Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Tornado Cash. Show all posts
WazirX
Crypto Hacks Cyber Attacks CyberCrime Cyberhacekrs Cybersecurity Tornado Cash WazirX

WazirX Hacker Starts Moving Stolen Ether Anonymously Using Tornado Cash

 


As a result of an attack by an unknown entity, some of the $234 million allegedly stolen from the WazirX exchange in one of India's worst crypto hacks has already been laundered. This action occurred on the same day the platform released its recapture plan. It was discovered that the perpetrator on Monday moved 2,500 Ether tokens worth about $6.3 million to Tornado Cash - a service that even blurs the origin of crypto assets - after attending the briefing session led by WazirX cofounder Nischal Shetty, who is based in Dubai.

In August, WazirX was hacked by an unknown group of hackers, who have remained unidentified since the heist took place in July and are reportedly moving the funds that have been stolen around. A recent piece of data collected by Arkham Research suggests that the hacker is using a controversial platform called Tornado Cash to commit his crimes. 

A hacker who stole more than $230 million (roughly Rs. 1,900 crore) appears to have moved some $54.5 crore of Ether tokens worth of the stolen cryptocurrency $230 million into Tornado Cash, a cryptocurrency platform that is now sanctioned by the United States government. Using Tornado Cash, users can deposit their crypto tokens into a pool that contains various crypto tokens and then have their funds transferred to the destination wallet in the form of other cryptocurrencies after depositing their funds. 

Over the past few years, Tornado Cash has become one of the most popular tools used by cybercriminals who want to let no evidence of their illicit activities trail them when transferring funds they have gained through illicit means. As the data by Arkham shows, the hacker was able to facilitate 26 transactions through the use of his credentials to transfer the aforementioned amount to a Tornado Cash address. 

Furthermore, Etherscan data showed that the hacker moved the funds through various Bitcoin transactions, each carried out with 100 Ethereum units. It has been reported that social media users have been able to capture pictures of these details. Data tracked by Arkham shows that the attacker moved nearly $4 million worth of ether [ETH] in 16 transactions through a Tornado Cash router, some of which were obtained through the Ethereum network. 

This address is currently holding over $155 million worth of various tokens, with a majority of the funds being ether, which at $150 million has accumulated over the past few months. On the other hand, WazirX recently revealed that, almost one week before the withdrawal window was supposed to open, users had begun to be able to withdraw up to 66% of their Indian rupee token balances from the exchange.  

As a result of the theft of funds, over 45% of the total reserves cited by the exchange in a June 2024 report have gone missing - and the exchange has since filed for a restructuring process to move forward on clearing its liabilities to recover the money. In a statement on Monday, WazirX's legal advisers stated that it is unlikely that the company will be able to make good on its obligations in crypto terms going forward, with the best-case scenario being a refund of anywhere between 55% and 57%. 

This attack is believed to have been conducted by Lazarus, a North Korean hacking unit, as previously reported by Reuters. It has been estimated that the group laundered over $1 billion in stolen funds through this service before OFAC sanctions were imposed in 2022, according to estimates put forward by the group. Nischal Shetty, father of WazirX and co-founder of the company, confirmed that the hacker hasn't been identified yet. 

The Lazarus Group, a notorious hacking group that has been associated with North Korea for quite a while, has previously been alleged to have been involved in this hack. Last week, WazirX initiated its first steps toward financial restructuring in the aftermath of the recent hacking incident. As part of this effort, the cryptocurrency exchange has filed for a moratorium in a Singapore court. 

This legal action grants WazirX a reprieve, allowing it additional time to thoroughly assess its financial liabilities and reorganize its capital structure. The entire restructuring process is expected to take up to six months before it is fully completed. In the interim, WazirX has reopened withdrawals for Indian Rupees (INR) on its platform. 

The exchange is actively encouraging its users to withdraw 66 percent of their unfrozen INR balances, which have been made available for withdrawal at this stage. This measure is aimed at ensuring greater user security and providing liquidity during the ongoing restructuring phase.
Read more »
Tornado Cash
Axie Infinity cryptocurrency theft Cyber Crime decentralized mixers Horizon Bridge law enforcement actions Lazarus Group North Korean Hackers Sinbad.io Tornado Cash

Lazarus Group Hackers Resurface Utilizing Tornado Cash for Money Laundering

 

The Lazarus hacking group from North Korea is reported to have reverted to an old tactic to launder $23 million obtained during an attack in November. According to investigators at Elliptic, a blockchain research company, the funds, which were part of the $112.5 million stolen from the HTX cryptocurrency exchange, have been laundered through the Tornado Cash mixing service.

