Lazarus Group Uses Tornado Cash to Launder Hack Proceeds

Reading Time: 2 minutes
  • Lazarus Group has been caught moving hack proceeds through crypto mixing service Tornado Cash
  • Blockchain analytics firm Elliptic said the funds involved in the latest transfer belong to the HTX crypto exchange
  • Elliptic noted that the hacking group returned to using Tornado Cash after running out of options

Blockchain analytics firm Elliptic has revealed that North Korean hacking group Lazarus is using crypto mixing service Tornado Cash to launder funds stolen from the HTX crypto exchange and its cross-chain bridge HECO. The group was seen moving $12 million of the over $100 million it stole from the exchange and its bridge. According to Elliptic, Lazarus is returning to Tornado Cash after its other preferred option, Sinbad, was infiltrated and captured by U.S. authorities, a sign that the group is running out of money laundering options considering that Tornado is also sanctioned by the United States.

Sanctioned Mixers Narrow Options

Elliptic discovered that Lazarus moved the funds to Tornado Cash using “more than 40 transactions.” Of the amount moved, $5.2 million was from the HTX exchange exploit while $7.1 million was from the cross-chain bridge HECO hack.

According to the analytic firm, Lazarus had stopped using the mixing service and opted for unsanctioned options like Blender.io and Sinbad. However, some of its other preferences have since been captured by authorities.

The Lazarus Group siphoned $30 million from the Justin Sun-affiliated exchange HTX and $86 million from HECO Chain Bridge in November last year.

Don’t Implicate Tornado Cash Founders?

Tornado Cash and its founders, on the other hand, were sanctioned by U.S. authorities for helping Lazarus obfusticate the trail of stolen funds. The sanction saw some entities in the crypto scene defend the mixer in court arguing that the authorities overstepped their mandate..

The mixer’s competitor Sinbad was sanctioned in December last year by the United States Department of the Treasury’s Office of Foreign Assets Control (OFAC) due to its continuous use by malicious actors in the web3 space.

With Lazarus moving HTX and HECO-linked funds, it blocks any hopes of recovering the funds.

Share