North Korean Regime Accused of Laundering $150 Million in Stolen Cryptocurrency Using Privacy Protocol
In a shocking revelation, it has been reported that entities associated with the North Korean regime utilized the privacy protocol known as Tornado Cash to launder approximately $150 million in stolen cryptocurrency assets in March. This information was leaked from a confidential United Nations (UN) report, which was obtained by Reuters.
According to the report, the notorious cybercriminal group known as the Lazarus Group successfully transferred a dormant bag of stolen crypto assets back to North Korea, their home base. The stolen funds, amounting to $147.5 million, were illegally extracted from HTX, a crypto exchange owned by Justin Sun, the founder of Tron, in March 2023. A year later, the money was funneled into North Korea using Tornado Cash.
Tornado Cash, along with other crypto mixing services, is a useful tool for hackers and scammers to anonymize stolen crypto assets and make them untraceable. These services allow bad actors to cover their tracks and avoid detection.
The UN is currently investigating a total of 97 cyberattacks carried out by North Korea, which have drained approximately $3.6 billion worth of cryptocurrencies between 2017 and 2024. In 2024 alone, the UN has looked into “11 cryptocurrency thefts valued at $54.7 million,” and it is alleged that these thefts are linked to “the Democratic People’s Republic of Korea (DPRK) IT workers inadvertently hired by small crypto-related companies.”
It is worth mentioning that the United States has already imposed sanctions on Tornado Cash in 2022, accusing it of aiding North Korea in evading cross-border remittance sanctions. However, the protocol and its founders have vehemently denied these allegations for more than two years.
In a recent development, Alexey Pertsev, a developer of Tornado Cash, was found guilty of money laundering, which could have significant implications for open-source code developers. Pertsev has been sentenced to five years and four months in prison for allegedly laundering $1.2 billion worth of illicit assets on the platform. His legal team has been given a 14-day window to appeal the court’s ruling.
It is important to note that the use of Tornado Cash to siphon stolen funds is not limited to North Korea. It is a highly sought-after method within the global hacker community. In a separate incident, it was discovered on May 14 that stolen Ether (ETH) worth $53 million, which was linked to the $100 million hack of the cryptocurrency exchange Poloniex, had been transferred to Tornado Cash.
The hacker responsible for the Poloniex hack moved more than 17,800 ETH from six different wallets into a single Tornado Cash address, as depicted in the flowchart above.
In a related matter, David Brin, a renowned sci-fi author, has suggested that deploying artificial intelligence against each other could prevent an AI apocalypse. This approach, he believes, could help to maintain control and prevent any potential catastrophic consequences.