CyberSecurityBoard
Sponsor Register Login

Lazarus Group hackers appear to return to Tornado Cash for money laundering

North Korea's Lazarus hacking group allegedly has turned back to an old service in order to launder $23 million stolen during an attack in November.
Investigators at blockchain research company Elliptic said on Friday that in the last day they had seen the funds - part of the $112.5 million stolen from the HTX cryptocurrency exchange in November - laundered through the Tornado Cash mixing service.
The use of Tornado Cash stood out to Elliptic because the service was sanctioned by U.S. authorities in August 2022, prompting Lazarus actors to turn to another mixing service called Sinbad.io.
Elliptic said it has been tracking the $112.5 million stolen from HTX since the exchange attributed the incident to Lazarus.
The funds were held without movement until March 13, when Elliptic saw some go through Tornado Cash.
Other blockchain security companies confirmed they also saw the funds move across the blockchain.
North Korean hackers have to use services like Tornado Cash and Sinbad.io in order to obfuscate the source of their stolen funds and cash out what they take during the numerous crypto hacks launched over the last three years.
The proceeds help the regime dodge international sanctions related to its weapons programs, according to the U.S. government.
According to the Treasury Department, North Korean hackers used Sinbad and its predecessor Blender.io to launder a chunk of the $100 million stolen on June 3 from customers of Atomic Wallet, as well as significant portions of the more than $620 million stolen from Axie Infinity and the $100 million taken from Horizon Bridge - two of the largest crypto thefts on record.
Researchers estimate that North Korean groups stole about $1.7 billion worth of cryptocurrency in 2022 and about $1 billion in 2023.
Lazarus Group has been operating for more than 10 years, and according to U.S. officials has stolen over $2 billion worth of cryptocurrency to help fund the North Korean government's activities - including its weapons of mass destruction and ballistic missile programs.
The group itself was sanctioned by the U.S. government in 2019.
Jonathan has worked across the globe as a journalist since 2014.
Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.
He previously covered cybersecurity at ZDNet and TechRepublic.


This Cyber News was published on therecord.media. Publication date: Fri, 15 Mar 2024 18:40:04 +0000


Cyber News related to Lazarus Group hackers appear to return to Tornado Cash for money laundering

