Coinspeaker
Crypto Hackers Deposit $1.9B on Tornado Cash despite OFAC Sanctions
Popular cryptocurrency mixer Tornado Cash continues to receive funds from cybercriminals despite sanctions from the United States Department of Treasury Office of Foreign Assets Control (OFAC) and ongoing legal challenges.
In the first half of 2024 alone, hackers have funneled more than $1.9 billion through the platform, which was developed by Roman Semenov, Alexey Pertsev, and Roman Storm as an open-source protocol for private transactions on Ethereum.
Hacks and Laundering
The mixer, which conceals transaction histories to obscure the origin of funds, has become a safe haven for hackers, money launderers, and other malicious actors. According to a report by Flipside Crypto, the $1.9 billion deposited this year is 50% higher than the total funds deposited throughout 2023.
Funds laundered through Tornado Cash originate from various hacks, scams, and frauds within the crypto market. For example, hackers who exploited Poloniex for approximately $125 million funneled a portion of their proceeds through the mixer.
The attackers who are believed to be the notorious North Korea hacking team, the Lazarus Group laundered $3.3 million of the funds on the crypto mixer in May. Since then, the criminals have continued to move their ill-gotten proceeds to the crypto mixer and had successfully laundered a total of $76 million, data from blockchain analytics firm Arkham Intelligence showed.
In another instance, attackers who targeted Kronos Research, a quantitative crypto trading company in November 2023 transferred part of the $25 million they stole to Tornado Cash in May 2024. Before then, Prisma Finance hackers laundered $2.6 million through the platform in March 2024. The total assets drained from the decentralized finance (DeFi) platform were $11.6 million with most of the funds in Ether.
Further Incidents
The first quarter of 2024 saw $185 million flow into Tornado Cash from two major hacking incidents in late 2023.
In March, the hackers behind the HECO Bridge exploit transferred approximately $137 million in stolen cryptocurrencies to Tornado Cash. Orbit Chain hackers also laundered $48 million through the platform that same month.
These incidents underscore why OFAC sanctioned Tornado Cash in August 2022 to curb crypto-fueled money laundering. Despite these measures, Tornado Cash continues to facilitate criminal activities, resulting in legal repercussions for its developers. In 2023, US authorities charged co-founders Roman Storm and Roman Semenov with money laundering and sanction violations, leading to their arrests in the US.
Both developers were accused of allegedly aiding the laundering of $1 billion for North Korea’s Lazarus Group. Before Storm’s arrest, his partner Alexey Pertsev, a 31-year-old Russian national, was already awaiting trial in the Netherlands for similar money laundering charges. Pertsev was arrested in Amsterdam in August 2022 and sentenced to 5 years and 4 months in prison in May 2024.
As for Semenov and Storm, both are still awaiting trial in a US federal court after pleading not guilty.
Crypto Hackers Deposit $1.9B on Tornado Cash despite OFAC Sanctions