The Lazarus Group, identified with North Korea, has resumed activities involving the cryptocurrency mixer Tornado Cash. Analytics firm Elliptic has highlighted on-chain activity showing the group transferring $12 million worth of cryptocurrency. These funds, derived from hacks, moved into Tornado’s wallets on March 13. The Lazarus Group’s actions come despite sanctions against the crypto mixer.
In November, the crypto exchange HTX and its cross-chain bridge, HECO Chain, suffered attacks. The Lazarus Group is behind these incidents, resulting in substantial financial losses. Hot wallets on the HTX exchange lost $30 million. Simultaneously, the HECO Chain experienced a theft of $86.6 million. The stolen funds underwent a conversion to Ethereum through decentralized exchanges. They remained untouched until this week.
The continuation of Tornado Cash amid sanctions
Tornado Cash operates as a decentralized privacy tool on the Ethereum blockchain. It uses smart contracts for the anonymous transfer of ETH and ERC-20 tokens. Despite sanctions by the U.S. Treasury Department in August 2022, the platform continues its operations. The sanctions were due to its alleged involvement in laundering over $1 billion in illicit funds, including those tied to the Lazarus Group.
The U.S. has increased its crackdown on crypto mixers, with the seizure of Sindbad by Finnish authorities in November 2023 being a notable example. Following the closure of other mixing options, the Lazarus Group reverted to utilizing Tornado Cash to launder their stolen funds. The sanctions have led to the charging of Tornado Cash’s developers with several crimes, underlining the legal actions against such platforms.
The evolving tactics of the Lazarus Group
The Lazarus Group has adapted its strategies in response to the changing landscape of cryptocurrency laundering tools. With the seizure of Sindbad and the closing of the Blender platform, their reliance on Tornado Cash has become more pronounced. This shift reflects the group’s persistence in bypassing international sanctions and regulatory measures.
Authorities continue to target the infrastructure supporting illicit cryptocurrency transactions. This includes not only the mixers themselves but also the developers behind these platforms. The case against the founders of Tornado Cash and Bitcoin Fog marks a significant effort in combating cryptocurrency-related crimes. Despite these efforts, the Lazarus Group’s recent activities demonstrate ongoing challenges in curtailing their operations.
