Stolen Crypto Funneled Through Tornado Cash by Lazarus Group

Recent research from the blockchain analytics firm Elliptic reveals that the North Korean hacker group Lazarus has resumed using the Tornado Cash service to launder stolen funds. A total of $23 million, pilfered during an attack on the cryptocurrency exchange HTX in November, was recently laundered through this service.

Tornado Cash, a cryptocurrency mixing service, faced sanctions from U.S. authorities in August 2022, yet its decentralized structure has allowed it to continue operating. The U.S. Department of the Treasury also imposed sanctions against a similar service,, in November of the previous year.

Lazarus Tornado Cash

Lazarus Group’s return to Tornado Cash highlights the limited availability of major mixing services still operational after stringent law enforcement actions. Elliptic reports that the hackers conducted over 60 transactions totaling more than $23 million through Tornado Cash to obscure the trail of the funds.

The use of services like Tornado Cash and enables North Korean cybercriminals to conceal the origins of the stolen funds and legitimize them. According to the U.S. government, such activities facilitate the circumvention of international sanctions related to North Korea’s military programs.

Over the past three years, hacking groups linked to North Korea have stolen vast amounts of cryptocurrency: approximately $1.7 billion in 2022 and around $1 billion in 2023.

Elliptic continues to track the movement of $112.5 million stolen since the HTX attack in November. The stolen cryptocurrency remained static until March 13, when transactions through Tornado Cash were detected. Other blockchain security companies have also confirmed the movement of funds.

Elliptic’s research underscores the importance of monitoring and analyzing cryptocurrency transactions to secure digital assets and counteract the financing of malicious activities on the international stage.

In their attempts to cover their tracks, hackers may bide their time before transferring funds from one crypto wallet to another. Nonetheless, blockchain experts remain vigilant, always ready to inform law enforcement of the precise destination of the stolen cryptocurrency.