Infamous North Korean Hacking Group Lazarus has resumed using Tornado Cash, using the mixing service to launder $12 million worth of ETH. 

The use of Tornado Cash by the Lazarus Group to launder funds has put the focus back on the mixing service, which the United States authorities have already sanctioned. 

Lazarus Resumes Using Tornado Cash 

According to an analysis by blockchain analytics firm Elliptic, the Lazarus Group moved $12 million in stolen ETH through Tornado Cash. Although heavily sanctioned, the dreaded hacking organization continues to use the mixing service. According to Elliptic, the funds were stolen in November 2022 during the hacking of the crypto exchange HTX and its cross-chain bridge HTX Eco Chain, or HECO. During the attack, hackers drained the hot wallets on the HTX platform for $30 million, while a further $86.6 million was stolen from the HECO Chain on the same day. 

The crypto mixing service was sanctioned by the US Treasury Department in 2022 for its role in facilitating the laundering of over $1 billion in illicit funds, including funds linked to the Lazarus Group. 

“Tornado Cash continues to operate despite sanctions. The mixer operates through smart contracts running on decentralized blockchains, so it cannot be seized and shut down in the same way that centralized mixers such as Sinbad.io have been.”

Crackdown On Crypto Mixers 

After Tornado Cash was sanctioned, the Lazarus Group switched to other mixers, such as Sinbad. However, Sinbad was seized by US authorities in November, prompting the hacker group to shift back to Tornado Cash. The US crackdown on crypto mixers also includes the shutting down of the Blender platform in 2022. 

“The change in behavior and return to the use of Tornado Cash likely reflects the limited number of large-scale mixers now operating, thanks to law enforcement takedowns of services such as Sinbad.io and Blender.io.”

Action against crypto mixers has shown some results, with data from Chainalysis reporting a 29% decline in money laundering activities in 2023. However, the Lazarus Group’s return to Tornado Cash is a testament to the ongoing cat-and-mouse game between regulators and cybercriminals. Authorities have also gone after the developers of crypto mixers, Tornado Cash developers Roman Storm and Alexey Pertsev, who were charged by US authorities. Charges against them include conspiracy to commit money laundering, conspiracy to commit sanctions violations, and conspiracy to operate an unlicensed money-transmitting business. 

In similar actions, the founder of crypto mixer Bitcoin Fog was also convicted of money laundering on March 12th. 

Remarkable Adaptability 

The Lazarus Group has shown remarkable adaptability despite increasing pressure from the authorities and regulatory agencies. Following the crackdown on Sinbad, the Lazarus Group switched to YoMix before switching to Tornado Cash. The group’s actions highlight the threat posed by state-sponsored cybercrime and the need for a coordinated global response.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.