The Lazarus Group, a notorious hacking collective associated with North Korea, has reportedly resumed its activities of laundering stolen funds using the cryptocurrency mixer Tornado Cash, undeterred by international sanctions. Elliptic, a leading analytics firm, has highlighted recent on-chain transactions that reveal the group funneled approximately $12 million worth of cryptocurrency to Tornado Cash. This sum originates from a heist in November, targeting the cryptocurrency exchange HTX and its associated cross-chain bridge, HTX Eco Chain (HECO).
The attack on HTX and HECO in November was stark, with hackers draining $30 million from HTX’s hot wallets and a further $86.6 million from the HECO Chain. Following the heist, the stolen funds were converted to Ether using decentralized exchanges and remained untouched until this week. Tornado Cash, a decentralized privacy tool built on the Ethereum blockchain, offers a means to obscure the origins of cryptocurrency transactions. Despite being sanctioned by the U.S. Treasury Department in August 2022 for facilitating the laundering of over $1 billion, including funds linked to the Lazarus Group, Tornado Cash remains operational. The sanctions aimed at curtailing its use for illicit activities have been largely ineffective due to the decentralized nature of blockchain technology.
Elliptic’s report suggests that the Lazarus Group has reverted to using Tornado Cash after other laundering avenues were shut down. Notably, the Bitcoin mixer Sindbad, previously utilized by the hackers, was seized by Finnish authorities in November 2023 following U.S. sanctions, limiting the group’s options for money laundering.
The crackdown on cryptocurrency mixers by U.S. authorities has been intensifying, evidenced by the seizure of Blender.io in May 2022 and legal actions against developers of such platforms. For instance, Roman Storm and Alexey Pertsev, developers associated with Tornado Cash, face charges including money laundering and operating an unlicensed money-transmitting business. Similarly, the founder of Bitcoin Fog was convicted of money laundering charges in March, underscoring the ongoing legal battles against individuals facilitating cryptocurrency-based financial crimes. This resurgence of Lazarus Group’s activities via Tornado Cash signals a persistent challenge in combating the misuse of digital currencies for illegal purposes.