North Korean Hackers' $12M Ethereum Laundering Via Tornado Cash Unveiled - It has been reported that North Korean hackers associated with the Lazarus Group have exploited Tornado Cash in a recent development to launder approximately $12 million worth of stolen Ethereum in the last 24 hours, using the coin mix-up service ...
1 year ago Cysecurity.news Lazarus Group
US Treasury removes sanctions on Tornado Cash after appellate court loss | The Record from Recorded Future News - In November, the federal appeals court ruled that the executive branch’s authority to “block ‘property’ in which a foreign ‘national’ or ‘person’ has an ‘interest’” did not apply in the case of Tornado Cash because its immutable ...
4 weeks ago Therecord.media Lazarus Group
US removes sanctions against Tornado Cash crypto mixer - The U.S. Department of Treasury announced today that it has removed sanctions against Tornado Cash, a cryptocurrency mixer used by North Korean Lazarus hackers to launder hundreds of millions stolen in multiple crypto heists. In August 2023, the ...
4 weeks ago Bleepingcomputer.com
Lazarus Group hackers appear to return to Tornado Cash for money laundering - North Korea's Lazarus hacking group allegedly has turned back to an old service in order to launder $23 million stolen during an attack in November. Investigators at blockchain research company Elliptic said on Friday that in the last day they had ...
1 year ago Therecord.media Lazarus Group
Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus - In its continued efforts to crack down on North Korea's most formidable state-sponsored threat group, the US government has seized a virtual currency mixer that has been serving as the principal way the group launders money stolen from its ...
1 year ago Darkreading.com Lazarus Group
North Korean Hackers Cash Out $300 Million From $1.46 Billion ByBit Crypto Heist - Lazarus Group hackers believed to be affiliated with North Korea’s regime have successfully laundered at least $300 million from their unprecedented $1.5 billion cryptocurrency heist targeting the ByBit exchange. Elliptic’s analysis ...
1 month ago Cybersecuritynews.com Lazarus Group
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers - The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group. A cryptocurrency mixer is a server that allows people to deposit crypto, ...
1 year ago Bleepingcomputer.com Lazarus Group
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug - The new malware are two remote access trojans named NineRAT and DLRAT and a malware downloader named BottomLoader. The D programming language is rarely seen in cybercrime operations, so Lazarus probably chose it for new malware development to evade ...
1 year ago Bleepingcomputer.com
US Sanctions Sinbad Mixer: Disrupting Threats Unveiled - The U.S. Treasury Department recently took a significant step in the ongoing battle against cybercrime by imposing sanctions on Sinbad. It's a virtual currency mixer utilized by the North Korea-linked Lazarus Group to launder funds obtained through ...
1 year ago Securityboulevard.com Lazarus Group
North Koreans finish initial laundering stage after more than $1 billion stolen from Bybit | The Record from Recorded Future News - TRM Labs has tracked previous thefts by North Korean actors and found a similar playbook, where the hackers use DeFi platforms to convert funds into Bitcoin before using mixers to obfuscate the source of the cryptocurrency. Last week, the FBI ...
1 month ago Therecord.media Lazarus Group
North Korean hackers linked to $1.5 billion ByBit crypto heist - Since the attack, crypto fraud investigator ZachXBT has discovered links between the Bybit hackers and the infamous North Korean Lazarus threat group after the attackers sent stolen Bybit funds to an Ethereum address previously ...
1 month ago Bleepingcomputer.com Lazarus Group
North Korean hackers exploit critical TeamCity flaw to breach networks - Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks. In September, TeamCity fixed a critical ...
1 year ago Bleepingcomputer.com CVE-2023-42793 Andariel
Police Arrests 1000 Suspected Money Mules - Global law enforcers have arrested just over 1000 individuals suspected of money laundering, and identified thousands more, in a new operation designed to target the vast money laundering economy. Europol's European Money Mule Action operation also ...
1 year ago Infosecurity-magazine.com
CyberCrime & Doing Time: Classic Baggie: A Delaware BEC Case calls him the leader of an International Criminal Organization - The U.S. Attorney's office in Delaware charged Olugbenga Lawal with being a major money launderer for a Nigerian-based international criminal organization that specialized in Business Email Compromise and Romance Scam. The Defendant's importance in ...
1 year ago Garwarner.blogspot.com
Hackers from North Korea Aimed at Medical and Energy Industries - The North Korean Lazarus hacking group has been identified as the perpetrator of a recent cyber espionage operation known as No Pineapple!. This designation highlights the group's malicious activities and its ability to carry out sophisticated ...
2 years ago Cybersecuritynews.com
Canadian Financial Intelligence Agency Predicts Crypto Crime to Surge Rapidly - As the use of cryptocurrency grows, more criminals are likely to start using it to raise, move, and conceal money outside of the established banking system, according to Canada's financial intelligence agency. In a report published on Monday, the ...
1 year ago Cysecurity.news
North Korea's state hackers stole $3 billion in crypto since 2017 - North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017. Kimsuky, Lazarus Group, Andariel, and other North Korean hacking groups ...
1 year ago Bleepingcomputer.com Andariel Kimsuky Lazarus Group
DOJ Charges Binance With Vast Money-Laundering Scheme and Sanctions Violations - For years, the world's largest cryptocurrency exchange, Binance, has been dogged by rumors of malfeasance and federal investigations. Today, in a set of accusations that will rock the already tumultuous world of crypto, the US Department of Justice ...
1 year ago Wired.com Cuba
FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist - Since the incident, crypto fraud investigator ZachXBT discovered multiple links to the infamous North Korean threat group after the attackers sent some of the stolen Bybit funds to an Ethereum address used in the Phemex, BingX, and Poloniex hacks ...
1 month ago Bleepingcomputer.com APT3 APT38 Lazarus Group
OKX suspends DEX aggregator after Lazarus hackers try to launder funds - OKX Web3 has decided to suspend its DEX aggregator services to implement security upgrades following reports of abuse by the notorious North Korean Lazarus hackers, who recently conducted a $1.5 billion crypto heist. OKX is a leading global ...
1 month ago Bleepingcomputer.com Lazarus Group
Booking.com hackers increase attacks on customers - Hackers are increasing their attacks on Booking.com customers by posting adverts on dark web forums asking for help finding victims. Cyber-criminals are offering up to $2,000 for login details of hotels as they continue to target the people who are ...
1 year ago Bbc.com
US Treasury sanctions Sinbad cryptocurrency mixer used by North Korean hackers - The U.S. Treasury Department on Wednesday sanctioned a popular cryptocurrency mixer used to launder funds stolen by hackers connected to the North Korean government. The Treasury Department's Office of Foreign Assets Control announced new sanctions ...
1 year ago Therecord.media Lazarus Group
Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
6 months ago Securelist.com
Orbit Chain Loses $86M in Cross-Chain Bridge Hack - Orbit Chain, a South Korean platform designed to act as a multi-asset blockchain hub, revealed a massive breach on December 31, 2023. Orbit Chain revealed specifics of the theft in a series of posts on X, saying the hacker employed cryptocurrency ...
1 year ago Cysecurity.news
North Korean Hackers Developing Malware in Dlang Programming Language - The North Korea-linked hacking group Lazarus has been observed deploying Dlang malware in attacks against organizations in the manufacturing, agriculture, and physical security sectors, Cisco's Talos security researchers report. Released in 2001, ...
1 year ago Packetstormsecurity.com Andariel

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)