The United States’ (US) Department of the Treasury announced sanctions against a virtual currency mixer called Tornado Cash, accusing it of helping North Korean hackers steal billions of dollars worth of virtual currency since its establishment in 2019.
In a press release on Monday, the Treasury said that its Office of Foreign Assets Control (OFAC) had levied sanctions on the cryptocurrency service, which it claimed was misused to launder over $7 billion worth of virtual currency, including over $455 million stolen by North Korea’s Lazarus Group, representing the “largest known virtual currency heist” in history.
The Lazarus Group is a North Korean state-sponsored hacking group that the US sanctioned in 2019. In total, the FBI estimates that the Group has stolen upwards of $620 million in cryptocurrency.
Under Secretary of the Treasury for Terrorism and Financial Intelligence Brian E. Nelson noted that Tornado Cash, which combines digital assets to obscure their ownership, had “repeatedly failed to impose effective controls designed to stop it from laundering funds for malicious cyber actors.”
Today, Treasury sanctioned virtual currency mixer Tornado Cash, which has been used to launder more than $7 billion worth of virtual currency since its creation in 2019. Virtual currency mixers that assist criminals are a threat to U.S. national security. https://t.co/x8sCXsNzUv
— Treasury Department (@USTreasury) August 8, 2022
Biden administration officials suspect that Pyongyang has been using the stolen virtual currency to fund a large proportion of its nuclear weapons research and development programme.
“I’m very concerned about North Korea’s cyber capabilities. They use cyber to gain, we estimate, up to a third of [stolen crypto] funds to fund their missile program,” Anne Neuberger, Washington’s deputy national security adviser for cyber and emerging technology, said at a recent event hosted by the Centre for a New American Security. “That’s a major issue, whether it’s attacks against cryptocurrency exchanges or use of information technology workers in various countries,” she added.
This was further corroborated by a United Nations report earlier this year, which found that between 2020 and mid-2021, North Korean-backed hackers had stolen more than $50 million in digital assets from at least three cryptocurrency services in North America, Europe, and Asia to help fund the country’s its weapons of mass destruction programme. Likewise, security company Chainalysis estimates that North Korea secured at least $400 million in digital assets through cyberattacks last year.
In fact, it has been escalating its cyberattacks over the past few years. Reuters reported in 2019 that a confidential UN report had found that the Kim Jong-un regime had successfully generated almost $2 billion using “widespread and increasingly sophisticated” cyberattacks to launder money from banks and cryptocurrency exchanges. The money was then laundered in cyberspace.
The secretive regime has used its cyber capabilities to carry out “political and economic espionage, coerce and intimidate individuals it perceives as a threat to its government” and for the “survival and continuation of the Kim family rule,” Jenny Jun, a political science Ph.D. student at Columbia University told The Hill.
Jun added that North Korea “maintained an extensive illicit network to generate foreign cash [...] even before the [emergence] of cybercrime… to placate a small circle of elites, engage in repression and also pursue expensive weapons programs such as missile and nuclear programs.”
North Korea has previously dismissed allegations of cybercrime. In July, Neuberger had accused North Korea of acting as a criminal syndicate “in the guise of a country.” Pyongyang’s Foreign Ministry responded that the comment revealed the true “hostile” nature of Washington’s foreign policy towards Pyongyang. It further retaliated by calling the US “the world’s one and only group of criminals.”