Lazarus Group’s $12M Moves: HTX and HECO Hacks to Tornado Cash
North Korea’s Lazarus Group has resumed using the crypto mixer called Tornado Cash to launder stolen funds, despite the fact that it has been sanctioned by the US Treasury Department. According to analytics firm Elliptic, the Lazarus Group hackers have transferred around $12 million worth of cryptocurrency to Tornado Cash’s wallets since March 13. These funds were stolen back in November from the HTX crypto exchange and its cross-chain bridge, HTX Eco Chain (HECO).
During the attack on November 22, the HTX exchange’s hot wallets were drained of $30 million, while the HECO Chain was hacked for $86.6 million. The stolen funds were converted into Ether (ETH) through decentralized exchanges and remained inactive until recently. Tornado Cash is a decentralized tool built on the Ethereum blockchain that allows users to deposit ETH and ERC-20 tokens from one address and withdraw them from another address, providing privacy.
Although Tornado Cash was sanctioned by the US Treasury Department in August 2022 for its alleged involvement in laundering over $1 billion in illicit funds, the mixer continues to operate. Unlike centralized mixers such as Sinbad.io, Tornado Cash runs on decentralized blockchains and uses smart contracts, making it more difficult to shut down or seize.
The Lazarus Group has turned to Tornado Cash as their preferred mixer option after losing access to other options. Previously, they used cross-chain bridges and the Bitcoin mixer Sindbad to launder stolen funds. Sindbad was seized by Finnish authorities in November 2023 following the imposition of US sanctions, eliminating another option for the hackers. The US government is cracking down on crypto mixers, including the closure of the Blender platform in May 2022, as well as targeting developers of such tools.
In fact, the developers of Tornado Cash, Roman Storm and Alexey Pertsev, have been charged with several crimes by US authorities, including conspiracy to commit money laundering, conspiracy to commit sanctions violations, and conspiracy to operate an unlicensed money-transmitting business. The founder of another crypto mixer called Bitcoin Fog was recently convicted of money laundering.
Despite the sanctions and legal actions, North Korea’s Lazarus Group continues to exploit Tornado Cash for their illicit activities. The continued use of Tornado Cash highlights the challenges authorities face in shutting down decentralized platforms operating on blockchain technology.
4 thoughts on “Lazarus Group’s $12M Moves: HTX and HECO Hacks to Tornado Cash”
Leave a Reply
You must be logged in to post a comment.
This article highlights the need for stronger regulations and international cooperation to combat money laundering and illicit activities facilitated by platforms like Tornado Cash. The current approach is clearly not enough!
The fact that Tornado Cash is still operational even after being sanctioned by the US Treasury Department is a failure on the part of authorities. They need to take stronger action against these illicit activities!
The $30 million drained from the HTX exchange and the $86.6 million hacked from the HECO Chain is a significant loss. It’s infuriating to see these stolen funds being funneled through Tornado Cash, further complicating the recovery process. 😠
It’s deeply concerning that the developers of Tornado Cash, Roman Storm and Alexey Pertsev, have been charged with multiple crimes and yet the mixer remains operational. This sends a message that illegal activities won’t face appropriate consequences.