Groups representing the North Korean regime used the privacy protocol Tornado Cash to launder about $150 million in stolen cryptocurrency assets in March.
A group of notorious cyber attackers called the Lazarus Group has moved dormant suitcases containing stolen cryptocurrency assets back to their North Korean base, according to a leaked UN confidential report obtained by Reuters.
In March 2023, North Korean hackers illegally extracted $147.5 million worth of cryptocurrency from HTX, a cryptocurrency exchange owned by Tron founder Justin Sun. A year later, funds were transferred to North Korea using Tornado Cash.
Cryptocurrency mixing services like Tornado Cash are convenient tools for hackers and scammers. Malicious actors use this to anonymize stolen cryptocurrency assets and make them untraceable.
According to a Reuters report, the United Nations is currently investigating 97 North Korean cyberattacks that leaked about $3.6 billion worth of cryptocurrency between 2017 and 2024.
In 2024 alone, the UN watchdog investigated “11 cases of cryptocurrency theft worth $54.7 million,” alleging they involved “Democratic People’s Republic of Korea (DPRK) IT employees inadvertently employed by small cryptocurrency-related companies.”
The United States sanctioned Tornado Cash in 2022 for helping North Korea evade cross-border remittance sanctions. However, the protocol and its founders have been refuting these claims for over two years.
On May 14, Alexey Pertsev, the developer of Tornado Cash, a cryptocurrency mixing protocol, was found guilty of money laundering, with potentially serious implications for open source code developers.
Pertsev was sentenced to five years and four months in prison for laundering $1.2 billion worth of illegal assets on the platform. His legal representatives were given 14 days to appeal the court decision.
Related: CryptoQuant CEO says mixing cryptocurrencies is ‘not a crime’
Using Tornado Cash to divert stolen funds is not limited to North Korea. Rather, it is the most sought after method in the global hacker community.
On May 14, blockchain research firm PeckShield discovered that $53 million worth of stolen Ether linked to the $100 million hack of Poloniex had been moved to Tornado Cash.
As shown in the flowchart above, the hacker moved more than 17,800 ETH from six different wallets to a single Tornado Cash address.
magazine: ‘AI in each other’ to prevent AI apocalypse: Science fiction writer David Brin