The United States Treasury Department has added three Ethereum wallet addresses to sanctions allegedly linked to the hacker group responsible for the theft of more than $600 million in crypto from nonfungible token game Axie Infinity’s Ronin sidechain.
In a Friday update, the Treasury Department’s Office of Foreign Assets Control, or OFAC, listed three Ethereum addresses to its Specially Designated Nationals restrictions for North Korea’s Lazarus Group. U.S. authorities, including the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, have targeted the group over its alleged role in taking more than 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) from the Ronin sidechain in March — the tokens were worth more than $600 million at the time.
The U.S. government department hinted in a Friday tweet that the addresses were added to the list in an effort to stop North Korea from evading sanctions imposed by the United States and United Nations. Blockchain records show at least one of the wallet addresses connected to the Ronin hackers sent funds to crypto mixer services including Tornado Cash.
OFAC added 3 virtual currency wallet addresses to the SDN Listing for Lazarus Group. The DPRK has relied on illicit activities like cybercrime to generate revenue while trying to evade US & UN sanctions. Transacting w/ these risks exposure to US sanctions. https://t.co/GMNZkwe1IA
— Treasury Department (@USTreasury) April 22, 2022
Chainalysis reported in January that North Korea stole roughly $400 million in cryptocurrency through cyberattacks in 2021, meaning the Ronin theft could represent its largest haul to date. Illicit funds linked to hacking groups from the reclusive nation were primarily in Ether at 58%, Bitcoin at 20% and other tokens at 22%.
The addition of the ETH addresses was the latest measure identifying digital assets imposed by OFAC as a means for sanctioned governments to obtain funding. In April, the government department announced it had targeted Russia-based darknet marketplace Hydra and digital currency exchange Garantex for alleged connections to payments from ransomware attacks and other cybercrimes, as well as crypto mining firm BitRiver.