{"id":22026,"date":"2025-03-13T13:35:51","date_gmt":"2025-03-13T11:35:51","guid":{"rendered":"https:\/\/forklog.com\/en\/lazarus-group-hackers-transfer-400-eth-to-tornado-cash\/"},"modified":"2025-03-13T13:35:51","modified_gmt":"2025-03-13T11:35:51","slug":"lazarus-group-hackers-transfer-400-eth-to-tornado-cash","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/lazarus-group-hackers-transfer-400-eth-to-tornado-cash\/","title":{"rendered":"Lazarus Group Hackers Transfer 400 ETH to Tornado Cash"},"content":{"rendered":"<p>Experts at CertiK have detected a transfer of 400 ETH (~$752,000) to the crypto mixer Tornado Cash. It is believed that the funds were moved by hackers from the Lazarus Group.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\"><a href=\"https:\/\/twitter.com\/hashtag\/CertiKInsight?src=hash&#038;ref_src=twsrc%5Etfw\">#CertiKInsight<\/a> ? <\/p>\n<p>We have detected deposit of 400 ETH in <a href=\"https:\/\/t.co\/0lwPdz0OWi\">https:\/\/t.co\/0lwPdz0OWi<\/a> on Ethereum from:<br \/>0xdB31a812261d599A3fAe74Ac44b1A2d4e5d00901<br \/>0xB23D61CeE73b455536EF8F8f8A5BadDf8D5af848.<\/p>\n<p>The fund traces to the Lazarus group&#8217;s activity on the Bitcoin network.<\/p>\n<p>Stay Vigilant! <a href=\"https:\/\/t.co\/IHwFwt5uQs\">pic.twitter.com\/IHwFwt5uQs<\/a><\/p>\n<p>\u2014 CertiK Alert (@CertiKAlert) <a href=\"https:\/\/twitter.com\/CertiKAlert\/status\/1900010122044412187?ref_src=twsrc%5Etfw\">March 13, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The initial address received funds through the THORChain protocol, which the North Korean-linked group <a href=\"https:\/\/forklog.com\/en\/news\/thorchain-swap-volume-surpasses-4-6-billion-following-bybit-hack\">actively used<\/a> in laundering schemes for <a href=\"https:\/\/forklog.com\/en\/news\/bybit-exchange-suffers-1-46-billion-loss-in-hack\">funds stolen from Bybit<\/a>.<\/p>\n<p>CertiK noted that they are &#8220;monitoring Lazarus&#8217;s activity on the Bitcoin network.&#8221;<\/p>\n<p>In early March, Bybit CEO Ben Zhou <a href=\"https:\/\/forklog.com\/en\/news\/bybit-ceo-20-of-stolen-assets-have-gone-dark\">reported<\/a> that 20% of the stolen assets, amounting to ~$1.46 million, had already &#8220;disappeared into the shadows.&#8221; Only 3% had been frozen at that time.<\/p>\n<p>North Korean hackers are also linked to the January hack of the Phemex exchange, which <a href=\"https:\/\/forklog.com\/en\/news\/phemex-exchange-hack-losses-exceed-70-million-north-korean-hackers-suspected\">resulted in losses exceeding $70 million<\/a>.<\/p>\n<p>In August 2022, the U.S. Treasury&#8217;s Office of Foreign Assets Control (OFAC) added Tornado Cash to its sanctions list. According to the agency, criminals laundered over $7 billion in cryptocurrency through the service, with more than $455 million linked to Lazarus&#8217;s activities.<\/p>\n<p>In January 2025, the U.S. Fifth Circuit Court of Appeals overturned the sanctions against Tornado Cash. Prior to this, the panel of judges <a href=\"https:\/\/forklog.com\/en\/news\/us-court-deems-sanctions-against-tornado-cash-unlawful\">ruled<\/a> that OFAC had overstepped its authority.<\/p>\n<p>In February, <a href=\"https:\/\/forklog.com\/en\/news\/tornado-cash-developer-alexey-pertsev-to-be-released-on-february-7\">co-founder of the service Alexey Pertsev was released<\/a>. Under electronic monitoring, the developer will continue to challenge the May 2024 <a href=\"https:\/\/forklog.com\/en\/news\/tornado-cash-developer-sentenced-to-64-months-for-money-laundering\">conviction in the Netherlands<\/a>\u201464 months in prison for laundering $1.2 billion.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Experts at CertiK have detected a transfer of 400 ETH (~$752,000) to the crypto mixer Tornado Cash. It is believed that the funds were moved by hackers from the Lazarus Group. #CertiKInsight ? We have detected deposit of 400 ETH in https:\/\/t.co\/0lwPdz0OWi on Ethereum from:0xdB31a812261d599A3fAe74Ac44b1A2d4e5d009010xB23D61CeE73b455536EF8F8f8A5BadDf8D5af848. The fund traces to the Lazarus group&#8217;s activity on the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":22025,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1125,1314],"class_list":["post-22026","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-lazarus","tag-tornado-cash"],"aioseo_notices":[],"amp_enabled":true,"views":"22","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/22026","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=22026"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/22026\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/22025"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=22026"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=22026"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=22026"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}