Security experts name another cryptocurrency mixer used by Korean hackers for money laundering

SlowMist security experts have found that North Korean hackers from the Lazarus Group used not only the Tornado Cache mixer to launder stolen funds, but also the ChipMixer cryptocurrency mixing service.

According to a report by SlowMists, after the Ronin Bridge hack, which powers the popular Axie Infinity game, hackers laundered 74.7% of the stolen funds in ETH through Tornado Cash (25.3% of digital assets in Ethereum are still stored on hackers' wallets). The fraudsters used ChipMixer to launder 49% of the stolen bitcoins (3460 BTC), while the rest of the funds in bitcoins, as well as in ETH, are stored on the hackers' accounts.

It is worth noting that Lazarus Group focuses on attacks on cryptocurrency platforms in the Asia-Pacific region (APAC) (possibly due to language reasons) — many members of the Harmony team have connections to APAC. Previously, hackers preferred to launder funds through the Tornado Cache mixer, but after the introduction of sanctions by the US government, it is not known whether fraudsters will be able to use this mixer as easily and remain undetected.

Members of the cryptocurrency community suggested that after the information about the use of the ChipMixer service by North Korean hackers was made public, the mixer may suffer the fate of Tornado Cash.

As a reminder, on August 8, the US Office of Foreign Assets Control (OFAC) added the Tornado Cash mixer website to the sanctions list on suspicion of cryptocurrency laundering. The agency banned Americans and state-owned enterprises from using the platform’s services. After that, key blockchain infrastructure services joined the list of organizations that block access to the cryptocurrency mixer. However, this did not prevent a huge number of organizations and users from defending Alexey Pertsev. The service developer was arrested in Amsterdam.