The U.S. government has slapped sanctions on virtual currency mixer Tornado Cash for laundering more than $7 billion in crypto cash derived from cybercriminal activity. At least $455 million of that was moved for state-sponsored Lazarus Group in part to help fund North Korea’s missile program, officials said.
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) unveiled the action—which basically freezes all of the assets and business of Tornado Cash and prohibits anyone from doing business with the service–on Monday, citing a number of occasions that the service laundered crypto for hackers. The website of the service already has been taken offline and any transaction having to do with the service or anyone affiliated with it is now blocked within the United States.
a blog post published Thursday.
In addition to the hefty sum that prolific North Korean-based Lazarus has moved through the service, Tornado Cash also laundered more than $96 million of cybercriminal funds derived from the June 24 theft of cryptocurrency from the Horizon blockchain bridge from Harmony, and at least $7.8 million from an Aug. 2 attack that stole $190 million from the Nomad crypto firm, U.S. officials said.
The move to sanction Tornado Cash for Lazarus’ activities on the exchange is an integral part of the White House’s response to North Korea’s use of cyber warfare against cryptocurrency exchanges to finance its missile program, a senior administration official said, according to a tweet from Politico cybersecurity reporter Eric Geller.
Indeed, Lazarus is well-known in cybersecurity circles as a financially motivated advanced persistent threat (APT) aimed at stealing cash as well as performing cyberespionage activities for the regime of Kim Jong-un. The OFAC already sanctioned the group and all its sub-entities in 2019 for their various cybercriminal actions to support North Korea’s weapons programs.
The sanctions against Tornado Cash come after its operators were warned about the illegal activity occurring on the exchange, which the feds have been monitoring, according to the Department of Treasury.
Indeed, the government has in general been keeping a close eye on so-called crypto mixers and will continue to do so in the future, Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian Nelson said. These services, which allow anonymous users to transfer various types of crypto, are frequented by cybercriminals to move payments from ransomware attacks and other illicit actions.
“Despite public assurances otherwise, Tornado Cash has repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors on a regular basis and without basic measures to address its risks,” Nelson said in a press statement.
Tornado Cash operates on the Ethereum blockchain and facilitates anonymous transactions by obfuscating their origin, destination and other parties involved, and has no interest in knowing where the money is coming from, according to the Treasury Department.
The service receives a variety of transactions and mixes them together before transmitting them to their individual recipients. While Tornado Cash purports to maintain anonymity for users for privacy purposes, this also and quite conveniently makes it easy for cybercriminals—particularly ones pulling off heists of significant sums of money—to hide their activity.
Lazarus has been active since at least 2009 and is considered by government officials and security researchers alike to be one of the world’s most prolific threats. The group possesses a variety of advanced malware, ransomware and other tools in its bag of tricks, and changes up tactics and targets frequently to keep law enforcement on its toes.