Despite being sanctioned by the Office of Foreign Assets Control (OFAC), the Tornado Cash mixing service persists in its operations, aiding North Korea-linked hackers in laundering millions of stolen cryptocurrency.
In a sophisticated cybercrime operation, the Lazarus Group, associated with the Democratic People’s Republic of Korea (DPRK), successfully laundered substantial amounts of Ethereum (ETH), totaling hundreds of millions of dollars, pilfered from HTX (formerly known as Huobi) and the Heco Bridge in November 2023.
Taylor Monahan, CEO of MyEtherWallet, disclosed on March 28 that the hackers managed to launder over 48,194 ETH (equivalent to approximately $170 million) through Tornado Cash. This mixing service, despite being blacklisted by OFAC, was utilized by the hackers to obscure the origins of the stolen funds.
The hackers employed intricate tactics, dispersing the stolen crypto across numerous transactions and wallets, thereby complicating the tracking process. They further obscured their trail by transferring the laundered funds from the Ethereum network to the Bitcoin blockchain using THORSwap, a cross-chain asset transfer service.
Although the extent of their cash-out activities remains unclear, hackers typically convert stolen cryptocurrency into fiat currency through over-the-counter (OTC) markets.
The November 2023 cyberattack on HTX and the Heco Chain’s Ethereum bridge resulted in significant losses. Despite assurances from Justin Sun, an investor at the exchange, regarding full reimbursement for affected customers, the precise method through which hackers gained access to the exchange’s hot wallet remains undisclosed.
OFAC’s sanctions against Tornado Cash in 2022 underscore the service’s involvement in laundering billions of dollars’ worth of cryptocurrency since 2019. These illicit activities include laundering funds stolen by the Lazarus Group, proceeds from the Harmony Bridge and Nomad heists, amounting to hundreds of millions of dollars.