Business Crypto

North Korea used Tornado Cash to withdraw stolen HTX funds amounting to 147.5 million

Getting your Trinity Audio player ready...

Entities representing the North Korean regime used the Tornado Cash privacy protocol to launder nearly $150 million in stolen cryptocurrency assets in March.

According to a leaked confidential UN report seen by Reuters, notorious cyber attackers dubbed the Lazarus Group transported an inactive suitcase of stolen cryptocurrency assets to their main base in North Korea.

In March 2023, North Korean hackers illegally extracted $147.5 million worth of cryptocurrencies from HTX, a cryptocurrency exchange owned by Tron founder Justin Sun. A year later, the money was transferred to North Korea using Tornado Cash.

Cryptocurrency mixing services like Tornado Cash are useful tools for hackers and scammers. Bad actors use them to anonymize stolen cryptocurrency assets and make them untraceable.

According to a Reuters report, the United Nations is currently investigating 97 North Korean cyberattacks that drained nearly $3.6 billion in cryptocurrencies between 2017 and 2024.

In 2024 alone, UN monitors investigated “11 cryptocurrency thefts… worth $54.7 million,” allegedly linked to “information technology workers in the Democratic People’s Republic of Korea who were unwittingly hired by small businesses linked to cryptocurrencies.”

The United States imposed sanctions on Tornado Cash in 2022 for allegedly helping North Korea evade sanctions on cross-border transfers. However, the protocol and its founders have refuted these claims for more than two years.

On May 14, Alexei Burtsev, developer of the Tornado Cash cryptocurrency mixing protocol, was found guilty of money laundering, raising potentially serious consequences for open source code developers.

Burtsev was sentenced to five years and four months in prison for laundering illicit assets worth $1.2 billion on the platform. His legal representatives were given 14 days to appeal the court ruling.

Related: CryptoQuant CEO says mixing cryptocurrencies is “not a crime.”

The use of Tornado Cash to withdraw stolen funds is not limited to North Korea. In fact, it is the most requested method across the global hacker community.

On May 14, blockchain investigation firm PeckShield found that $53 million worth of stolen ether linked to the $100 million Poloniex hack had been transferred to Tornado Cash.

Poloniex hacker transfers stolen funds to Tornado Cash wallet. Source: Peak Shield

The hacker transferred more than 17,800 ETH from six different wallets to a single Tornado Cash address, as shown in the flowchart above.

magazine: “Sic AIs on each other” to prevent an AI apocalypse: David Brin, science fiction author