An allegedly North Korean Ethereum wallet tied to March’s $600 million crypto hack continued to launder its stolen ETH Friday in defiance of U.S. sanctions.
The blacklisted address that U.S. authorities say is controlled by North Korea’s elite “Lazarus” hacker group sent 2,915 ETH (around $8.8 million) to the cleaners this morning New York time, a day after federal officials listed it on its sanctions database.
Making a brief pit stop at a fresh, unsanctioned wallet, its crypto quickly flew through the popular coin mixer Tornado Cash, where the trail went cold.
It was a continuation of what one tracing expert told CoinDesk is a brute-force laundering strategy tailored for speed – even at the expense of some of the treasure. One month after draining the Ronin Bridge of over $600 million in crypto, the hackers are pushing their trove through Tornado Cash, about $10 million at a time.
Tracing company Elliptic on Thursday estimated the Ronin hackers have laundered $80 million through Tornado Cash. Friday morning’s transactions likely add at least another $8 million to this sum. It’s unclear how much Lazarus can successfully launder for its own purposes.
Ethereum’s transparent transaction ledger reveals the gambit.
For the last 10 days, the “Ronin Bridge Exploit” address has sent multimillion-dollar batches of ETH to intermediary wallets for processing through Tornado Cash. It moves fast, depositing 100 ETH tranches into Tornado Cash in a matter of hours and abandoning the relatively small sums that remain.