Elliptic highlighted the significance of this move, noting that Lazarus had previously switched to Sinbad.io after U.S. authorities sanctioned Tornado Cash in August 2022. However, Sinbad.io was later sanctioned in November. Elliptic observed that Lazarus Group appears to have resumed using Tornado Cash to obscure the trail of their transactions, with over $23 million laundered through approximately 60 transactions.

The researchers explained that this shift in behavior likely stems from the limited availability of large-scale mixers following law enforcement actions against services like Sinbad.io and Blender.io. Despite being sanctioned, Tornado Cash continues to operate due to its decentralized nature, making it immune to seizure and shutdown like centralized mixers.

Elliptic has been monitoring the movement of the stolen $112.5 million since HTX attributed the incident to Lazarus. The funds remained dormant until March 13 when they were observed passing through Tornado Cash, corroborated by other blockchain security firms.

North Korean hackers utilize services such as Tornado Cash and Sinbad.io to conceal the origins of their ill-gotten gains and convert them into usable currency, aiding the regime in circumventing international sanctions related to its weapons programs, as per U.S. government claims.

According to the U.S. Treasury Department, North Korean hackers have utilized Sinbad and its precursor Blender.io to launder a portion of the $100 million stolen from Atomic Wallet customers in June, as well as substantial amounts from high-profile crypto thefts like those from Axie Infinity and Horizon Bridge.

Researchers estimate that North Korean groups pilfered around $1.7 billion worth of cryptocurrency in 2022 and approximately $1 billion in 2023. The Lazarus Group, operational for over a decade, has reportedly stolen over $2 billion worth of cryptocurrency to finance North Korea's governmental activities, including its weapons programs, as stated by U.S. officials. The group itself faced U.S. sanctions in 2019.
Read more »
Tornado Cash
Cyber Attacks CyberCrime Cyberhackers Cybersecurity Money Laundering Tornado Cash

North Korean Hackers' $12M Ethereum Laundering Via Tornado Cash Unveiled

 


It has been reported that North Korean hackers associated with the Lazarus Group have exploited Tornado Cash in a recent development to launder approximately $12 million worth of stolen Ethereum (ETH) in the last 24 hours, using the coin mix-up service Tornado Cash. 

According to blockchain analytics firm Elliptic and experts from other organizations, the Lazarus Group was responsible for the theft of $100 million in cryptocurrency from HTX and its HECO Bridge in November of 2023, according to blockchain analytics firm Elliptic. HTX, a cryptocurrency exchange, and its cross-chain bridge, HTX Eco Chain, or HECO, have been flagged by the analytics firm Elliptic as being engaged in on-chain activity since March 13 indicating that Lazarus Group hackers have transferred cryptocurrency worth $12 million to Tornado's wallets. 

A decentralized and non-custodial privacy tool, Tornado Cash was stolen in November from the cryptocurrency exchange HTX and its cross-chain bridge, HTX Eco Chain. Tornado Cash is a blockchain-based decentralized, non-custodial cryptocurrency. It is a smart contract-based system that allows users to deposit ETH and ERC-20 tokens at one address and then withdraw them at another address with the help of smart contracts. 

This service and others that blend tokens from different sources to disguise funds are known as Tornado Cash and other mixers. The US Treasury blacklisted the service in August 2022 after it had been used to launder more than $7 billion in cryptocurrency since it was established in 2019. 

The department has alleged that the mixer has been used to launder more than $7 billion over the past two years. Nevertheless, Sinbad.io itself was seized in November 2023 by US authorities, which eliminated another avenue by which hackers could commingle. Consequently, the group appears to have returned to Tornado Cash to launder funds at scale and obscure the transaction trail while using Tornado Cash's decentralized architecture and resistance to raids. 

Finally, Elliptic suggests that it is possible to explain the resurgence of Tornado Cash reliance by the Lazarus Group due to law enforcement activities targeting services such as Sinbad.io and Blender.io, which has reduced the availability of large-scale mixers. The group has opted to take advantage of Tornado Cash's continued operation despite sanctions to take advantage of smart contracts' security and decentralized nature on blockchain networks, as they have few viable alternatives. 

As part of this effort, the authorities are also targeting the developers of such mixers as well. In a recent U.S. investigation, Tornado Cash's developers, Roman Storm and Alexey Pertsev, were charged with numerous offences, including conspiracy to commit money laundering, conspiracy to violate sanctions, and conspiracy to operate an unlicensed money-transmitting business. 

