Hackers like Lazarus continue to use Tornado Cash despite US sanctions Hackers like Lazarus continue to use Tornado Cash despite US sanctions
Elliptic said Lazarus Group's return to Tornado Cash reflects the authorities' inability to curb the mixer's operations effectively due to its decentralized nature.
2 min read
Updated: Mar. 14, 2024 at 6:43 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Blockchain analytics firm Elliptic revealed that the North Korea-backed hacker group Lazarus is once again using sanctioned crypto mixer Tornado Cash to obfuscate its transactions.
Last year, the group ceased using the crypto mixer after US government sanctions, which were imposed due to allegations of aiding criminals in laundering illegally obtained digital assets.
Following the sanctions, Tornado Cash saw an 85% decline in overall volume as hackers began using alternatives like Sinbad.io and cross-chain bridges.
Why Lazarus group returned to Tornado Cash
However, the US government’s sanctions on Sinbad.io for facilitating money laundering activities of North Korean state-sponsored hacking groups have limited options for Lazarus.
Consequently, the group has turned to Tornado Cash, which has remained operational despite the US sanctions due to its decentralized nature.
Elliptic also disclosed that the group recently moved approximately $13 million in funds stolen from the HTX Exploit. These funds were transferred through Tornado Cash in over 40 transactions within the last three days, marking their first movement since the November 2023 incident.
What does this mean for the industry?
Lazarus Group’s return to Tornado Cash reflects the government’s inability to curb the mixer’s operations effectively, according to Elliptic.
The firm explained that Tornado Cash cannot be seized and shut down like centralized mixers because it operates through smart contracts on decentralized blockchains.
Tom Robinson, the co-founder of Elliptic, added:
“The takedowns of centralized mixers by law enforcement agencies is perhaps pushing crypto laundering back towards decentralized alternatives.”
Data from DeFillama further suggests a resurgence of the platform, with the total value of assets locked reaching $565 million, marking its highest level since the US government imposed sanctions in 2022.
This uptrend is also reflected in the protocol’s native TORN token, which was trading at roughly $2 as of press time โ up 13% during the past day, based on CryptoSlateย data.
Meanwhile, the crypto community has rallied behind the project’s developers after multiple governments, including the US, targeted them with legal action.ย Notable crypto stakeholders like Coinbase have supported the developers’ legal defense.
Mentioned in this article
Author 
Oluwapelumi Adejumo
Oluwapelumi values Bitcoin's potential. He imparts insights on a range of topics like DeFi, hacks, mining and culture, underlining transformative power.
Editor Editor 
Assad Jafri
AJ, a passionate journalist since Yemen's 2011 Arab Spring, has honed his skills worldwide for over a decade. Specializing in financial journalism, he now focuses on crypto reporting.
In this article
Ethereum is a decentralized, open-source blockchain platform that enables the creation of smart contracts and decentralized applications (DApps).
Elliptic
Elliptic empowers financial institutions and crypto businesses to confidently manage risk and meet AML regulatory compliance worldwide.
HTX
Huobi, a virtual asset exchange, launched a revised branding strategy on September 13, 2023, where “Huobi” will be rebranded as “HTX.” “H” stands for Huobi, “T” represents TRON with a commitment to being all in TRON, and “X” stands for the exchange.
