North Korea’s hacking group, Lazarus Group, has resumed using Tornado Cash to launder stolen funds, despite the sanctions imposed on the crypto mixer. Analytics firm Elliptic has identified on-chain activity showing that the hackers transferred around $12 million worth of cryptocurrency to Tornado’s wallets since March 13. These funds were originally stolen in November from the HTX crypto exchange and its cross-chain bridge, HECO.
During the attack on November 22, the HTX exchange’s hot wallets were drained of $30 million, while the HECO Chain fell victim to a hack that resulted in $86.6 million being stolen on the same day. The hackers then converted the funds into Ether (ETH) through decentralized exchanges and kept them dormant until recently.
Tornado Cash is a decentralized and noncustodial privacy tool that operates on the Ethereum blockchain. It utilizes smart contracts to accept deposits of ETH and ERC-20 tokens from one address and allows them to be withdrawn from a different address.
The protocol was sanctioned by the U.S. Treasury Department in August 2022 due to its alleged involvement in facilitating the laundering of over $1 billion in illicit funds, including funds connected to the Lazarus Group.
Despite the sanctions, Tornado Cash continues to operate. Elliptic explains that since it functions through smart contracts on decentralized blockchains, it cannot be seized or shut down in the same way that centralized mixers like Sinbad.io have been.
The Lazarus Group appears to have returned to Tornado Cash after losing access to other mixing options. Elliptic reports that the hackers resorted to using cross-chain bridges and the Bitcoin (BTC) mixer Sindbad to launder stolen funds after the sanctions were imposed. However, Sindbad was seized by Finnish authorities in November 2023 following the implementation of U.S. sanctions, eliminating another option for the hackers. The crackdown on crypto mixers by the U.S. also led to the closure of the Blender platform in May 2022.
Authorities are not only targeting the users of such mixers but also the developers. The developers of Tornado Cash, Roman Storm and Alexey Pertsev, have been charged with multiple crimes by U.S. authorities, including conspiracy to commit money laundering, conspiracy to commit sanctions violations, and conspiracy to operate an unlicensed money-transmitting business. In a similar development, the founder of the crypto mixer Bitcoin Fog was convicted of money laundering on March 12.
Magazine: Inside Pink Drainer — Security Analyst Defends His Crypto Scam Franchise
Lazarus Group transfers $12 million from HTX and HECO breaches to Tornado Cash.