A similar development occurred on March 12 with the conviction of Bitcoin Fog's founder of money laundering. There have been several Lazarus Group operations going on for more than ten years now. As far as U.S. officials are concerned, they have stolen over $2 billion worth of cryptocurrency that was used to help fund North Korean programs for the development of weapons of mass destruction as well as ballistic missiles. In 2019, the United States government sanctioned the group by issuing sanctions against them.
Read more »
ZachXBT
Binance cryptocurrency Cyber Crime Hacking Harmony Bridge Hack Huobi Lazarus Group North Korea Hackers Nuclear Programme Tornado Cash ZachXBT

Lazarus Moves More than $60 Million from Harmony Bridge Hack


North Korean state-owned threat actors Lazarus Group has stolen around 41,000 ETH or more than $60 million of Ethereum to the crypto exchanges Binance, Huobi and OKX. While Binance and Huobi both froze the funds, Binance declared that an asset of 124 BTC was also recovered in the process. 

According to internet sleuth ZachXBT, the funds were stolen from the Harmony blockchain bridge hack from last year, which led to a whopping $100 million crypto compromise. Apparently, the same hacker group utilized Tornado Cash, a now banned crypto mixer that conceals names of people involved in the transaction, in order to carry out the attack. 

As per the analysis, conducted by token movements, the ETH was routed through the anonymity system Railgun before being collected in wallets and sent to three significant crypto exchanges, possibly to be exchanged for fiat currency. 

“A very busy weekend” for Lazarus Group 

ZachXBT shared details of this week’s token movements on Twitter, claiming Lazarus Group has had “a very busy weekend” moving funds. 

In the follow-tweets, ZachXBT also linked to the website Chainabuse.com where he shared a list of approximately 350,000 unique wallet addresses that were involved in the Friday’s operation. 

Binance’s Say on the Issue 

On Monday, Binanace CEO Changpeng Zhao, better known as CZ too, commented on the situation. CZ claims that the hackers used Huobi, a competing exchange, rather than Binance this time as one of their exchanges. The hacker's accounts were subsequently frozen with Binance's assistance, he says. 

CZ also disclosed that 124 BTC ($2.6m) had been seized from the hackers, indicating at least some of their ETH has been converted to BTC. 

“We detected Harmony One hacker fund movement. They previously tried to launder through Binance and we froze his accounts. This time he used Huobi. We assisted Huobi team to freeze his accounts. Together, 124 BTC have been recovered,” he wrote. 

Although, Huobi did not comment on the matter other than retweeting an article claiming that the exchange had frozen accounts containing money connected to the hack. 

According to a report from South Korea's National Intelligence Service from December of last year, North Korean hackers have stolen more than $1 billion in digital assets since 2017. 

Moreover, the report claims that around $626 million, or more than half of that estimated tally, was taken in 2022. It also stated that it is suspected that the North Korean government uses the money obtained from the theft to advance Pyongyang’s nuclear weapons program.  

Read more »
US Secretary
Crypto Ban Lawsuit Technology Tornado Cash US Secretary

US Secretary of the Treasury Janet Yellen Sued Over Tornado Cash Sanctions

 

The US Treasury Department is facing a second lawsuit after its decision in August to sanction Tornado Cash, a crypto-mixing service that conceals the sources of coin transactions. 

The lawsuit filed Wednesday in the U.S. District Court for the Northern District of Florida asserts the Treasury’s sanctions misused its power and targeted US cryptocurrency investors. 

A crypto advocacy group, Coin Center, and a host of the popular industry podcast Bankless, who relied on Tornado Cash for regular privacy issues, named the 78th United States secretary of the treasury, Janet Yellen, as one of the defendants in their lawsuit. 

“The Administration’s use of the foreign-affairs power to punish domestic cryptocurrency users was unprecedented and unlawful,” the lawsuit reads, referring to the sanctions imposed by the Office of Foreign Asset Control (OFAC). 

Earlier this year in August, the Treasury’s Office of Foreign Assets Control accused Tornado of laundering more than $7 billion of cryptocurrencies since its establishment in 2019, including some virtual currencies siphoned by a North Korea-sponsored hacking group. 

Moreover, the governing agency imposed a ban on crypto wallets linked with Tornado Cash, in addition to a related piece of code known as smart contracts, a type of computer program that automatically executes transactions. 

Tornado Cash is a coin mixing service on the Ethereum (ETH) network created to enhance the privacy of customers. The service was banned by OFAC in August, with the government agency claiming North Korean hackers had laundered hundreds of millions of dollars using the service. 

Last month, the US Treasury Department clarified that the sanctions do not restrict users in the US from viewing and distributing the open-source Tornado Cash code. 

The lawsuit claimed that there are valid reasons for customers to utilize privacy-enhancing technologies such as Tornado Cash. As a result of OFAC’s sanctions against the privacy mixer these individuals now essentially disclose their complete transaction history to anybody who is looking at the network data.

“An order effectively requiring Defendants to decriminalize the use of the 20 Tornado Cash addresses would allow Plaintiffs to conduct their legitimate activities with some measure of anonymity, use their preferred software tool without fear of penalties, and engage in important expressive associations,” the suit added.
Read more »
Subscribe to: Posts (Atom)