The Lazarus group from North Korea has resumed its use of Tornado Cash to launder funds stolen by hackers, despite sanctions imposed on the cryptocurrency mixer. Elliptic, an analytics firm, has identified on-chain activity indicating that hackers associated with the Lazarus Group transferred $12 million worth of cryptocurrency to Tornado’s wallet since March 13. These funds were originally stolen in November from the cryptocurrency exchange HTX and its cross-chain bridge, HTX Eco Chain, or HICO.
The HTX exchange fell victim to an attack on November 22, resulting in the theft of $30 million from its hot wallet, while the HICO Chain was also hacked on the same day, with $86.6 million being lost. The stolen funds were exchanged for Ethereum via decentralized exchanges and had remained dormant until this recent resurgence of activity. Tornado Cash operates as a decentralized, non-custodial privacy tool built on the Ethereum blockchain, utilizing smart contracts to accept deposits of ETH and ERC-20 tokens from one address and enabling their withdrawal from another address.
Despite facing sanctions from the U.S. Treasury Department in August 2022 for its alleged involvement in laundering over $1 billion in illicit funds, including those linked to the Lazarus Group, Tornado Cash has continued to operate. The mixer's operation via smart contracts on a decentralized blockchain renders it immune to seizure and shutdown, unlike centralized mixers such as Sinbad.io, as explained by Elliptic. It appears that the Lazarus Group has returned to Tornado Cash after losing access to other hybrid options.
According to Elliptic, hackers initially explored cross-chain bridges and Bitcoin for laundering funds following the sanctions. However, one of these hybrid options, Sinbad, was seized by Finnish authorities in November 2023, following the implementation of U.S. sanctions, thereby eliminating another avenue for hackers. The crackdown on cryptocurrency mixers by U.S. authorities also resulted in the shutdown of the Blender platform in May 2022.
In addition to targeting the operations of cryptocurrency mixers, authorities have taken action against their developers. Tornado Cash developers Roman Storm and Alexey Pertsev have faced charges from U.S. authorities, including conspiracy to launder money, conspiracy to violate sanctions, and conspiracy to operate an unlicensed money transfer business. Similarly, on March 12, the founder of the cryptocurrency mixer Bitcoin Fog was found guilty of money laundering in relation to similar incidents.
