After blaming North Korea for the Ronin hack, the US Treasury adds three new addresses to its sanctions list. Binance and Tornado Cash have also joined the effort in this investigation.
The US Treasury is investigating the Ronin hack
Earlier this month, the Office of Foreign Assets Control (OFAC), a department of the US Treasury, accused North Korea of being behind the hack of the Ronin sidechain, dedicated to the blockchain game Axie Infinity.
It is more precisely the Lazarus group that is implicated. The latter has already been involved in several hacks within the crypto ecosystem.
At the end of last week, the US Treasury sanctioned 3 new addresses that would be affiliated with this North Korean group in the Ronin case. These addresses have been added to the Specially Designated Nationals and Blocked Persons List (SDN list). This is a list managed by OFAC, and the individuals on it are subject to sanctions and embargoes.
In the past week, the addresses in question have all received millions of dollars in funds from the address responsible for the attack.
Binance and Tornado Cash join the effort
The Ronin sidechain attack is the second largest decentralized finance (DeFi) hack to date, with $620 million in cryptocurrencies stolen at the time of the event. We don’t know if all the funds will ever be recovered, but in view of the scale of this case, exceptional measures are being taken.
On April 15, for example, the blender Tornado Cash, known for anonymising transactions, announced that it was using a Chainalysis oracle smart-contract to block OFAC-sanctioned addresses. The protocol team justified the measure by stating that financial privacy could not come at the expense of non-compliance:
Tornado Cash uses @chainalysis oracle contract to block OFAC sanctioned addresses from accessing the dapp.
Maintaining financial privacy is essential to preserving our freedom, however, it should not come at the cost of non-compliance.https://t.co/tzZe7bVjZt– ️ Tornado.cash ️ (@TornadoCash) April 15, 2022
On Friday, Changpeng Zhao (CZ), the founder and CEO of Binance, tweeted that $5.8 million had been recovered from 86 accounts linked to the hack.
The DPRK hacking group started to move their Axie Infinity stolen funds today. Part of it made to Binance, spread across over 86 accounts. $5.8M has been recovered. We done this many times for other projects in the past too. Stay SAFU
– CZ Binance (@cz_binance) April 22, 2022
These various measures are intended to cripple the stolen funds, as the Ethereum blockchain (ETH) is public, making it harder for hackers to move assets when all blockchain players are watching.
To date, just over 110,000 ETH have already been moved since the event.
While it is not possible for us to say that the Lazarus group is indeed behind the Ronin attack, North Korea is regularly accused of funding its weapons programme through the theft of cryptocurrencies. We understand then, the importance that must be given to the solidity of the protocols that make up our ecosystem.
