It has been reported that North Korean hackers associated with the Lazarus Group have exploited Tornado Cash in a recent development to launder approximately $12 million worth of stolen Ethereum (ETH) in the last 24 hours, using the coin mix-up service Tornado Cash.
According to blockchain analytics firm Elliptic and experts from other organizations, the Lazarus Group was responsible for the theft of $100 million in cryptocurrency from HTX and its HECO Bridge in November of 2023, according to blockchain analytics firm Elliptic.
HTX, a cryptocurrency exchange, and its cross-chain bridge, HTX Eco Chain, or HECO, have been flagged by the analytics firm Elliptic as being engaged in on-chain activity since March 13 indicating that Lazarus Group hackers have transferred cryptocurrency worth $12 million to Tornado's wallets.
A decentralized and non-custodial privacy tool, Tornado Cash was stolen in November from the cryptocurrency exchange HTX and its cross-chain bridge, HTX Eco Chain. Tornado Cash is a blockchain-based decentralized, non-custodial cryptocurrency.
It is a smart contract-based system that allows users to deposit ETH and ERC-20 tokens at one address and then withdraw them at another address with the help of smart contracts.
This service and others that blend tokens from different sources to disguise funds are known as Tornado Cash and other mixers. The US Treasury blacklisted the service in August 2022 after it had been used to launder more than $7 billion in cryptocurrency since it was established in 2019.
The department has alleged that the mixer has been used to launder more than $7 billion over the past two years.
Nevertheless, Sinbad.io itself was seized in November 2023 by US authorities, which eliminated another avenue by which hackers could commingle. Consequently, the group appears to have returned to Tornado Cash to launder funds at scale and obscure the transaction trail while using Tornado Cash's decentralized architecture and resistance to raids.
Finally, Elliptic suggests that it is possible to explain the resurgence of Tornado Cash reliance by the Lazarus Group due to law enforcement activities targeting services such as Sinbad.io and Blender.io, which has reduced the availability of large-scale mixers. The group has opted to take advantage of Tornado Cash's continued operation despite sanctions to take advantage of smart contracts' security and decentralized nature on blockchain networks, as they have few viable alternatives.
As part of this effort, the authorities are also targeting the developers of such mixers as well. In a recent U.S. investigation, Tornado Cash's developers, Roman Storm and Alexey Pertsev, were charged with numerous offences, including conspiracy to commit money laundering, conspiracy to violate sanctions, and conspiracy to operate an unlicensed money-transmitting business.
A similar development occurred on March 12 with the conviction of Bitcoin Fog's founder of money laundering.
There have been several Lazarus Group operations going on for more than ten years now. As far as U.S. officials are concerned, they have stolen over $2 billion worth of cryptocurrency that was used to help fund North Korean programs for the development of weapons of mass destruction as well as ballistic missiles. In 2019, the United States government sanctioned the group by issuing sanctions against them.
