The cryptocurrency exchange Binance recovers disguised crypto loot, recovering approximately $5.8 million worth of the looted funds that had made their way onto its network in disguised form. This announcement came more than a week after the United States linked one of the largest heists in the cryptocurrency industry to a North Korean hacking outfit. The specifics of how it accomplished this serve as a warning to anybody who attempts to cash out illicit earnings made in cryptocurrency: the process may only get more difficult.
On April 14, the United States Department of the Treasury made the connection between the theft of almost $600 million worth of crypto from the Ronin software bridge, which is used by players of Axie Infinity to move cryptocurrency, and the North Korean hacking outfit known as Lazarus. Following the discovery of an Ethereum wallet address that was connected to the organization, the department added that address to its sanction list.
Working with additional organizations, Binance was able to track the stolen cash from the hackers’ wallet to Tornado Cash, a service that enables anonymous cryptocurrency transfers on the Ethereum blockchain, and then to its exchange. While the amount recovered represents a small percentage of the $600 million in cryptocurrency that was taken, this achievement raises expectations that more of the looted funds can be recovered, despite the fact that hackers continue to transfer them.
Binance Recovers Disguised Crypto Loot & Warns Hackers
According to the blockchain data, the culprits have moved over $170 million worth of stolen cryptocurrencies out of the principal address that they use on the Ethereum blockchain within the past week or so. This amount is equivalent to approximately 56,200 Ether. All of the stolen funds were moved to newly generated addresses, and then some of those addresses transferred the tokens to Tornado Cash. The blockchain data company Peckshield estimates that a total of more than $230 million worth of cryptocurrency has been removed from the wallet.
Tornado Cash is built with the intention of severing the link between the transaction’s sender and receiver’s addresses, rendering the ostensibly public transactions recorded on the blockchain more difficult to monitor. When the exposure to their platform was discovered, the funds were promptly frozen, as the representative indicated, because they are coordinated with major blockchain analytics firms in the sector. The cryptocurrency was detected in 86 separate accounts on Binance’s exchange, the company’s CEO Changpeng “CZ” Zhao tweeted.
Moreover, Binance recovers disguised crypto loot with the help of Chainalysis tools. Chainalysis, a blockchain compliance firm with experience in “unmixing” Bitcoin transactions, deemed Binance’s ability to freeze the assets a “win” for victims of the Ronin breach. According to Ms. Erin Plante, senior director of investigations at Chainalysis, Binance’s action to freeze cash stolen by hackers with ties to North Korea, despite their use of advanced obfuscation techniques was made possible by world-class investigators with the appropriate tools and coordination.
The identification of the address by the agency on April 14 will make clear to other virtual currency actors that by interacting with the location, they risk exposure to US sanctions, according to a Treasury Department spokesman. The US agency added three more addresses to its sanctions list in relation to the Ronin attack on April 22. According to the spokesperson, the U.S. government continues to take disruptive action against organizations that facilitate the flow of stolen virtual currency, and they urge the crypto community to secure their digital doors.
Utilizing A Free Compliance Tool To Block Sanctioned Crypto Wallets
In response to the Treasury’s statement, Tornado Cash indicated it will block sanctioned wallets as well. It announced on its Twitter account on April 15 that it is employing a free compliance solution created by Chainalysis to block cryptocurrency wallets targeted by the US Office of Foreign Assets Control (OFAC). The Chainalysis-launched tool in March is a free smart contract or blockchain-based program that scans for crypto addresses authorized by multiple governments.
In addition, Chainalysis offers paid products that alert its customers to indirect exposure to sanctioned addresses and other addresses they have identified as being associated with sanctioned businesses that are not on OFAC’s sanctions list. A spokeswoman for Chainalysis stated that the company is unable to confirm Tornado Cash’s use of their software because the program is not included in Tornado Cash’s own smart contract or code. Tornado Cash claims that the compliance tool was solely used to prevent sanctioned addresses from using the user-facing decentralized application.
In principle, blacklisted addresses can still have access to Tornado Cash’s core technology by transferring the cryptocurrency to a different address. The founders of Tornado Cash did not respond to several requests for comment on the tool’s efficacy. According to the data included in the blockchain, on April 22, one of the addresses that had received 10,129.935 Ether from the hacker’s primary address sent approximately 1,528 Ether to a second new address. This second address sent 100 Ether at a time to the Tornado Cash address.
