1. Home
  2. Mixer

Mixer

Atomic Wallet hackers turn to OFAC-sanctioned Garantex: Elliptic

Stolen loot crypto from Atomic wallets has started passing through sanctioned Russian-based exchange Garantex, according to Elliptic.

Illicit funds gained from the $35 million Atomic Wallet hack are on the move again, with sanctioned Russian-based crypto exchange Garantex reportedly becoming the latest to come in contact with the hacked crypto. 

On June 13, blockchain security and compliance firm Elliptic updated the situation regarding the stolen Atomic Wallet funds. It alleges that the North Korean hacking collective, the Lazarus Group — which is believes is behind the attack — has used sanctioned Russian-based crypto exchange Garantex to launder the loot.

In a Twitter post, the firm said there had been a significant and successful cross-community effort between Elliptic and many exchange partners to freeze the stolen crypto. However, Lazarus has now found other means to trade their assets for Bitcoin (BTC).

The U.S. Office of Foreign Assets Control (OFAC) sanctioned Garantex and the Russian Hydra dark web marketplace in April 2022.

Garantex was founded in late 2019 and originally registered in Estonia before moving the majority of its operations to Moscow, the Treasury Department noted at the time.

“Analysis of known Garantex transactions shows that over $100 million in transactions are associated with illicit actors and darknet markets,” it added.

Earlier this month, Cointelegraph reported that the ill-gotten gains were being channeled through the Sinbad.io mixer, a service frequently used by the Lazarus Group.

Elliptic added that the funds withdrawn from Garantex by the hackers continue to be obfuscated through the Sinbad.io mixer.

The Treasury Department also sanctioned Blender.io (the former iteration of Sinbad.io) in May 2022, warning that the service was being used by North Korea to “support its malicious cyber activities and money-laundering of stolen virtual currency.”

Related: OFAC sanctions OTC traders who converted crypto for North Korea’s Lazarus group

On June 3, a number of Atomic Wallet user accounts were compromised, resulting in losses of up to $35 million in digital assets.

Five days later, Atomic stated that it had engaged blockchain security and analyst company Chainalysis as the leading incident investigator. Cointelegraph reached out to Chainalysis for an update on the investigation but a spokesperson said they couldn’t comment on the Atomic Wallet case.

The notorious North Korean hacking collective has been linked to several major crypto exploits in the past year, including the Harmony Bridge hack and the Ronin Bridge hack.

Magazine: Huawei NFTs, Toyota’s hackathon, North Korea vs. Blockchain: Asia Express

Top Analyst Says Blue Chip Ethereum Rival Eyeing Fresh 2024 Highs, Updates Outlook on Bitcoin and Dogecoin

Coinbase supports new court action to remove Tornado Cash ban

The motion is part of a broader effort to restore internet privacy rights for U.S. citizens.

The United States Treasury faces a renewed legal challenge that aims to overturn the decision to sanction the crypto mixer Tornado Cash from six individuals backed by cryptocurrency exchange Coinbase.

A motion for a partial summary judgment was filed on April 5 in a Texas District Court, the Coinbase-backed plaintiffs moved for the U.S. Office of Foreign Asset Control (OFAC) to settle for the first two counts from its original complaint filed in September 2022.

If granted, it would see the Judge rule on some of the factual issues while leaving others for the trial.

The counts claimed OFAC exceeded its statutory powers under the International Emergency Economic Powers Act (IEEPA) and violated the Free Speech clause under the U.S. Constitution’s First Amendment.

The plaintiffs firstly claimed OFAC breached a section of the IEEPA that allows the Treasury to take action against the property in which a foreign country or foreign national has an interest.

The motion argued that as the provision only allows the pursuit of property-related action against a foreign “national” or “person,” it doesn’t apply to open-source software.

To strengthen its claim, the plaintiffs argued the 20 or so smart contracts that provide the functionality to Tornado Cash should not be considered property under IEEPA because they cannot be owned:

“An immutable smart contract is incapable of being owned, it is not property and the Department lacks authority under IEEPA and the North Korea Act to prohibit transactions with those smart contracts.”

“No one has the right to alter them. No one has the right to delete them,” they added.

