Home / News / Crypto / News / Sanction-Evading Hackers and the Arsenal of Crypto Tools They Use: Tornado Cash, Sinbad and YoMix
3 min read

Sanction-Evading Hackers and the Arsenal of Crypto Tools They Use: Tornado Cash, Sinbad and YoMix

Last Updated February 18, 2024 1:33 PM
Shraddha Sharma
Last Updated February 18, 2024 1:33 PM
Key Takeaways
  • Hackers adapt to sanctions by shifting to YoMix after sanctions on Tornado Cash and Sinbad.
  • Reports find a decline in illicit funds sent to mixers in 2023, but new ways of money laundering continue.
  • GoFundMe’s ban on fundraising for Tornado Cash co-founders highlights regulatory tightening.

Hackers continue to circumvent sanctions and crackdowns by regulatory bodies. The latest report from Chainalysis reveals the evasion route of North Korea’s Lazarus Group, among other bad actors.

Cybercriminals today have reportedly moved their operations from one crypto mixer to another, from Tornado Cash to Sinbad, and now to YoMix, in a bid to cleanse their digital loot.

Hackers’ cat-and-mouse game extends beyond the mere exchange of cryptocurrencies. It touches on the broader issues of cybersecurity, the ethical dilemmas of crowdfunding, and the ongoing debate over the rights to financial privacy versus the need for financial security.

With GoFundMe shutting down campaigns for Tornado Cash, co-founders and the crypto community rallying to support their own underline the need for balance.

Mixers Evolve: Tornado Cash to YoMix

The Office of Foreign Assets Control (OFAC) imposed sanctions, which led to the shutdown of Tornado Cash in 2022. Subsequently, sophisticated cybercriminals quickly moved to Sinbad, a mixer that Elliptic  research found to be a rebranding of Tornado Cash.

Now, YoMix is emerging as the new mixer of choice after Sinbad was taken down in 2023. The transition reveals the continuous game of whack-a-mole played by hackers with regulators and law enforcement agencies.

Chainalysis  report found that there was a drop in illicit funds sent to mixers in 2023. While it appears as a regulatory victory on the surface, the agility of groups like Lazarus suggests deeper security issues.

YoMix Mixer
North Korean Hackers Turn to YoMix | Source: Chainalysis

According to data from Chainalysis, approximately one-third of all funds entering YoMix originate from wallets linked to cryptocurrency hacks.


GoFundMe Axes Tornado Cash Founders’ Page

The crackdown on crypto mixers has spilled over onto its co-founders. Roman Storm, one of the three co-founders of the controversial mixer, was arrested in 2023. While he pleaded not guilty to charges related to money laundering and violations  of United States sanctions, he soon turned to the community for legal defense funding.

The sanctioned co-founder was reportedly axed by crowdfunding platform GoFundMe. The decision to cancel the fundraising campaign sparked some community outrage.

Ryan Adams of Bankless Ventures, who said he sent $10K as a donation to Storm, informed the community that it was canceled. He said in a post on X, “Good thing we have an uncensorable money system so we can still fund civil liberties like the right to a fair trial. Resending $10k with crypto.”

It also led to a discussion about the importance of supporting open-source developers and the freedom to transact.

Tightrope of Regulations Against Hackers

Sanction-evading hackers have drained billions of dollars in loot. Meanwhile, Storm faces federal charges that claim he facilitated over $1 billion in money laundering by North Korea’s Lazarus Group.

While sophisticated bad actors continue to adjust their strategies, there are new challenges for regulators and platforms.

But the broader community also needs to find a balance between safeguarding financial systems and upholding the principles of privacy and freedom. The action against Tornado Cash, Sinbad, and YoMix could pave the way toward achieving this balance.

Was this Article helpful? Yes No