Ronin Hack

The U.S. Treasury has sanctioned three new addresses belonging to Lazarus Group.

Treasury Sanctions Additional North Korean Wallets Tied to Ronin Hack
Shutterstock photo by Chintung Lee

Key Takeaways

  • The U.S. Treasury's Office of Foreign Assets Control (OFAC) has sanctioned three North Korean crypto addresses.
  • Those addresses are tied to Lazarus Group, which carried out a $551 million attack on the Ronin blockchain last month.
  • Two of the addresses interacted with another Ethereum address that was originally sanctioned on Apr. 14.

Share this article

The U.S. Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned several North Korean Ethereum wallets tied to a hack of the Ronin blockchain that took place last month.

Treasury Sanctions Three Addresses

In a Twitter post dated Apr. 22, the U.S. Treasury said that it had added three cryptocurrency wallet addresses to its Specially Designated National (SDN) and Blocked Persons List.

The Treasury added that North Korea “has relied on illicit activities like cybercrime to generate revenue” and that the country has attempted to evade sanctions imposed by the U.S. and United Nations.

In addition to the three new addresses listed today, one address was originally sanctioned on Apr. 14. The three addresses listed today interacted with that original address, directly or indirectly.

The Treasury also said that anyone who transacts with the designated addresses “risks exposure to US sanctions” themselves. As such, it is possible that more sanctions are pending.

Addresses Tied to Lazarus Group

The Treasury’s list of sanctions shows that the designated accounts are Ethereum-based addresses belonging to Lazarus Group, a state-backed hacking group based in North Korea.

Lazarus Group was behind a $551.8 million exploit in March that targeted Axie Infinity and the Ronin blockchain. Both products have the same parent company, Sky Mavis.

Today’s update did not specifically state that the new sanctions were related to the attack on these platforms. However, the recency of the Ronin attack, combined with the fact that Ethereum addresses were listed, makes this the most likely cause of the update.

Incidentally, Binance announced today that it had recovered $5 million stolen during the attack on the Ronin blockchain.

The Ethereum coin mixing service Tornado Cash also said that it would block OFAC-sanction addresses last week.

Disclosure: At the time of writing, the author of this piece owned BTC, ETH, and other cryptocurrencies. 

Share this article