Recent reports reveal that hackers linked to North Korea’s Lazarus Group have utilized the crypto-mixing service Tornado Cash to wash around $12 million in stolen Ethereum (ETH) over the past day.
This incident comes after the theft of $100 million in cryptocurrency from the HTX crypto exchange and its HECO Bridge in November 2023, an act attributed to the Lazarus Group by blockchain analytics firm Elliptic and other experts.
Uncovering the $100M Crypto Heist and Ethereum Laundering
The Lazarus Group, a notorious cybercrime syndicate believed to have ties to the North Korean government, has a reputation for engaging in high-profile hacking operations.
According to the latest report from Elliptic, in November 2023, the infamous Lazarus Group orchestrated a significant cyber heist targeting the HTX crypto exchange and its cross-chain bridge, resulting in the theft of $100 million in various cryptocurrencies, including Ethereum.
Evidence collected by Elliptic and other experts pointed to the Lazarus Group’s involvement based on their typical methods and the movement of the stolen funds.
The investigation revealed that the hackers swiftly converted the stolen tokens into Ethereum via decentralized exchanges (DEXs) as part of their standard practice of crypto-laundering.
These illicitly obtained Ethereum assets lay dormant until recently when the hackers started channeling them through Tornado Cash on March 13. Tornado Cash, a decentralized smart contract-based mixer, was previously sanctioned by the US Treasury for its role in laundering $455 million from previous Lazarus Group crypto hacks.
However, the decentralized structure of Tornado Cash has shielded it from shutdown attempts unlike centralized mixers such as Sinbad.io.
Lazarus Group’s Last Resort Strategy
In response to the sanctions imposed on Tornado Cash, the Lazarus Group shifted focus to using cross-chain bridges and the Bitcoin-based mixer Sinbad.io as an alternate method.
Nevertheless, in November 2023, Sinbad.io was seized by US authorities, eliminating another option for commingling for the hackers. Consequently, the group seemingly returned to Tornado Cash due to its decentralized design and resilience to raids, enabling large-scale fund laundering and obfuscation of transaction paths.
Elliptic suggests that the Lazarus Group’s increased reliance on Tornado Cash is a result of the dwindling availability of large-scale mixers due to law enforcement operations targeting services like Sinbad.io and Blender.io.
With fewer alternatives, the group has taken advantage of Tornado Cash’s continued operation despite sanctions, exploiting the security and decentralized nature of smart contracts on blockchain networks.
At present, Ethereum is trading at $3,870. While it reached a two-year high of $4,084 earlier this week, it was unable to maintain consolidation above this level. Consequently, ETH has seen a 2.5% price decline over the past 24 hours.
Image Source: Unsplash