The US Justice Department (DOJ) on 23 August 2023 unsealed an indictment against two founders of the now-sanctioned Tornado Cash cryptocurrency mixer service, charging them with laundering more than $1 billion in criminal proceeds. Both the individuals, Roman Storm and Roman Semenov, have been charged with conspiracy to commit money laundering, conspiracy to commit sanctions violations, and conspiracy to operate an unlicensed money-transmitting business.
Storm is said to have been arrested in the US state of Washington. Semenov remains at large in Dubai. They are alleged to have "made millions of dollars in profits" from promoting and operating the service. Tornado Cash is estimated to have processed upwards of $7 billion worth of crypto assets over a period of three years. In a related move, the US Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned Semenov and eight cryptocurrency addresses connected to him, days after a U.S. court ruled that Tornado Cash is a distinct entity that can be sanctioned.
"The eight addresses [...] have processed over $11.5 million in various crypto assets, including TORN, Tornado Cash's governance token," Elliptic said. "Funds from these addresses have moved to various services, including both centralized and decentralized exchanges."
"Roman Storm and Roman Semenov allegedly operated Tornado Cash and knowingly facilitated this money laundering," US Attorney Damian Williams said. "While publicly claiming to offer a technically sophisticated privacy service, Storm and Semenov in fact knew that they were helping hackers and fraudsters conceal the fruits of their crimes."
Tornado Cash is a decentralized mixer service that was created in 2019 to blend the cryptocurrencies of many users together to obfuscate the origins and owners of the funds. The aim is to make the transactions anonymous and difficult to trace, making it appealing for criminal actors looking to cash out their ill-gotten gains. The defendants have been identified as two of the three co-founders of Tornado Cash. The third co-founder, Alexey Pertsev, was apprehended last August in the Netherlands, where he currently awaits trial on money laundering allegations.
Tornado Cash is said to have failed to implement effective Know Your Customer (KYC) or anti-money laundering programs as required by law. It was not registered with the US Financial Crimes Enforcement Network (FinCEN) as a money transmitting entity.
The DoJ accused Tornado Cash for helping launder hundreds of millions of dollars for the Lazarus Group, a notorious North Korean threat actor, in April and May 2022, thereby facilitating sanctions-violating transactions.
See: https://redskyalliance.org/xindustry/lazarus-group-update
The development comes a year after the US Treasury Department imposed sanctions against Tornado Cash, accusing the platform of providing "material support" to the hacking crew and laundering more than $500 million stolen from hacks of Axie Infinity and Harmony Horizon Bridge last year. The Lazarus Group was sanctioned by OFAC on September 13, 2019.
In recent years, North Korea has become infamous for brazenly pulling off high-profile cryptocurrency heists, laundering the funds through mixing services like Tornado Cash and Sinbad, and funneling them back to the country to fund the regime's nuclear and missile development programs.
A blockchain analytics company, Chainalysis described 2022 as a successful year for crypto-related hacking, resulting in the theft of $3.8 billion from businesses, of which nearly $1.7 billion have been attributed to attacks mounted by the Lazarus Group.
The indictment also follows the sentencing of Anthony Francis Faulk (aka "shade"), in the US for his role in a conspiracy to defraud and extort more than a dozen cryptocurrency owners via SIM swapping attacks. He is expected to serve 36 months in prison and pay nearly $3 million in restitution.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.redskyalliance.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5993554863383553632
source: https://thehackernews.com/2023/08/tornado-cash-founders-charged-in.html
Comments