Sanctioning an Ether Address Isn't Stopping Transactions

The operators of a crypto wallet added to the U.S. sanctions list continue to offload their funds.

Apr 22, 2022 at 5:20 p.m. UTC

Updated Apr 22, 2022 at 6:27 p.m. UTC

North Korean leader Kim Jong Un (SeongJoon Cho/Bloomberg via Getty Images)

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.

Follow @nikhileshde on Twitter

I heard some of y’all took issue with my suspicion that a spot bitcoin ETF won’t be approved this year. Come tell me why I’m wrong! But in the meantime, let’s talk about crypto and its relationship to sanction enforcement, specifically within the context of last week’s revelation that North Korea was behind the Axie Infinity Ronin breach.

And apologies for the lateness of this week’s newsletter. Need to claim extenuating circumstances, and next week’s will be in your inbox on Tuesdays as normal.

You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

Sanctions evasion

The narrative

According to the U.S. government, a North Korea-linked hacking group was behind last month’s $625 million Ronin bridge hack. In other words, a nation state was behind one of the largest crypto hacks. There's a growing story in North Korea’s actions here, but that actually isn’t the main point of interest for me.

Why it matters

North Korea appears to be hacking crypto exchanges and networks to seize funds for its own personal usage. And of more immediate interest, adding an Ethereum address to the U.S. sanctions list does not appear to have halted the laundering of funds.

Breaking it down

The U.S. Treasury Department’s Office of Foreign Asset Control (OFAC) added a single, solitary Ethereum address to its Specially Designated Nationals list, otherwise known as its sanctions list.

The address was tied to the hack of Axie Infinity’s Ronin Bridge, which saw some 173,000 ETH and 25.5 million USDC (worth around $625 million on March 29) stolen from the bridge network.

What’s really interesting is the wallet continued to send funds out after it was added to the sanctions list. Within 24 hours the controller of the wallet – said to be the North Korean hacker organization known as Lazarus – sent nearly 3,000 ETH to coin mixer Tornado Cash, repeating a pattern the hackers began after stealing the ether.

These transfers out continued through earlier this week. In many cases, the funds appear to have gone to an intermediary wallet before being sent to Tornado Cash.

In the past, parties that assisted sanctioned entities faced being added to the U.S. sanctions list themselves.

Anand Sithian, counsel at Crowell & Moring and a former trial attorney in the money laundering division at the U.S. Department of Justice, said crypto companies should watch for addresses and wallets tied to mixers, and in particular the fact that regulators like the Financial Crimes Enforcement Network (FinCEN) have “highlighted the financial crimes risks associated with mixers, which obfuscate the source of transactions, and thereby prevent tracing transactions on the blockchain.”

“To the extent there are U.S. touch points, or U.S. persons involved in such transactions, crypto companies could face enforcement from FinCEN, OFAC and/or the U.S. Department of Justice, depending on the activity at issue and whether any U.S. laws were violated,” he said. “Even without a violation, an investigation can be incredibly taxing on resources and distracting to leadership. As a result, crypto companies may wish to steer clear of mixers, to the extent possible.”

Tornado Cash’s executives have said that sanctions cannot be applied to the protocol itself, former CoinDesker and current Bloomberger Muyao Shen reported last month.

On Friday, the mixer added a Chainalysis compliance tool to its user-facing decentralized application that blocks transactions from the sanctioned address – though, again, the protocol itself is unaffected.

Regulators may not agree, but at least so far, the funds are continuing to move.

Meanwhile, on the North Korea front, the U.S. government is warning that the nation may continue to try and exploit crypto companies (and others) to raise funds.

Biden’s rule

Changing of the guard

U.S. President Joe Biden formally announced his intention to nominate former Treasury official, former Ripple board member and current University of Michigan Dean Michael Barr to be the Fed vice chair for supervision.

Elsewhere:

Some Indian Payment Processors Cut Off Local Crypto Exchanges: A handful of Indian crypto exchanges announced they were halting rupee deposits or withdrawals.
Attacker Drains $182M From Beanstalk Stablecoin Protocol: So my understanding is this wasn’t a hack or exploit, and can perhaps only technically be described as an attack. At any rate, the perpetrator here used a flash loan (a loan that is repaid almost instantaneously, perhaps within the same block) to borrow a hefty number of Beanstalk’s governance tokens, which the attacker used to vote in favor of a protocol change that sent all of Beanstalk’s funds to the attacker. All of this was “legal” in terms of the code’s setup.
Crypto Proponents Fear SEC 'Backdoor' Regulations on Exchanges, Dealers: CoinDesk’s Jesse Hamilton digs into a pair of SEC proposals that has the crypto industry up in arms: Basically each proposal would appear to redefine the terms “exchange” and “dealer” (respectively) in such a way that they might encompass crypto protocols and decentralized platforms. However, it’s not clear – and this uncertainty has industry advocates worried.

Outside CoinDesk:

(CNBC) The U.S. Secret Service has seized roughly $102 million in cryptocurrencies over the past seven years, according to assistant director of investigations David Smith.
(Mel Magazine) An older article, but in honor of Monday being the tax deadline in the U.S., here’s a reminder that you should track all of your transactions because it will terrify your tax professional.
(Politico) Prime Trust was listed as the contributor of $14 million sent to the Protect Our Future super Political Action Committee in Federal Election Commission filings. In reality, it seems Prime Trust was actually the intermediary for funds sent by FTX founder Sam Bankman-Fried and FTX engineering director Nishad Singh.
(The New York Times) Last week, my commute to the office was interrupted when my subway line stopped for what the engineer running the train described as “police activity ahead.” It wasn’t until I got into the office that I learned there had been a mass shooting several stops ahead. This Times ticktock details how it all unfolded.
(University of Wisconsin) Researchers at the University of Wisconsin looked into whether muting video conferencing apps actually stopped them from recording audio. The privacy-focused amongst you will not be thrilled by their results. The actual paper is here.

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at [email protected] or find me on Twitter @nikhileshde.

You can also join the group conversation on Telegram.

See ya’ll next week!