- The Ethereum mixer of Tornado Cash has blocked several Ethereum addresses highlighted and sanctioned by the US Office of Foreign Assets Control
- One of the Ethereum addresses belongs to the North Korean hacker group known as Lazarus, responsible for the $625 million Axie Infinity exploit
- Tornado Cash is using a Chainalysis smart contract to block the Ethereum addresses
The popular Ethereum mixer of Tornado Cash will start blocking addresses sanctioned by the US Office of Foreign Asset Control (OFAC). The latter is a financial intelligence and enforcement agency of the Treasury Department that is tasked with enforcing economic and trade sanctions in support of national security and foreign policy objectives of the United States.
Tornado Cash uses @chainalysis oracle contract to block OFAC sanctioned addresses from accessing the dapp.
Maintaining financial privacy is essential to preserving our freedom, however, it should not come at the cost of non-compliance.https://t.co/tzZe7bVjZt
— 🌪️ Tornado.cash 🌪️ (@TornadoCash) April 15, 2022
To achieve its object of blocking Ethereum addresses, Tornado Cash will be using a Chainalysis oracle contract to check whether addresses using its decentralized application are in the sanctioned list. At the time of writing, the smart contract has blocked 24 addresses from accessing Tornado Cash.
Amongst the sanctioned addresses is an Ethereum address linked to the perpetrators of the $625 million Axie Infinity hack that has thus far been linked to the North Korean hacking group known as Lazarus. The hacker group is led by Reconnaissance General Bureau: an intelligence agency led by the Democratic People’s Republic of Korea.
Notable attacks by the Lazarus group include the 2014 Sony Pictures cyberattack, the 2017 Wannacry ransomware cryptoworm, and the 2020 hack on KuCoin.
The team at Chainalysis has confirmed that the Lazarus group Ethereum address was involved in the Ronin Network hack by receiving 173,600 Ethereum and 25.5 million USDC from the Ronin Bridge smart contract.
However, questions now linger as to whether global law enforcement agencies can retrieve the stolen Axie Infinity funds. Neither US law enforcement nor Interpol has jurisdictional authority to operate in North Korea.
[Feature image courtesy of Tornado.Cash]