In a recent development, North Korean hackers Associated with the notorious Lazarus Group have exploited the Tornado Cash coin mixing service to launder approximately $12 million in stolen ethereum (eth) in the last 24 hours.
The incident follows the theft of $100 million in cryptocurrency from the HTX crypto exchange and its HECO bridge in November 2023, attributed to the Lazarus Group by blockchain analysis firm Elliptic and other experts.
Cryptocurrency theft and ethereum laundering worth $100 million discovered
He Lazarus Groupa well-known cybercrime organization believed to be backed by the North Korean regime, has a long history of conducting high-profile hacking campaigns.
According to the latest Elliptic cryptocrime reportIn November 2023, the notorious Lazarus Group allegedly orchestrated a major heist targeting the HTX crypto exchange and its cross-chain bridge, resulting in the theft of $100 million in various cryptocurrencies, including ethereum.
Evidence gathered by Elliptic and other experts pointed to the involvement of the Lazarus Group based on the modus operandi and subsequent movement of the stolen funds.
The investigation also indicates that, following their “usual pattern” of cryptocurrency launderingThe hackers quickly converted the stolen tokens into ethereum via decentralized exchanges (DEX).
These illicitly acquired ethereum funds remained dormant until recently on March 13, when hackers began funneling them through Cash Tornado. Tornado Cash is a decentralized, smart contract-based mixer previously sanctioned by the US Treasury in August 2022 for its association with the laundering of $455 million from Lazarus Group crypto hacks.
However, the decentralized nature of Tornado Cash's operations has prevented it from being shut down like centralized mixers like Sinbad.io.
The last resort for the Lazarus group
According to the blockchain analysis firm, in response to the sanctions imposed In Tornado Cash, Lazarus Group shifted its focus towards using cross-chain bridges and the bitcoin-based mixer Sinbad.io as an alternative.
However, in November 2023, US authorities seized Sinbad.io, eliminating another combination option for hackers. As a result, the group appears to have returned to Tornado Cash, using its decentralized architecture and raid resistance to launder funds on a large scale and hide its transaction trail.
Ultimately, Elliptic suggests that the Lazarus Group's resurgence of reliance on Tornado Cash can be attributed to the “decreasing availability” of large scale mixers due to police operations targeting services such as Sinbad.io and Blender.io.
With fewer viable alternatives, the group has capitalized on Tornado Cash's continued operation despite sanctions, exploiting the security of smart contracts and the decentralized nature in blockchain networks.
At the time of writing, ethereum is currently trading at $3,870. Earlier this week, it reached a maximum of two years of $4,084; However, it failed to sustain consolidation above this level. Consequently, over the last 24 hours, eth has seen a 2.5% price drop.
Featured image from Shutterstock, chart from TradingView.com
