After establishing the North Korean hacking group Lazarus’ connection to the $622 million Ronin Network hack, the US Treasury Department has now found three more wallets addresses linked to the exploitation. The Treasury’s Office of Foreign Asset Control (OFAC) added the wallets to its list of sanctions tied to the Lazarus hacking group.
The three wallets were sent significant sums of the stolen funds from the original wallet tied to the Ronin attack. The latest find comes after Tornado Cash – a transaction mixing service that makes it difficult to track the movement of digital assets between wallets – announced that it will block any wallet addresses listed on OFAC’s sanctions list.
Sources revealed that one of the newly added wallet addresses began funneling funds through Tornado Cash ahead of the US Treasury’s latest additions. Now, wallets are prohibited from using Tornado Cash.
Changpeng Zhao, the CEO of Binance, tweeted that the exchange recovered $5.8 million worth of funds sent to it by the attacker’s wallet. CZ said the funds were spread between 86 Binance accounts. The Ronin Network was hacked in late March. $622 million worth of ETH and USDC stablecoin was stolen in the process. Sky Mavis, the developer of Axie Infinity, said the exploitation was done through hacked private keys. The hackers used this to sign fraudulent transactions.