The virtual currency mixer was shut down by the U.S. Treasury for laundering more than $7 billion for hackers, including $455 million for the North Korean missile programme.

For laundering more than $7 billion in cryptocurrency obtained through cybercrime, the U.S. government has imposed sanctions on virtual currency mixer Tornado Cash.

According to officials, at least $455 million of that was transferred to the state-sponsored Lazarus Group to aid in funding North Korea’s missile programme.  

The action, which essentially freezes all of Tornado Cash’s assets and operations and forbids anyone from doing business with the service, was announced on Monday by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), which cited numerous instances in which the service laundered cryptocurrency for hackers. Any transaction involving the service or anyone connected to it is currently blocked within the United States, and the service’s website has already been taken offline.

Tornado Cash also laundered more than $96 million of cybercriminal funds derived from the June 24 theft of cryptocurrency from the Horizon blockchain bridge from Harmony, and at least $7.8 million from an August 2 attack that stole $190 million from the Nomad crypto firm, according to U.S. officials. In addition to the sizable amount that prolific North Korean-based Lazarus has moved through the service.

According to a tweet from Politico cybersecurity reporter Eric Geller, the White House’s response to North Korea’s use of cyberwarfare against cryptocurrency exchanges to fund its missile programme includes the decision to blacklist Tornado Cash for Lazarus actions on the exchange.  

In fact, Lazarus is well-known in the cybersecurity community as a financially motivated advanced persistent threat (APT) with the goal of stealing money and engaging in cyberespionage for the Kim Jong-un regime. The organization and all of its affiliates were already sanctioned by the OFAC in 2019 for their numerous cybercriminal activities supporting North Korea’s nuclear programmes.

Warning Unheeded

According to the Department of Treasury, Tornado Cash was sanctioned after its operators received warnings about the unlawful activities taking place on the exchange, which the officials have been watching.

In fact, the government has been closely monitoring so-called crypto mixers generally and will do so in the future, Brian Nelson, the Treasury Department’s Under Secretary for Terrorism and Financial Intelligence said. Cybercriminals frequently utilize these platforms, which let anonymous users transfer different types of cryptocurrency, to transfer proceeds from ransomware attacks and other illegal activities.  

Nelson stated in a news release that “despite public pledges to the contrary, Tornado Cash has repeatedly failed to apply sufficient controls aimed to stop it from regularly laundering cash for harmful cyber actors and without basic procedures to address its dangers.”

The Treasury Department claims that Tornado Cash, which runs on the Ethereum blockchain, promotes anonymous transactions by concealing their origin, destination, and other parties involved and has no interest in knowing where the money is coming from.  

Before sending various transactions to their specific recipients, the service gets a range of transactions and combines them. While Tornado Cash claims to protect users’ privacy by maintaining their anonymity, this also and rather conveniently makes it easier for cybercriminals—particularly those pulling off large-scale money heists—to conceal their activity.

Lazarus is regarded as one of the most pervasive threats in the globe by both government officials and security specialists, and it has been active at least since 2009. The gang has a variety of sophisticated malware, ransomware, and other tools in its toolbox, and constantly switches up methods and targets to keep law enforcement on the edge of its seat.