cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

US sanctions Tornado Cash due to North Korea ties

The United States Treasury Department has announced sanctions against Tornado Cash due to links with the hacking collective Lazarus Group, amid reports the virtual currency mixer has been used to launder billions in stolen assets since 2019.

user iconReporter
Wed, 10 Aug 2022
US sanctions Tornado Cash due to North Korea ties
expand image

Virtual currency mixer Tornado Cash has been sanctioned by the US Department of Treasury due to claims the transaction obfuscation tool has assisted Lazarus Group, a hacking collective linked with the North Korean government.

In a statement, the US Treasury Department stated Tornado Cash has been used to launder more than $7 billion worth of virtual currency since it was started in 2019.

The sanctions prohibit Americans from using Tornado Cash and has frozen its US assets.

The US and South Korea have accused North Korea of using hackers to steal funds that can be used to finance its weapons program, an accusation that North Korea has repeatedly denied. However, a United Nations panel that monitors sanctions on North Korea has bolstered the US and South Korea claims, following suit with accusing Pyongyang of using stolen funds to support its nuclear and ballistic missile programs to circumvent sanctions.

The Lazarus Group is a North Korean state-sponsored hacking collective, which has been responsible for several significant data breaches including one against Sony Pictures in 2014. The US has sanctioned the hacking group after numerous financially and politically motivated cyber attack campaigns over the years.

According to a Chainalysis report, North Korea has successfully stolen nearly $400 million in digital assets in 2021, following the launch of at least seven attacks on cryptocurrency platforms.

Hacking has been a persistent issue for crypto platforms and experts have noted that Tornado Cash has played a role in such crimes.

Speaking with Reuters, Tom Robinson, co-founder of Elliptic, a cryptocurrency analytics firm, explained that Tornado is a popular and important tool for cyber criminals and state-backed hacking groups.

"In total, Elliptic's analysis shows that at least $1.3 billion in proceeds of crime such as ransomware, hacks and fraud have been laundered through Tornado Cash," Robinson said.

The US Internal Revenue Service (IRS) seized $3.5 billion worth of cryptocurrencies tied to financial crimes during the 2021 fiscal year, and cryptocurrencies have been consistently criticised for their potential criminal use.

"Data, cryptocurrency and digital assets such as non-fungible tokens, also known as NFTs, have been the subject of 'mountains and mountains of fraud'," according to the IRS.

While most virtual currency is used for legitimate purposes, the Treasury noted that it can be a tool for "those hoping to avoid scrutiny and circumvent laws".

"While most virtual currency activity is licit, it can be used for illicit activity, including sanctions evasion through mixers, peer-to-peer exchangers, darknet markets, and exchanges," the Treasury concluded.

Tornado Cash isn't the first mixer to be sanctioned in US. The Treasury targeted Blender in May, imposing sanctions on the software tool that pools and scrambles cryptocurrencies from thousands of addresses.

[Related: Deepfake attacks and cyber extortion, new tools in cyber crime playbook]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.