Crypto Hackers Deposit $1.9B on Tornado Cash despite OFAC Sanctions

by

As a seasoned crypto investor with over a decade of experience in this volatile market, I’ve seen my fair share of scams, hacks, and criminal activities. However, nothing quite compares to the audacity of Tornado Cash and its developers who continue to facilitate money laundering despite being sanctioned by the US Department of Treasury and facing legal challenges.

Despite sanctions from the US Department of Treasury’s Office of Foreign Assets Control (OFAC) and ongoing legal battles, Tornado Cash – a well-known cryptocurrency tumbler – remains a favored destination for funds from cybercriminals.

During the first half of 2024, hackers have managed to transfer over $1.9 billion via the platform, which is an open-source solution created by Roman Semenov, Alexey Pertsev, and Roman Storm for carrying out confidential transactions on Ethereum.

Hacks and Laundering

A mixer, designed to hide the source of financial transactions, has emerged as a favored refuge for cybercriminals, money launderers, and other nefarious elements. As per a Flipside Crypto report, an astounding $1.9 billion was deposited into these services in 202x, marking a significant 50% increase from the cumulative funds deposited in all of 2023.

Money that gets washed through Tornado Cash comes from diverse illegal activities, such as hacks, cons, and frauds, in the crypto sphere. For instance, hackers who stole around $125 million from Poloniex channelled a portion of their ill-gotten gains via this mixer.

The suspected North Korean hacking group, Lazarus, is estimated to have laundered approximately $3.3 million of their stolen funds through a crypto mixer in May. Following this transaction, the criminals have continued to use the crypto mixer to cleanse their illicit gains, amassing a total of $76 million as of current data from blockchain analysis firm Arkham Intelligence.

As a seasoned cybersecurity analyst with over a decade of experience in the field, I’ve seen my fair share of cryptocurrency hacks and heists. The case of Kronos Research, a quantitative crypto trading company that was targeted in November 2023, is one that still haunts me. The attackers made off with $25 million, and astonishingly, part of the stolen funds found their way to Tornado Cash in May 2024.

Further Incidents

In the opening three months of 2024, Tornado Cash received approximately $185 million as a result of two significant cyberattacks that occurred towards the end of 2023.

In March, hackers responsible for the HECO Bridge heist moved around 137 million dollars worth of stolen cryptocurrencies to Tornado Cash. Similarly, Orbit Chain hackers processed approximately $48 million in ill-gotten gains through this anonymous transaction platform during the same month.

The occurrences serve as a reminder of why Tornado Cash was sanctioned by OFAC in August 2022 to prevent crypto-related money laundering. Nevertheless, this platform has persisted in enabling illicit activities, which in turn has resulted in legal consequences for its creators. In the year 2023, US law enforcement took action against Tornado Cash’s co-founders, Roman Storm and Roman Semenov, charging them with money laundering and violation of sanctions. Consequently, they were apprehended in the United States.

Two developers were implicated in helping North Korea’s Lazarus Group launder an estimated $1 billion. Prior to Storm’s apprehension, his colleague Alexey Pertsev, a 31-year-old Russian national, had been detained in the Netherlands on related money laundering charges since August 2022. In May 2024, he was convicted and given a sentence of 5 years and 4 months in prison.

Semenov and Storm are currently facing trials in a United States federal court, having entered not guilty pleas.

Read More

2024-07-19 12:15