North Korean hackers laundering money through Tornado Cash – how is it possible?


The North Korean Hacker Group Lazarus Exploited Tornado Cash to Launder Stolen Money

The Lazarus hacker group, affiliated with North Korea, recently made headlines after using the Tornado Cash service to launder a staggering $23 million stolen in an attack on the HTX cryptocurrency exchange. Investigators from the research firm Elliptic noted that these funds were laundered through Tornado Cash to cover the traces of the $112.5 million theft.

Sanctions Imposed on Tornado Cash and Hackers Seeking Alternative Solutions

In response to sanctions imposed by U.S. authorities on the Tornado Cash service, hackers from the Lazarus Group turned to another platform named Sinbad.io, which was also sanctioned. The use of Tornado Cash by such hacker groups allows for concealing the origin of stolen funds and conducting a series of transactions to obfuscate trails.

The Operation of Tornado Cash and Sinbad.io

Tornado Cash operates on decentralized blockchains, making it impossible to confiscate, unlike centralized platforms like Sinbad.io. Korean hackers, including the Lazarus Group, are compelled to use such services to hide the origin of stolen funds and to withdraw profits from cryptocurrency crimes.

Lazarus Group’s Hacking Activities in the Context of Cryptocurrency Thefts

According to U.S. government data, North Korean groups, including the Lazarus Group, were responsible for thefts amounting to $1.7 billion in 2022 and $1 billion in 2023. The Lazarus Group has been operational for over 10 years and, according to U.S. officials, has already stolen over $2 billion in cryptocurrencies, financially supporting North Korea’s government activities, including programs related to weapons of mass destruction and ballistic missile programs. This group was sanctioned by the U.S. government as early as 2019.