The Ronin network was exploited in March, resulting in the theft of approximately $600 million in Ether (ETH) and $25 million in USDC.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned three additional Ethereum wallets linked to the recent Ronin network hack.
OFAC said on Friday that the newly listed addresses are associated with the North Korean hacking group Lazarus.
OFAC disclosed the addition of the three virtual currency addresses in an update to its Specially Designated Nationals (SDN) list published on April 22. All three addresses have ties to the state-sponsored North Korean hacking group Lazarus Group.
Notably, recent movements of funds tied to the three wallets include proceeds from the Ronin blockchain exploitation.
“The DPRK has relied on illicit activity, including cybercrime, to evade U.S. and U.N. sanctions,” the Treasury Department wrote on Twitter.
The agency warned that transactions involving the designated wallets pose “a risk of exposure to U.S. sanctions.”
OFAC-designated wallets are “blocked”
The addition of the three wallets comes just days after the department linked the Lazarus Group to the $625 million robbery.
On Friday, the original address used in the attack moved funds to multiple addresses using Tornado Cash — a mixer service that makes tracing transactions more difficult. The decentralized protocol, which helps make Ethereum transactions private, announced on April 15 that it will block any crypto wallets added to the OFAC list.
Tornado Cash reiterated that financial privacy remains “essential to preserving” financial freedom, while also stating that privacy should not be pursued “at the cost of flouting the rules.”
In related developments, Binance reportedly recovered $5.8 million of the funds stolen during the hack. According to Binance CEO Changpeng Zhao, the hackers sent funds to 86 accounts.