Policy
Share this article

US Treasury Sanctions More North Korea-Linked ETH Wallets Over $600M Ronin Hack

The three new wallets join an Ethereum address added to the sanctions list last week.

By Danny Nelson, Nikhilesh De
Updated May 11, 2023, 5:22 p.m. Published Apr 22, 2022, 6:04 p.m.
Breaking News Feature Image

U.S. government officials are throwing a wider sanctions dragnet over alleged North Korean crypto wallets.

On Friday, the Treasury Department's Office of Foreign Asset Control (OFAC) added three Ethereum addresses to its sanctions list, joining an address listed last week that the federal government tied to the theft of around $600 million in crypto from Axie Infinity's Ronin bridge. All three addresses had received sizable inbound transfers of stolen ether ETH$2,889.79 from the originally sanctioned wallet over the past week.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the State of Crypto Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

The operators of the Ronin exploit wallet, said by the FBI and OFAC to be North Korea's Lazarus hacking group, have been laundering funds by moving them from a sanctioned address to an intermediary address before sending the funds to Tornado Cash, a mixer designed to obfuscate the source and destination of funds moved through the service.

This pattern repeated on Friday, when funds moved from one of the newly sanctioned addresses to another intermediary before once again landing at Tornado Cash.

None of the sanctioned addresses have directly interacted with Tornado Cash.

The nature of Tornado Cash makes it difficult for the operators of the service to blacklist addresses, as OFAC requires any entities touching the U.S. financial system to do. The mixer adopted a compliance tool offered by blockchain analytics firm Chainalysis that lets it blacklist certain addresses, but only on the user-facing decentralized app that Tornado Cash's operators can influence. Individuals can still use the protocol itself to bypass this compliance tool.

Also, at least as of last week, the Chainalysis tool only listed the originally sanctioned address.

A representative for Tornado Cash previously told CoinDesk that "OFAC is the judge of what addresses need to be banned."

"It’s a guessing game so far. I assume only 1 address has been identified by OFAC that should be sanctioned relating to that event. Which means Chainalysis update[s] whatever is in sanction’s list," the representative said.

Officials have accused the Hermit Kingdom of mounting an aggressive hacking spree against the crypto economy.

This is a developing story and will be updated.

OFACSanctionsNorth KoreaAxie Infinity USTreasury Department

More For You

KuCoin Hits Record Market Share as 2025 Volumes Outpace Crypto Market

By CoinDesk Research
Dec 22, 2025
logo
Commissioned byKuCoin
16:9 Image

KuCoin captured a record share of centralised exchange volume in 2025, with more than $1.25tn traded as its volumes grew faster than the wider crypto market.

What to know:

  • KuCoin recorded over $1.25 trillion in total trading volume in 2025, equivalent to an average of roughly $114 billion per month, marking its strongest year on record.
  • This performance translated into an all-time high share of centralised exchange volume, as KuCoin’s activity expanded faster than aggregate CEX volumes, which slowed during periods of lower market volatility.
  • Spot and derivatives volumes were evenly split, each exceeding $500 billion for the year, signalling broad-based usage rather than reliance on a single product line.
  • Altcoins accounted for the majority of trading activity, reinforcing KuCoin’s role as a primary liquidity venue beyond BTC and ETH at a time when majors saw more muted turnover.
  • Even as overall crypto volumes softened mid-year, KuCoin maintained elevated baseline activity, indicating structurally higher user engagement rather than short-lived volume spikes.
View Full Report

More For You

Ukraine banned Polymarket and there’s no legal way for it to come back

By Francisco Rodrigues|Edited by Aoyon Ashraf
Jan 24, 2026
Kyiv in Ukraine (Glib Albovsky/Unsplash/Modified by CoinDesk)

Polymarket and similar platforms are considered unlicensed gambling operators, leading to blocked access.

What to know:

  • Ukraine has no legal framework for Web3 prediction markets, and current legislation provides no recognition for such platforms.
  • Polymarket and similar platforms are considered unlicensed gambling operators, leading to blocked access.
  • Legal changes are unlikely in the near future, as Parliamentary revisions to gambling definitions are extremely improbable during wartime, leaving prediction markets in a legal deadlock.
Read full story