red 
The US Treasury’s Office of Foreign Assets Control (OFAC) today sanctioned three Ethereum addresses used to launder funds stolen from Ronin by North Korea’s Lazarus Group in March. This follows last week’s crackdown on the address first used to receive these stolen funds.
Initially, Lazarus attempted to launder the stolen ETH through centralized exchanges including Binance, published today that he recovered $5.8 million. However, recently Lazarus has been splitting funds and laundering them using Tornado Cash, a decentralized mixer on the Ethereum blockchain.
Recently, Tornado Cash announced that it would block funds from OFAC-sanctioned addresses, stating that “maintaining financial privacy is essential to preserving our freedom, but this should not come at the cost of non-compliance.” It is possible that this is what prompted OFAC to sanction these latest addresses, before the group could send more of these funds through the mixer. The three newly allowed addresses received over $150 million in stolen ETH, of which nearly $1.2 million was sent to Tornado Cash earlier today, prior to OFAC’s announcement.
How the Lazarus Group launders its funds. Source: Elliptic Forensics
In total, over $281 million remains in the original Ethereum address used to receive the funds stolen from Ronin.
Many commentators believe that the cryptocurrency stolen by the Lazarus Group is being used to finance the country’s nuclear and ballistic missile programs. With recent reports that North Korea may be preparing for another nuclear test, today’s sanctions underscore the importance of ensuring that the Lazarus Group is unable to successfully launder the proceeds of these attacks.
Contact us
You can learn more about Elliptic’s transaction tracking capabilities or contact us for a demo.
