US Charges North Korea-Linked Chinese Nationals for Laundering Over $100 Million in Stolen Cryptocurrency

US Charges North Korea-Linked Chinese Nationals for Laundering Over $100 Million in Stolen Cryptocurrency

The U.S. government has charged two Chinese nationals involved in laundering stolen cryptocurrency worth $100 million from an exchange allegedly for the benefit of North Korea. They are linked to the U.S.-designated North Korean state-sponsored Lazarus Group. A total of 113 cryptocurrency accounts and addresses used to launder funds have been identified.

US Sanctions Two Chinese Nationals

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced Monday that it has sanctioned two Chinese nationals involved in laundering stolen cryptocurrency from an exchange.

Tian Yinyin (田寅寅) and Li Jiadong (李家东) “materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, a malicious cyber-enabled activity” and the Lazarus Group, the OFAC alleged. The Lazarus Group is a U.S.-designated North Korean state-sponsored cyber group.

The U.S. Department of the Treasury’s Office of Foreign Assets Control has sanctioned two Chinese nationals involved in laundering stolen cryptocurrency.

“North Korea continues to attack the growing worldwide ecosystem of virtual currency as a means to bypass the sanctions imposed on it by the United States and the United Nations Security Council,” Internal Revenue Service-Criminal Investigation Chief Don Fort claims.

Crypto Exchange Hack

The Treasury explained that the Lazarus Group leveraged malware code from the now-defunct cryptocurrency application Celas Trade Pro, creating illegitimate websites and malicious software to conduct phishing attacks against the cryptocurrency sector.

In April 2018, an employee of an unnamed exchange downloaded the malware through an email, giving the hackers remote access to the exchange and unauthorized access to customers’ personal information, including private keys used to access crypto wallets stored on the exchange’s servers. The hackers used the private keys to steal cryptocurrencies worth $250 million at the time, the department added, noting:

DPRK malicious cyber proceeds are often transferred to cryptocurrency exchanges and peer-to-peer marketplaces with negligible customer screening compliance programs, or individual peer-to-peer or over-the-counter traders operating on exchanges that do not screen their customers.

The U.S. government explained that North Korea continues to attack the cryptocurrency sector as a means to bypass the sanctions imposed on it by the U.S. and the U.N. Security Council.

Tian and Li Charged for Laundering Over $100 Million

In a separate announcement on Monday, the U.S. Department of Justice (DOJ) declared that the two Chinese nationals have been charged with laundering over $100 million worth of cryptocurrency from the cryptocurrency exchange hack.

Tian and Li allegedly received approximately $91 million stolen in an April 2018 hack of a cryptocurrency exchange and an additional $9.5 million from a hack of another exchange from accounts controlled by the Democratic People’s Republic of Korea (DPRK). According to the DOJ, between December 2017 and April 2019:

The funds were then laundered through hundreds of automated cryptocurrency transactions aimed at preventing law enforcement from tracing the funds. The North Korean co-conspirators circumvented multiple virtual currency exchanges’ know-your-customer controls by submitting doctored photographs and falsified identification documentation.

The cryptocurrency exchange hack’s flow of funds showing $250 million worth of cryptocurrency stolen, sent to four exchanges. Source: U.S. Treasury

The Treasury continued to explain that Tian moved the equivalent of more than $34 million of stolen funds in Chinese yuan through a bank account linked to his exchange account and transferred nearly $1.4 million dollars’ worth of bitcoin into prepaid Apple iTunes gift cards.

The defendants conducted business in the U.S. but at no time registered with the Financial Crimes Enforcement Network (FinCEN), the DOJ noted, adding that “the pleadings further allege that the North Korean co-conspirators are tied to the theft of approximately $48.5 million worth of virtual currency from a South Korea-based virtual currency exchange in November 2019.” The department added:

The civil forfeiture complaint specifically names 113 virtual currency accounts and addresses that were used by the defendants and unnamed co-conspirators to launder funds. The forfeiture complaint seeks to recover the funds, a portion of which has already been seized.

A U.N. report estimates that North Korea had attempted to steal as much as $2 billion, $571 million of which is in cryptocurrency.

North Korea’s Hacking History

A U.N. Security Council report released in August 2019 estimates that North Korea had attempted to steal as much as $2 billion, of which $571 million is attributed to cryptocurrency theft. Noting that the $250 million was “nearly half of the DPRK’s estimated virtual currency heists that year,” the Treasury asserted that “This revenue allows the North Korean regime to continue to invest in its illicit ballistic missile and nuclear programs,” elaborating:

North Korea’s malicious cyber activity is a key revenue generator for the regime, from the theft of fiat currency at conventional financial institutions to cyber intrusions targeting cryptocurrency exchanges.

To combat these risks, the Financial Action Task Force (FATF) amended its standards in June last year to require all member countries to regulate and supervise cryptocurrency service providers, including exchanges. Recently, the U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (HSI) revealed a cryptocurrency intelligence program targeting peer-to-peer (P2P) platforms, forums, and darknet markets.

The U.S. Department of Justice has separately charged two Chinese nationals with laundering over $100 million in cryptocurrency. Overall, more than $250 million was allegedly stolen by North Korean hackers.

Cryptocurrency service providers and traditional financial institutions should remain vigilant and alert to substantial changes in customers’ activities, as their business may be used to facilitate the transfer of stolen funds, the Treasury warns. “The United States is particularly concerned about platforms that provide anonymous payment and storage functionality without transaction monitoring, suspicious activity reporting, or customer due diligence, among other obligations.” The department noted:

DPRK cyber actors actively target the cryptocurrency community and are known to employ a variety of fake cryptocurrency trading programs that contain malware.

Source: news.bitcoin

You might also like

Leave A Reply

Your email address will not be published.