Lazarus Group stole $ 12 million worth of Ethereum using Tornado Cash cryptomixer

Elliptic analysts report that the North Korean hacker group Lazarus has once again started using the Tornado Cash cryptocurrency mixer to cover up its transactions.

Researchers have found that over the past three days, Lazarus members have transferred $ 12 million worth of Ethereum ETH $3,387.84 Ethereum -1.89% Market capitalization $407.17 billion VOL. 24 hours $0.69 billion via Tornado Cash. The funds were stolen last year in November during a hack of the HTX crypto exchange and its HTX Eco Chain (HECO) interconnect.

During the attack, the attackers managed to empty the platform’s hot wallets for $ 30 million, and on the same day, $ 86.6 million worth of crypto assets were stolen from HECO. Some time after the incident, the cryptocurrency started moving again and was transferred through Tornado Cash in 40 transactions.

«Tornado Cash continues to operate despite the sanctions. The mixer operates using smart contracts that operate on decentralized blockchains, so the service cannot be shut down as it was with centralized mixers like Sinbad,» Elliptic researchers said.

As a reminder, the Tornado Cash platform has been under US sanctions since 2022 for repeatedly assisting cybercriminals in laundering illegally obtained funds. At that time, Lazarus Group switched to other cryptocurrency mixers, including Sinbad. However, in November 2023, the US Treasury Department blacklisted this service as well, prompting the hacker group to return to Tornado Cash.

The US authorities are still conducting a trial against the developers of the cryptomixer, Roman Storm and Alexey Pertsev. They are accused of conspiring to conduct unlicensed activities that facilitate money laundering through cryptocurrencies. Last year, Shtorm was released on bail, and Pertsev was placed under house arrest until the investigation is completed.