The second main argument put forth is that by banning the open-source code, OFAC is violating the Free Speech Clause of the First Amendment under the U.S. Constitution.

Related: Treasury officials would have done more for national security by leaving Tornado Cash alone

The plaintiffs noted OFAC has authority to take action against “crypto thieves” like North Korea’s Lazarus Group, but a “total prohibition is thus grossly disproportionate” as money laundering only accounted for 0.05% of crypto transactions in 2021.

“To ban all uses of Tornado Cash is akin to banning the printing press because a tiny fraction of users might publish instructions on how to build a nuclear weapon,” they added.

The motivation behind the motion is part of a broader effort to restore internet privacy rights for U.S. citizens, the plaintiffs explained. It is the most recent filing since the individuals first sued the U.S. Department of Treasury in September.

The six plaintiffs behind the filing are Joseph Van Loon, Tyler Almeida. Alexander Fisher, Preston Van Loon, Kevin Vitale and Nate Welch. The filing details most of the group had previously interacted with Tornado Cash.

The legal battle comes as Alexey Pertsev, the creator of Tornado Cash, faces his own in The Netherlands. He has been held since Aug. 18 on a series of money laundering charges.

Magazine: Unstablecoins: Depegging, bank runs and other risks loom

Top Analyst Says Blue Chip Ethereum Rival Eyeing Fresh 2024 Highs, Updates Outlook on Bitcoin and Dogecoin

Crypto mixer Blender has been rebranded to Sinbad, says Elliptic

Elliptic's analysis of wallets tied to a suspected Blender operator showed $22 million going to Sinbad as well as similar "characteristics of transactions" between the mixers.

Blender, the cryptocurrency mixer sanctioned by the United States Department of the Treasury’s Office of Foreign Assets Control in May 2022, was “highly likely” relaunched as Sinbad, according to risk management firm Elliptic.

In a Feb. 13 report, Elliptic said its analysis of Sinbad suggested that the crypto mixer was likely a rebrand of Blender as well as having “the same individual or group responsible for it.” According to the firm, Sinbad was behind laundering roughly $100 million in Bitcoin (BTC) for North Korea’s hacking group Lazarus.

Elliptic said following U.S. authorities cracking down on crypto mixers — as OFAC did with Tornado Cash in August and Blender in May — Lazarus hackers used Sinbad to launder some of the funds from the $100-million attack on Horizon Bridge in January. Blockchain analysis of wallets tied to a suspected Blender operator also showed $22 million in crypto going to Sinbad and other funds sent to individuals who promoted the mixer.

“The on-chain pattern of behavior is very similar for both mixers, including the specific characteristics of transactions, and the use of other services to obfuscate their transactions,” said Elliptic. “The way in which the Sinbad mixer operates is identical to Blender in several ways, including ten-digit mixer codes, guarantee letters signed by the service address, and a maximum seven-day transaction delay.”

Source: Elliptic

Elliptic speculated that the individuals behind Sinbad may have rebranded to “gain trust from users” following Blender shutting down, adding that OFAC could consider ordering sanctions on the crypto mixer. The U.S. Treasury Department is already facing lawsuits for its sanctions on Tornado Cash.

Related: Into the storm: The murky world of cryptocurrency mixers

Lazarus has allegedly been responsible for several major attacks in the crypto space, including a $620-million hack of Axie Infinity's Ronin Bridge in March 2022. South Korea’s government has also imposed its own sanctions against North Korean entities tied to the theft of cryptocurrency.

Top Analyst Says Blue Chip Ethereum Rival Eyeing Fresh 2024 Highs, Updates Outlook on Bitcoin and Dogecoin

Stablecoin Issuer Tether Won’t Freeze Tornado Cash Addresses, Says Premature Freezing Could Jeopardize Investigations

Stablecoin Issuer Tether Won’t Freeze Tornado Cash Addresses, Says Premature Freezing Could Jeopardize InvestigationsWhile the crypto community is still talking about the U.S. government banning the ethereum mixing platform Tornado Cash, the stablecoin issuer Tether Holdings Limited revealed on Wednesday that the company would not “freeze Tornado Cash addresses.” Tether’s recently published blog post about the subject says the company is waiting for instructions from law enforcement. Tether […]

Top Analyst Says Blue Chip Ethereum Rival Eyeing Fresh 2024 Highs, Updates Outlook on Bitcoin and Dogecoin

Tornado Cash DAO goes down without explanation following vote on treasury funds

Github, Circle, dYdX, Alchemy, and Infura... All platforms have taken action against Tornado Cash or individuals connected to the mixer following U.S. sanctions.

