North Korean Hackers’ Bold $12M Ether Laundering Scheme Unveiled

• North Korean hacking group Lazarus allegedly laundered over $12 million stolen from cross-chain bridge Heco using Tornado Cash mixing service to obscure the money trail.
• Hack illustrates ongoing threat that crypto bridges face from sophisticated hacking groups; bridges aim to facilitate interoperability but have proven vulnerable.
• Incident highlights challenge regulators face dealing with privacy tools like Tornado Cash that aid money laundering; Elliptic tracking stolen funds but sanctions may prevent cash out.

The hacking group sent more than 40 transactions to Tornado Cash over the past 24 hours.

Details of the Hack

The North Korean hacking group known as Lazarus has allegedly laundered over $12 million in cryptocurrency stolen from the cross-chain bridge Heco using the tornado cash mixing service.

According to blockchain analysis firm Elliptic, the funds were stolen on October 22nd. Elliptic claims the hackers have sent over 40 transactions to tornado.cash in the past 24 hours in an attempt to obfuscate the money trail.

Tornado Cash is an Ethereum mixing protocol that aims to preserve the privacy of users by obscuring the source of funds. However, this also makes the service attractive for money laundering and other illicit finance activities.

The alleged hack illustrates the ongoing threat crypto bridges face from sophisticated hacking groups. Bridges aim to facilitate interoperability between different blockchains but have proven vulnerable to security flaws that can lead to major exploits.

Response

The alleged hack also highlights the enforcement challenge regulators face when dealing with privacy-enhancing tools like tornado.cash. OFAC sanctioned tornado.cash in August due to concerns over money laundering. However, decentralization makes restrictions difficult to enforce in practice.

Elliptic says it is continuing to track the stolen funds and that the Lazarus group may face difficulties cashing out due to the sanctions. The report concludes that the hack demonstrates the group’s interest in targeting DeFi protocols for exploitation.