The cryptocurrency community is facing renewed scrutiny concerning security as hackers have laundered $7 million through Tornado Cash, a crypto mixer known for its role in clouding the origins of digital assets.
The funds in question were siphoned off from two major cryptocurrency platforms, Poloniex and Kronos Research, and subsequently funneled through Tornado Cash in an attempt to blur their origin.
As revealed by Arkham Intelligence, the hackers moved the funds in batches over two hours, with on-chain data revealing transactions of 100 Ethereum (ETH) each, totaling approximately $3.3 million, which had been dormant for nearly six months before the transaction.
The Lazarus Group, a notorious cybercrime syndicate with suspected ties to North Korea, is believed to be the Poloniex hackers behind the massive $114 million hack of the cryptocurrency exchange Poloniex.
On November 10, 2023, the exchange suffered a significant security breach, resulting in the theft of a variety of cryptocurrencies.
In a separate but equally concerning event, the perpetrators behind the Kronos Research breach transferred 200 ETH directly to Tornado Cash and around 1,314 ETH (valued at roughly $4 million) to a new wallet, identified as 0x164.
From this wallet, the funds began their journey to Tornado Cash, leaving a balance of 314 ETH, estimated to be around $962,000.
Tornado Cash is a digital wallet known to mix origins and block out traces of tokens providing a layer of privacy for cryptocurrency traders to conduct transactions.
It is a decentralized, non-custodial privacy solution on the Ethereum blockchain that enhances privacy by creating a secret hash during the deposit, which is then used to confirm ownership during withdrawal without revealing the sender’s identity.
Tornado Cash’s involvement in this scheme is significant, considering its history in cybercrime-related cases. Following its use by the North Korean-affiliated Lazarus Group in the $615 million Ronin bridge heist, the US Treasury imposed sanctions on Tornado Cash in 2022.
This is…not good. From the Tornado Cash case. Their broad definition of money transmission would encompass pretty much everything, regardless of if funds were ever not in users control. It’s imperative for the future of #Bitcoin that this gets defeated. https://t.co/XE17ESkTAe… pic.twitter.com/N8eCTFQOq6
— ₿itcoin Roth₿ard (@BitcoinRothbard) April 27, 2024
Since then, the platform’s developers have faced charges from the US Department of Justice (DOJ), including allegations of money laundering and operating without a proper license.
However, this incident has sparked some discussions about the need for enhanced security measures and regulations to prevent such breaches and protect investors’ assets.
See also: Bitfinex CTO Refutes Hacking Claims, Asserts No Ransom Was Sought