The Lazarus Group, an infamous cybercriminal organization linked to North Korea, has resurfaced in the news for allegedly laundering $23 million through Tornado Cash, an old targeted mixing service. This action has caught the attention of blockchain research company Elliptic amid ongoing investigations into the group’s illicit activities. Elliptic observed a shift in behavior as Lazarus Group returned to Tornado Cash following the U.S. authorities’ sanctioning of alternative mixing services, including Sinbad.io. The company outlined this change as a result of law enforcement takedowns of services like Sinbad.io, limiting the number of large-scale mixers available for cybercriminals. Moreover, it was highlighted that Tornado Cash has managed to continue operating despite sanctions due to its decentralized nature, making it resistant to seizure and shutdown.
North Korean hackers, including the Lazarus Group, have been utilizing services like Tornado Cash and Sinbad.io to disguise the origins of stolen funds obtained through numerous cryptocurrency hacks. The funds laundered through these services reportedly aid the regime in evading international sanctions imposed on its weapons programs. The U.S. Treasury Department documented instances of North Korean hackers using Sinbad and its precursor, Blender.io, to launder substantial amounts stolen from various cryptocurrency-related incidents. Notably, researchers estimated that North Korean groups unlawfully obtained approximately $1.7 billion worth of cryptocurrency in 2022 and about $1 billion in 2023, signifying the scale and persistence of their illicit activities in the crypto space. The longstanding operations of the Lazarus Group and its purported involvement in laundering over $2 billion worth of cryptocurrency, as acknowledged by U.S. officials, underscore the group’s significant impact on financial cybercrime, particularly in funding North Korea’s government initiatives.
