Regardless of being blacklisted by OFAC, the Twister Money mixer continues to function, serving to North Korea-linked hackers in laundering thousands and thousands of stolen crypto.
The DPRK-affiliated hacking group Lazarus Group efficiently laundered lots of of thousands and thousands of {dollars} price of Ethereum (ETH) stolen from HTX (previously Huobi) and Heco Bridge in November 2023.
Taylor Monahan, the founder and CEO of MyEtherWallet, revealed in an X post on Mar. 28 that the hackers had efficiently laundered over 48,194 ETH (presently valued at ~$170 million) by Twister Money, a mixing service sanctioned by the Workplace of International Property Management (OFAC), in an effort obscure the transaction path.
Monahan additionally hooked up graphs illustrating the techniques employed by the hackers, who dispersed their stolen crypto in lots of of transactions throughout a number of wallets, including they “hopped every withdrawal round a number of occasions.”
As soon as the hackers blended their funds on the Ethereum community, they transferred them to the Bitcoin blockchain utilizing THORSwap, a service enabling cross-chain asset transfers between totally different networks. It stays unclear whether or not the hackers have cashed out, as they usually promote stolen crypto on over-the-counter (OTC) markets for fiat forex.
In November 2023, HTX and the Heco Chain’s Ethereum bridge fell victim to a hacker attack, ensuing within the lack of tens of thousands and thousands of {dollars} price of cryptocurrency. On the time, Justin Solar, an investor on the alternate, assured prospects that they’d be totally reimbursed. Nonetheless, it stays unclear thus far how precisely the hackers gained management over the alternate’s scorching pockets.
OFAC imposed sanctions in opposition to Twister Money again in 2022, claiming the service was used to launder greater than $7 billion price of crypto since 2019. This included over $455 million stolen by Lazarus Group, greater than $96 million of malicious cyber actors’ funds derived from the Concord Bridge heist, and no less than $7.8 million from the Nomad heist.