The Tornado Cash DAO went offline after many social media users reported the community discussing ways to challenge sanctions recently imposed by the United States Treasury Department’s Office of Foreign Asset Control.

At the time of publication, the Tornado Cash DAO was offline reportedly following a discussion in which community members voted unanimously to add its governance layer as a signatory to its treasury’s multisig wallet, which manages a reported $21.6 million. It’s unclear what was responsible for the decentralized autonomous organization (DAO) going dark, but it followed a series of actions taken by different authorities and private entities in the wake of U.S. sanctions announced against the controversial mixer on Monday.

In the last four days, Circle froze more than 75,000 USD Coin (USDC) worth of funds on addresses listed by Treasury officials, dYdX said it had blocked some users’ accounts with funds linked to Tornado Cash, and Alchemy and Infura.io blocked remote procedure call requests to the crypto mixer. On Friday, authorities responsible for policing financial crimes in the Netherlands also announced the arrest of a developer allegedly involved in money laundering through Tornado Cash.

Actions by centralized firms extended beyond those against transactions with the crypto mixer, and into communications platforms. On Monday, Tornado Cash co-founder Roman Semenov reported developer platform GitHub had suspended his account, and Discord users said the channel for the mixer also went dark on Friday. At the time of publication, Tornado Cash’s Telegram group was still active.

It’s unclear why seemingly neutral channels including Discord would be taken down in response to U.S. sanctions. However, according to a joint statement from the Federal Financial Institutions Examination Council and Office of Foreign Asset Control, prohibited transactions based on Tornado Cash inclusion to its Specially Designated National list could be interpreted to include "downloading a software patch from a sanctioned entity." Penalties for failure to comply with sanctions could include hefty fines and prison time.

Related: Controversial mixer Tornado Cash open-sources UI code

“For the first time ever, the U.S. government has criminalized interacting with software,” said Omid Malekan, an adjunct professor at Columbia Business school who also teaches about cryptocurrency and blockchain, in a statement to Cointelegraph. “This is a big departure from their traditional decrees of sanctioning people, companies and governments. There is evidence the project in question has indeed been used by criminals/hackers to obfuscate their funds, but there are also many legitimate uses.”

Before the sanctions were imposed, Ethereum co-founder Vitalik Buterin said that he used Tornado Cash to donate funds to Ukraine, aiming for the financial privacy of the recipients in the middle of a war-torn country. On Tuesday, an anonymous individual also used the crypto mixer to send Ether (ETH) to many celebrities in a seeming attempt to challenge the gravity of the sanctions.

Top Analyst Says Blue Chip Ethereum Rival Eyeing Fresh 2024 Highs, Updates Outlook on Bitcoin and Dogecoin

Circle freezes blacklisted Tornado Cash smart contract addresses

Stablecoin issuers can blacklist interactions with the Tornado Cash dApp on the Ethereum smart contract level.

According to crypto data aggregator Dune Analytics, on Monday, Circle, the issuer of the USD Coin stablecoin (USDC), froze over 75,000 USDC worth of funds linked to the 44 Tornado Cash addresses sanctioned by the U.S. Office of Foreign Assets Control's (OFAC) Specially Designated Nationals and Blocked Persons (SDN) list. Tornado Cash is a decentralized application, or dApp, used to obfuscate the trail of previous cryptocurrency transactions on the Ethereum blockchain. 

All U.S. persons and entities are prohibited from interacting with the virtual currency mixer's USDC and Ethereum smart contract addresses on the SDN list. Penalties for willful noncompliance can range from fines of $50,000 to $10,000,000 and 10 to 30 years imprisonment. An estimated $437 million worth of assets, consisting of stablecoins, Ethereum, and wrapped Bitcoin (wBTC), are currently held in Tornado Cash's smart contract addresses. As a result, issuers are expected to take steps to prevent the transaction or redemption of such assets. 

