Tornado Cash used by Lazarus group despite sanctions


  • The Lazarus Group has transferred $12 million in cryptocurrency to Tornado Cash wallets despite sanctions.
  • Attacks on the HTX exchange and HECO Chain by the Lazarus Group led to losses of over $116 million.
  • Tornado Cash continues to function as a decentralized privacy tool despite being sanctioned by the U.S.

The Lazarus Group, identified with North Korea, has resumed activities involving the cryptocurrency mixer Tornado Cash. Analytics firm Elliptic has highlighted on-chain activity showing the group transferring $12 million worth of cryptocurrency. These funds, derived from hacks, moved into Tornado’s wallets on March 13. The Lazarus Group’s actions come despite sanctions against the crypto mixer.

In November, the crypto exchange HTX and its cross-chain bridge, HECO Chain, suffered attacks. The Lazarus Group is behind these incidents, resulting in substantial financial losses. Hot wallets on the HTX exchange lost $30 million. Simultaneously, the HECO Chain experienced a theft of $86.6 million. The stolen funds underwent a conversion to Ethereum through decentralized exchanges. They remained untouched until this week.

The continuation of Tornado Cash amid sanctions

Tornado Cash operates as a decentralized privacy tool on the Ethereum blockchain. It uses smart contracts for the anonymous transfer of ETH and ERC-20 tokens. Despite sanctions by the U.S. Treasury Department in August 2022, the platform continues its operations. The sanctions were due to its alleged involvement in laundering over $1 billion in illicit funds, including those tied to the Lazarus Group.

The U.S. has increased its crackdown on crypto mixers, with the seizure of Sindbad by Finnish authorities in November 2023 being a notable example. Following the closure of other mixing options, the Lazarus Group reverted to utilizing Tornado Cash to launder their stolen funds. The sanctions have led to the charging of Tornado Cash’s developers with several crimes, underlining the legal actions against such platforms.

The evolving tactics of the Lazarus Group

The Lazarus Group has adapted its strategies in response to the changing landscape of cryptocurrency laundering tools. With the seizure of Sindbad and the closing of the Blender platform, their reliance on Tornado Cash has become more pronounced. This shift reflects the group’s persistence in bypassing international sanctions and regulatory measures.

Authorities continue to target the infrastructure supporting illicit cryptocurrency transactions. This includes not only the mixers themselves but also the developers behind these platforms. The case against the founders of Tornado Cash and Bitcoin Fog marks a significant effort in combating cryptocurrency-related crimes. Despite these efforts, the Lazarus Group’s recent activities demonstrate ongoing challenges in curtailing their operations.

Disclaimer. The information provided is not trading advice. Cryptopolitan.com holds no liability for any investments made based on the information provided on this page. We strongly recommend independent research and/or consultation with a qualified professional before making any investment decision.

Share link:

Mutuma Maxwell

Maxwell especially enjoys penning pieces about blockchain and cryptocurrency. He started his venture into blogging in 2020, later focusing on the world of cryptocurrencies. His life's work is to introduce the concept of decentralization to people worldwide.

Most read

Loading Most Read articles...

Stay on top of crypto news, get daily updates in your inbox

Related News

Arkham v Nansen
Subscribe to CryptoPolitan