Founders of Crypto Mixer Tornado Cash Indicted for Laundering $1 Billion – Source: securityboulevard.com

The U.S. government is taking a big swing at two founders of the Tornado Cash cryptocurrency mixer that allegedly laundered more than $1 billion in criminal proceeds from cyberthreat actors that include the notorious Lazarus Group.

The Department of Justice (DOJ) this week charged a U.S. citizen and a Russian national with conspiracy to commit money laundering and violate sanctions for their operations with Tornado Cash, which investigators said laundered hundreds of millions of dollars for Lazarus, which is a North Korean-sponsored cybercrime group that was sanctioned four years ago by the Treasury Department.

Treasury last year sanctioned Tornado Cash.

The two men – Roman Storm, 34, of Washington and Roman Semenov, 49, of Russia – also were charged with conspiring to operate an unlicensed money transmitting business. Storm, who was arrested after the indictment from the Southern District of New York was issued, was to appear in court this week.

At the same time, the Treasury Department also sanctioned Semenov, which blocks him from any property of his in the United States and makes it illegal for U.S. businesses or individuals to deal with him.

The State Department also weighed in, calling the initiative a “whole-of-government effort.”

Hiding the Ill-Gotten Crypto

Crypto mixers – also known as crypto blenders or tumblers – are legitimate tools that can be used by criminals to launder cryptocurrencies taken through theft or ransom payments. The digital assets are thrown into a pool with other crypto that is mixed together, with users being able to withdraw the same amount that they deposited – a threat group’s Bitcoin can come out again as Ethereum or some other digital coin – with the crypto send to new addresses.

The goal is to throw investigators off the trail of the ill-gotten crypto, through government agencies and private companies are getting better as tracking the digital assets through services like Tornado Cash. Blockchain company Chainalysis last year found that 10% of crypto held by bad actors was sent through mixers.

In an unsealed indictment [PDF], the DOJ said that Storm and Semenev operated Tornado Cash from 2019 though at least August 2022, calling it “a ‘privacy’ service [they knew] was a haven for criminals to engage in large-scale money laundering and sanctions evasion” to allow them to conceal cryptocurrencies received through criminal efforts.

They had advertised that the service allowed users to run anonymous and untraceable financial transactions on the Ethereum blockchain and could executive transactions in Ethereum or other cryptocurrencies.

They were able to get $900,000 from an unnamed venture capital fund in 2020 to help fund the operation, according to the 37-page indictment.

They Knew About Lazarus

The two also knew that one of the cybercrime outfits using their service was Lazarus, a sanctioned “North Korean cybercrime organization” that deal its crypto through an Ethereum wallet that had been publicly linked to Lazarus and had been blocked by the United States.

In the indictment, prosecutors refer to CC-1, a co-conspirator and third co-founder of Tornado Cash. According to Treasury officials, that person – Alexey Pertsev, another Russian nation – was arrested last year in the Netherlands by Dutch law enforcement on money-laundering charges related to the crypto mixer.

The Lazarus Group is among a number of cybercrime groups that funnel stolen money and ransom payments back to the North Korean government, which U.S. officials say then uses the money to help fund its ballistic missile and nuclear weapons programs.

Lazarus last year used Tornado Cash to bring back a lot of money to the country. That includes more than $455 million stolen in March 2022 in the high-profile attack on the Ronin bridge network used by the video game Axie Infinity and its developer, Sky Mavis. Three months later it laundered more than $96 million in crypto from its attack on Horizon Bridge, a service used to transfer assets between the blockchain used by Horizon developer Harmony and other blockchains.

Soon after, the Lazarus Group turned to Tornado Cash to launder at least $7.8 million from its attack on U.S. crypto firm Nomad.

“Even after they knew the Lazarus Group was laundering hundreds of millions of dollars’ worth of stolen virtual currency through their mixing service for the benefit of the [North Korean] Kim regime, Tornado Cash’s founders continued to develop and promote the service and did not take meaningful steps to reduce its use for illicit purposes,” Wally Adeyemo, deputy secretary of the Treasury, said in a statement.

FBI Warning

The Lazarus Group is still at it. The day before releasing the Tornado Cash indictments, the FBI issued a warning to crypto companies that the group – also known as APT38 – may be trying to sell more than $40 million worth of stolen Bitcoin to deliver to North Korea.

The agency said it was tracking Lazarus’ digital assets and that during a 24-hour period had seen the bad actors move about 1,580 Bitcoin seized during “several cryptocurrency heists” and were holding them in six different Bitcoin addresses.

The money came attacks in June on Atomic Wallet (worth about $100 million), Alphapo ($60 million), and CoinsPaid ($37 million).