Both the entities behind USDC and Tether can freeze their stablecoin transfers to and from Tornado Cash on the Ethereum smart contract level. Meanwhile, Palo Alto, California, based BitGo, would also, theoretically, need to restrict access to Tornado Cash to comply with such sanctions. One possible method is suspending the redemption of Tornado-Cash linked wBTC.

As told by DeFi educator @BowTiedIguana, the new Tornado Cash sanctions goes across the board for U.S. individuals and entities. Simple interactions such as Gitcoin donations, working for the project, running or downloading its software, visiting its website, and depositing/withdrawing from smart contracts could be interpreted as violations. 

Top Analyst Says Blue Chip Ethereum Rival Eyeing Fresh 2024 Highs, Updates Outlook on Bitcoin and Dogecoin

What are Bitcoin mixers, and why do exchanges ban them?

Bitcoin transactions are easy to trace, except when the sender uses a mixer to muddle the link between their crypto address and real-life identity.

One of the original allures of cryptocurrency is the narrative that using them provides the sender or recipient anonymously, but this is a common misconception within the sector. 

In reality, Bitcoin (BTC) and many other cryptocurrencies are easily traceable.

Proof of this came earlier this week when on April 27, U.S. authorities arrested the mastermind of Bitcoin Fog, a darknet-based BTC mixing service. Authorities were able to capture the operator after analyzing ten years of blockchain data.

One doesn't need to be a forensic analyst to know that every single transaction is tied up to addresses on the blockchain and that they will stay there forever. While government agencies cannot determine the IP address or personal data from the address, these coins usually end up being used for products or service payments. This is the trail that leads back to the sender and recipient.

In the case of Bitcoin Fog, law enforcement was able to identify server hosting expenses paid using digital currency. Bitcoin mixing services such as Bitcoin Fog allow users to mix their coins with other users, making it almost impossible to detect the destination addresses. This obfuscates the ties between the inputs and output addresses, providing a better level of privacy.

Example of a mixing transaction. Source: TarushTech-Medium

Mixing services are offered in a wide range of methods, including fully centralized solutions where trust is required, to Coinjoin mixers, which depend on a large group of users to self cooperate and act simultaneously. There's even the possibility of trading on decentralized exchanges (DEX) to virtually eliminate any possible tracing.

Mixers do present a few risks

Centralized mixers offer the obvious single point of failure problem. Even if one trusts that the entity is using multisig addresses, if the service is willing to share its data or has been breached, their users will lose their privacy.

CoinJoin solved this problem by combining the inputs of multiple users into a single transaction. The service will then take those coins, craft them into a transaction, and have each participant sign before broadcasting it to the network. These transactions are then merged into one, and each user gets the original quantity in return. However, no one can see the origin of those coins, not even the entity that merges the transaction.

Even though CoinJoin isn't exactly untraceable, it provides plausible deniability, as no one can point out which entity owns each output. The larger the number of participants, the higher the degree of deniability.

Wasabi Wallet CoinJoin function screen capture. Source: WasabiWallet

Some cryptocurrency users also require anonymity for sending tokens to their wallets, and Wasabi Wallet has long been used for its embedded CoinJoin functionalities.

While its infrastructure is technically centralized, its design assures that the operators cannot deanonymize users or steal any funds. At the moment, the Wasabi wallet is only available for desktop solutions, so as is the case with anything in cryptocurrency, beware of clones!

A similar service is provided by Samourai wallet, which also offers a Chaumian CoinJoin mixing service, called Whirlpool. To achieve a full-privacy solution, users have to connect the Samourai wallet to their own full Bitcoin node. However, it does offer desktop and mobile versions.

Even though these mixing services aren't illegal in most jurisdictions, some exchanges and services might refuse users linked to addresses associated with coin mixing activities.

As more people realize the importance of achieving a certain degree of privacy for self-protection, the fewer incentives companies will have to deny their clients to use mixers.

The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph.com. Every investment and trading move involves risk, you should conduct your own research when making a decision.

Top Analyst Says Blue Chip Ethereum Rival Eyeing Fresh 2024 Highs, Updates Outlook on Bitcoin and Dogecoin