Infosec Watchtower Logo

Digital Shadows: North Korea's Lazarus Group Launders $13 Million in Crypto Heist

Charles M. Walls | March 16, 2024 | Views: 223

In a digital world, shadowy figures stand around a swirling vortex of digital codes and cryptocurrency symbols.

In a daring move this week, cyber operatives with ties to North Korea washed a cool $13 million in ether through the controversial crypto blender Tornado Cash, according to insights from blockchain sleuths at Elliptic.

This cyber swoop was carried out by the infamous Lazarus Group, which slid a whopping $100 million in pilfered cryptocurrency through Tornado Cash in 40 stealth transactions on March 13 and 14, Elliptic's deep dive uncovered.

The spoils were part of a massive heist targeting the HTX exchange and its HECO cross-chain bridge last November, a heist that left the crypto world reeling.

"In a playbook move for crypto thieves, the swiped tokens were quickly converted to ETH through decentralized exchanges. The loot was then kept under wraps until March 13, when it suddenly started moving through Tornado Cash," Elliptic's analysts shared in a briefing.

Tornado Cash, a tool known for its ability to make the origins of digital assets disappear by mixing them with others, was banned by the US Treasury in August 2022. The Treasury had accused the service of washing over $7 billion since its inception in 2019.

After facing sanctions, the Lazarus Group briefly flirted with another mixer, Sinbad, to disguise their loot. However, a clampdown by US forces in November left them with no choice but to circle back to Tornado Cash.

Despite the sanctions, Tornado Cash remains operational, thanks to its foundation on decentralized blockchains and smart contracts, making it a tough nut for authorities to crack.

Lazarus Group, notorious for orchestrating digital heists netting over $3 billion in the past half-decade as per cybersecurity titan Recorded Future, employs a cunning array of disguises including posing as venture capital firms and banks to nab cryptocurrencies. They target individuals with access to sensitive information, leveraging initial token offerings and social media to spring their traps.