Sanctioned Crypto Wallet Linked to North Korean Hackers Keeps On Laundering
Despite Tornado Cash’s best attempts, it’s a wallet whack-a-mole game. For the time being, it appears that the hackers are winning. In violation of US sanctions, a purportedly North Korean Ethereum wallet linked to a $600 million crypto theft proceeded to launder its stolen ETH on Friday.
The blacklisted address, which US officials suspect is operated by North Korea’s elite “Lazarus” cyber outfit, was taken to the cleaners this morning in New York time, a day after federal officials included it on their sanctions database.
Its crypto immediately flew through the prominent currency mixer Tornado Cash, where the trail went cold after a brief pit stop at an unsanctioned wallet.
It was a continuation of what one tracing expert told CoinDesk was a “brute-force” laundering method designed for speed – even if it meant sacrificing some of the money. After draining the Ronin Bridge of over $600 million in cryptocurrency a month ago, the hackers are now transferring their loot through Tornado Cash, around $10 million at a time.
Elliptic, a tracing firm, estimated that the Ronin hackers had laundered $80 million using Tornado Cash on Thursday. The deals on Friday morning are expected to add at least $8 million to this total. It’s unknown how much Lazarus will be able to launder successfully for its own reasons.
According to a United Nations panel and independent cybersecurity experts, cyberattacks have been a major source of cash for the North Korean state for years as its leader, Kim Jong Un, pursued nuclear weapons.
North Korea is reported to have launched its first intercontinental ballistic missile in more than four years last month.
According to Chainalysis, a company that records digital currency transactions, the Lazarus Group has stolen an estimated $1.75 billion in cryptocurrencies in recent years.
“Unlike a shop, a cryptocurrency attack is effectively bank theft at the speed of the internet, funding North Korea’s destabilizing behavior and weapons proliferation,” said Ari Redbord, head of legal affairs at TRM Labs, a firm that examines cryptocurrency hacking.