According to the latest data from the research company in Elliptic blockchain areas, the Lazarus hacker group from North Korea has once again resorted to using the Tornado Cash service to launder stolen funds. Recently, an amount of $23 million stolen during an attack on the HTX cryptocurrency in November was withdrawn through this service.
The Tornado Cash service, which is used for mixing cryptocurrencies, was sanctioned by US authorities in August 2022. However, due to its decentralized structure, the service was able to continue operating. In contrast, a similar service called Sinbad.io was sanctioned by the US Department of Finance in November last year.
The fact that the Lazarus group turned to Tornado Cash underscores the limited options they have for large-scale money mixing services that are still operational following enforcement actions. Elliptic has revealed that the hackers conducted over 60 transactions totaling more than $23 million through Tornado Cash in an attempt to obfuscate the trail of the money.
By using services like Tornado Cash and Sinbad.io, North Korean cybercriminals can obscure the origins of the stolen funds and legitimize them. The US government believes that such actions aid in circumventing international sanctions concerning the North Korean regime’s military programs.
Over the past three years, hacker groups associated with the DPRK have stolen significant amounts of cryptocurrency, with approximately $1.7 billion pilfered in 2022 and around $1 billion in 2023.
Elliptic is diligently monitoring the movement of the stolen $112.5 million since the HTX attack in November. It has been reported that the stolen cryptocurrency remained dormant until March 13, when transactions through Tornado Cash were detected. Other blockchain security firms have also confirmed the movement of the illicit funds.
The Elliptic study underscores the necessity of monitoring and analyzing cryptocurrency transactions to safeguard digital assets and combat the financing of malicious activities on the global stage.
In their efforts to cover their tracks, hackers may employ tactics such as waiting before transferring funds between different cryptocurrency wallets. However, blockchain experts remain vigilant and are prepared to provide law enforcement with crucial information on the specific destinations of stolen cryptocurrency at any given moment.