Dutch authorities arrest 29-year-old dev with suspected ties to Tornado Cash
The arrest comes days after US Treasury levies sanctions against the crypto mixing service
Dutch authorities have arrested a software developer suspected of working with Tornado Cash, a cryptocurrency mixing service that only two days earlier was sanctioned by the US government for allegedly laundering money for ransomware operators and other cybercriminals.
The 29-year-old man is accused of being part of the decentralized Ethereum mixing service's operations, including "concealing criminal financial flows and facilitating money laundering through the mixing of cryptocurrencies," officials with the Dutch Fiscal Information and Investigation Service (FIOD) wrote in a statement.
No other information about the subject was released.
In leveling the sanctions on August 8, the US Treasury Department said Tornado Cash was been used to launder hundreds of millions of dollars stolen by such threat groups as Lazarus Group, a high-profile North Korean-sponsored ransomware gang.
The US government has put a focus on crypto mixers – also known as "tumblers" – calling them a national security threat and saying they propagate ransomware attacks by giving the cybercriminals a place to hide and launder their stolen assets and another avenue for enhancing their anonymity.
The move against Tornado Cash came three months after similar sanctions were place on another crypto mixer, Blender.io. The sanctions put a freeze on the assets of both mixing services and prohibit US citizens and companies from doing business with either one without written permission from the US government.
Other countries, including the Netherlands, also are targeting such services.
"These advanced technologies, such as decentralised organisations that may facilitate money laundering are receiving extra attention from the FIOD," the Dutch agency said in its statement. "Also in the cryptocurrency domain, the FIOD stands for a safe financial Netherlands and investigates with effect and impact."
- Cryptocurrency laundromat Blender shredded by US Treasury in sanctions first
- US warns North Korean Lazarus gang rising against cryptocurrency outfits
- Black Hat and DEF CON visitors differ on physical risk management
- Palo Alto bug used for DDoS attacks and there's no fix yet
The agency added that "multiple arrests are not ruled out."
Crypto mixers take digital assets from multiple transactions and mix them together, essentially obfuscating their origins and destinations. After mixing those assets, the services then send them out to recipients. Tornado Cash, which is on the Ethereum blockchain, processes any anonymous transactions, according to the US Treasury, so cryptocurrency stolen by threat groups can be mixed with legitimate digital assets, making them difficult to track.
Ransomware and other extortion schemes were around before the rise of cryptocurrency, but crypto is among the drivers of the skyrocketing use of the malware. In a report [PDF] earlier this year, US Treasury wrote that ransomware groups often target larger enterprises in search of a bigger ransom payment and that services like Tornado Cash and Blender help in laundering all that money.
"To further obfuscate the laundering of ransomware proceeds, threat actors avoid using the same wallet addresses and use chain hopping, mixing services, and decentralized exchanges," the report's authors wrote.
Tornado Cash allegedly laundered more than $455 million stolen by Lazarus, including more than $96 million in digital assets taken in June from blockchain startup Harmony's Horizon Bridge service.
It also allegedly was used to launder money in high-profile attacks this year against such organizations as Beanstalk Farms, a decentralized finance platform, decentralized autonomous organization Inverse Finance, and Nomad, another cryptocurrency bridge.
FOID officials said the agency's Financial Advanced Cyber Team (FACT) began a criminal investigation of Tornado Cash in June, saying that the mixing service "has been used to conceal large-scale criminal money flows, including from (online) thefts of cryptocurrencies (so-called crypto hacks and scams). These included funds stolen through hacks by a group believed to be associated with North Korea."
Investigating money laundering is a priority for the Dutch government, they said in the statement.
"By disguising the criminal origin of the proceeds of a crime, perpetrators are able to remain beyond the reach of the investigative authorities and enjoy their undisturbed criminal earnings," they said, adding that money-laundering operations like crypto mixers "is a new phenomenon that is receiving explicit attention from the FIOD." ®