North Korean hackers tied to its infamous Lazarus Group have used coin mixing service Tornado Cash to launder $12 million worth of ether (ETH) over the past 24 hours.

Research from blockchain analytics firm Elliptic shows that more than 40 transactions have been sent by Lazarus Group to Tornado Cash on March 13 and March 14. Elliptic has also attributed a $100 million Heco Bridge and HTX hack last November to Lazarus Group.

Lazarus is responsible for hacks worth more than $3 billion over the past six years, according to a report by cybersecurity firm Recorded Future.

Tornado Cash was hit by U.S. sanctions in August 2022. This spurred Lazarus Group to use another mixer, Sinbad, to obfuscate their ill-gotten gains. However, Sinbad itself was seized by U.S. authorities in November, prompting Lazarus to make the shift back to Tornado Cash, Elliptic said in its blog post. One of Tornado Cash's founders, Roman Storm, was arrested last year and is awaiting trial on money laundering charges. Another, Roman Semenov, has been charged but has yet to be arrested.

Despite being sanctioned twice, Tornado Cash still runs via decentralized smart contracts that cannot be seized or taken offline.

"The change in behavior and return to the use of Tornado Cash likely reflects the limited number of large-scale mixers now operating, thanks to law enforcement takedowns of services such as Sinbad.io and Blender.io," Elliptic said.

Lazarus group Hack Elliptic Sanctions Tornado Cash

Oliver Knight

Oliver Knight joined CoinDesk as a news reporter in April 2022. Before joining CoinDesk, Knight was the Chief Reporter at Coin Rivet for three years. Having graduated with a journalism degree from Birmingham City University, Knight went on to work at various sports publications before diving into the world of Bitcoin in 2014. He does not have any crypto holdings.