Elliptic reported that OFAC sanctioned the Ethereum address used in the Ronin Bridge theft and identified its owner as Lazarus Group, linking the $540 million March 2022 exploit to North Korean state hackers. Ronin said the attacker compromised five validator keys, enough to approve withdrawals from the cross-chain bridge, and the stolen assets were worth more than $615 million by the time the incident was discovered. Elliptic observed the attacker swapping stolen USDC for ETH through decentralized exchanges, sending funds through centralized exchanges, and then shifting to Tornado Cash, with $80.3 million already mixed and hundreds of millions still in the original wallet at the time of reporting. The source frames the case as part of Lazarus’s move from centralized Asian exchanges toward DeFi services and notes the sanctions risk for exchanges and other counterparties receiving proceeds.