Entities representing the North Korean regime used privacy protocol Tornado Cash to launder nearly $150 million in stolen cryptocurrency assets in March.
According to a leaked confidential United Nations (UN) report accessed by Reuters, infamous cyberattackers dubbed the Lazarus Group moved a dormant bag of stolen crypto assets back to their home base in North Korea.
In March 2023, the North Korean hackers unlawfully extracted $147.5 million worth of cryptocurrencies from HTX, a crypto exchange owned by Tron founder Justin Sun. A year later, the funds were siphoned into North Korea using Tornado Cash.
Crypto mixing services such as Tornado Cash are handy tools for hackers and scammers. Bad actors use them to anonymize stolen crypto assets and make them untraceable.
According to the Reuters report, the UN is currently investigating 97 North Korean cyberattacks that drained roughly $3.6 billion worth of cryptocurrencies between 2017 and 2024.
In 2024 alone, the UN monitors investigated “11 cryptocurrency thefts … valued at $54.7 million,” alleging linked to “the Democratic People’s Republic of Korea (DPRK) IT workers inadvertently hired by small crypto-related companies.”
The United States sanctioned Tornado Cash in 2022 for allegedly helping North Korea evade cross-border remittance sanctions. However, the protocol and its founders refuted the allegations for over two years.
On May 14, Alexey Pertsev, the developer of the cryptocurrency mixing protocol Tornado Cash, was found guilty of money laundering, raising potentially severe implications for open-source code developers.
Pertsev was sentenced to five years and four months in prison for allegedly laundering $1.2 billion worth of illicit assets on the platform. His legal representatives were given 14 days to appeal the court ruling.
Related: Crypto mixing is ‘not a crime,’ says CryptoQuant CEO
Using Tornado Cash to siphon stolen funds is not limited to North Korean. Rather, it’s the most sought-after method across the global hacker community.
On May 14, Blockchain investigation firm PeckShield found that Stolen Ether worth $53 million linked to the Poloniex $100 million hack was moved to Tornado Cash.
The hacker moved over 17,800 ETH from six different wallets into a single Tornado Cash address, as shown in the flowchart above.
Magazine: ‘Sic AIs on each other’ to prevent AI apocalypse: David Brin, sci-fi author