North Korean hackers exploited the Tornado Cash cryptocurrency mixer, which the US has put under sanctions
Today, the Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department sanctioned Tornado Cash, a cryptocurrency mixer service that has been used to smuggle more than $7 billion since its inception in 2019.
Additionally, the APT Lazarus Group, which is supported by North Korea, used the cryptocurrency mixer to launder about $455 million of the greatest known crypto theft ever.
As a result of that attack, Lazarus was able to steal $620 million worth of Ethereum after hacking Axie Infinity’s Ronin network bridge in April. This was a portion of the overall bounty that was amassed after that attack.
More than 96 million dollars from the June Harmony Bridge hack and at least 7.8 million dollars from the August Nomad Heist were also cleaned up using Tornado Cash.
This cryptocurrency mixer was also deployed in the Arbix Finance exit fraud as well as the hacking of the decentralized cryptocurrency exchange Uniswap, the Beanstalk Defi platform, and the blockchain music platform Audius to make it more difficult to track down stolen funds.
“Today, Treasury is sanctioning Tornado Cash, a virtual currency mixer that launders the proceeds of cybercrimes, including those committed against victims in the United States,” said Brian E. Nelson, the Under Secretary of the Treasury for Terrorism and Financial Intelligence.
“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks.”
The Lazarus hacking squad also utilized Blender.io, a business the U.S. Treasury sanctioned in May, to launder cryptocurrency taken as a result of hacking the Ronin bridge.
In addition, Larry Dean Harmon, the creator, and owner of the Helix and Coin Ninja mixer services received the first-ever civil money penalty from the Financial Crimes Enforcement Network (FinCEN) in October 2020 for breaking the Bank Secrecy Act (BSA) and its related rules.
FinCEN disclosed at the time that several dark web black marketplaces, including AlphaBay, Dream Mark, Agora Market, Nucleus, and others, were the source of the majority of the cryptocurrency that was cleaned up using the Helix tumbler.
“Virtual currency mixers that assist criminals are a threat to U.S. national security. Treasury will continue to investigate the use of mixers for illicit purposes and use its authorities to respond to illicit financing risks in the virtual currency ecosystem,” OFAC added today.
“As today’s action demonstrates, mixers should, in general, be considered as high-risk by virtual currency firms, which should only process transactions if they have appropriate controls in place to prevent mixers from being used to launder illicit proceeds.”
