Hackers like Lazarus continue to use Tornado Cash despite US sanctions Hackers like Lazarus continue to use Tornado Cash despite US sanctions

Hackers like Lazarus continue to use Tornado Cash despite US sanctions

Elliptic said Lazarus Group's return to Tornado Cash reflects the authorities' inability to curb the mixer's operations effectively due to its decentralized nature.

Hackers like Lazarus continue to use Tornado Cash despite US sanctions

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Blockchain analytics firm Elliptic revealed that the North Korea-backed hacker group Lazarus is once again using sanctioned crypto mixer Tornado Cash to obfuscate its transactions.

Last year, the group ceased using the crypto mixer after US government sanctions, which were imposed due to allegations of aiding criminals in laundering illegally obtained digital assets.

Following the sanctions, Tornado Cash saw an 85% decline in overall volume as hackers began using alternatives like and cross-chain bridges.

Why Lazarus group returned to Tornado Cash

However, the US government’s sanctions on for facilitating money laundering activities of North Korean state-sponsored hacking groups have limited options for Lazarus.

Consequently, the group has turned to Tornado Cash, which has remained operational despite the US sanctions due to its decentralized nature.

Elliptic also disclosed that the group recently moved approximately $13 million in funds stolen from the HTX Exploit. These funds were transferred through Tornado Cash in over 40 transactions within the last three days, marking their first movement since the November 2023 incident.

What does this mean for the industry?

Lazarus Group’s return to Tornado Cash reflects the government’s inability to curb the mixer’s operations effectively, according to Elliptic.

The firm explained that Tornado Cash cannot be seized and shut down like centralized mixers because it operates through smart contracts on decentralized blockchains.

Tom Robinson, the co-founder of Elliptic, added:

“The takedowns of centralized mixers by law enforcement agencies is perhaps pushing crypto laundering back towards decentralized alternatives.”

Data from DeFillama further suggests a resurgence of the platform, with the total value of assets locked reaching $565 million, marking its highest level since the US government imposed sanctions in 2022.

This uptrend is also reflected in the protocol’s native TORN token, which was trading at roughly $2 as of press time โ€” up 13% during the past day, based on CryptoSlateย data.

Meanwhile, the crypto community has rallied behind the project’s developers after multiple governments, including the US, targeted them with legal action.ย Notable crypto stakeholders like Coinbase have supported the developers’ legal defense.

Mentioned in this article