In brief

  • The U.S. Treasury has sanctioned three additional Ethereum wallet addresses connected to a North Korean hacking group, Lazarus.
  • The wallets are tied to March’s $622 million hack of Ronin, a sidechain created for crypto game Axie Infinity.

Last week, the United States Department of the Treasury linked North Korean hacking group Lazarus to an Ethereum wallet used in March’s $622 million exploit of the Ronin Network, a sidechain created for play-to-earn game Axie Infinity.

Now, the department has identified three additional wallet addresses tied to the attack.

Today, the Treasury’s Office of Foreign Asset Control (OFAC) added the wallets to its list of sanctions tied to the state-sponsored Lazarus. Over the past week, all three wallets have been sent significant sums of stolen funds from the original wallet tied to the Ronin attack.

The latest move is important because Tornado Cash—a transaction mixing service that makes it more difficult to trace the movement of cryptocurrency between wallets—announced last week that it will automatically block any wallet addresses listed on OFAC’s sanctions list.


One of the newly-added wallet addresses began funneling funds through Tornado Cash earlier today, ahead of the U.S. Treasury’s latest additions. Following the Treasury’s move, the wallets will be prohibited from using Tornado Cash thanks to the Chainalysis-powered feature.

The bridge that connects the Ronin Network to the Ethereum mainnet was exploited in late March, with about $622 million worth of ETH and USDC stablecoin stolen in the process. According to Axie Infinity developer Sky Mavis, the bridge was exploited via “hacked private keys” that let the attacker sign fraudulent transactions.

Sky Mavis has pledged to either recover or reimburse the stolen user funds, and raised $150 million in new funding from investors to aid in that process. Binance led the round, with participation from Animoca Brands, Andreessen Horowitz, Paradigm, and others.

Earlier today, Binance CEO Changpeng “CZ'' Zhao tweeted that the cryptocurrency exchange had recovered $5.8 million worth of funds sent to it by the attacker’s wallet. The funds had been spread between 86 Binance accounts, according to Zhao.


Stay on top of crypto news, get daily updates in your inbox.