US Charges North Korea-Linked Chinese Nationals for Laundering Over $100 Million in Stolen Cryptocurrency
The U.S. government has charged two Chinese nationals involved in laundering stolen cryptocurrency worth $100 million from an exchange allegedly for the benefit of North Korea. They are linked to the U.S.-designated North Korean state-sponsored Lazarus Group. A total of 113 cryptocurrency accounts and addresses used to launder funds have been identified.
US Sanctions Two Chinese Nationals
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced Monday that it has sanctioned two Chinese nationals involved in laundering stolen cryptocurrency from an exchange.
Tian Yinyin (田寅寅) and Li Jiadong (李家东) “materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, a malicious cyber-enabled activity” and the Lazarus Group, the OFAC alleged. The Lazarus Group is a U.S.-designated North Korean state-sponsored cyber group.The U.S. Department of the Treasury’s Office of Foreign Assets Control has sanctioned two Chinese nationals involved in laundering stolen cryptocurrency.
“North Korea continues to attack the growing worldwide ecosystem of virtual currency as a means to bypass the sanctions imposed on it by the United States and the United Nations Security Council,” Internal Revenue Service-Criminal Investigation Chief Don Fort claims.
Crypto Exchange Hack
The Treasury explained that the Lazarus Group leveraged malware code from the now-defunct cryptocurrency application Celas Trade Pro, creating illegitimate websites and malicious software to conduct phishing attacks against the cryptocurrency sector.
In April 2018, an employee of an unnamed exchange downloaded the malware through an email, giving the hackers remote access to the exchange and unauthorized access to customers’ personal information, including private keys used to access crypto wallets stored on the exchange’s servers. The hackers used the private keys to steal cryptocurrencies worth $250 million at the time, the department added, noting:
The U.S. government explained that North Korea continues to attack the cryptocurrency sector as a means to bypass the sanctions imposed on it by the U.S. and the U.N. Security Council.
DPRK malicious cyber proceeds are often transferred to cryptocurrency exchanges and peer-to-peer marketplaces with negligible customer screening compliance programs, or individual peer-to-peer or over-the-counter traders operating on exchanges that do not screen their customers.
Tian and Li Charged for Laundering Over $100 Million
In a separate announcement on Monday, the U.S. Department of Justice (DOJ) declared that the two Chinese nationals have been charged with laundering over $100 million worth of cryptocurrency from the cryptocurrency exchange hack.
Tian and Li allegedly received approximately $91 million stolen in an April 2018 hack of a cryptocurrency exchange and an additional $9.5 million from a hack of another exchange from accounts controlled by the Democratic People’s Republic of Korea (DPRK). According to the DOJ, between December 2017 and April 2019:
The cryptocurrency exchange hack’s flow of funds showing $250 million worth of cryptocurrency stolen, sent to four exchanges. Source: U.S. Treasury
The funds were then laundered through hundreds of automated cryptocurrency transactions aimed at preventing law enforcement from tracing the funds. The North Korean co-conspirators circumvented multiple virtual currency exchanges’ know-your-customer controls by submitting doctored photographs and falsified identification documentation.
The Treasury continued to explain that Tian moved the equivalent of more than $34 million of stolen funds in Chinese yuan through a bank account linked to his exchange account and transferred nearly $1.4 million dollars’ worth of bitcoin into prepaid Apple iTunes gift cards.
The defendants conducted business in the U.S. but at no time registered with the Financial Crimes Enforcement Network (FinCEN), the DOJ noted, adding that “the pleadings further allege that the North Korean co-conspirators are tied to the theft of approximately $48.5 million worth of virtual currency from a South Korea-based virtual currency exchange in November 2019.” The department added:
A U.N. report estimates that North Korea had attempted to steal as much as $2 billion, $571 million of which is in cryptocurrency.
The civil forfeiture complaint specifically names 113 virtual currency accounts and addresses that were used by the defendants and unnamed co-conspirators to launder funds. The forfeiture complaint seeks to recover the funds, a portion of which has already been seized.
North Korea’s Hacking History
A U.N. Security Council report released in August 2019 estimates that North Korea had attempted to steal as much as $2 billion, of which $571 million is attributed to cryptocurrency theft. Noting that the $250 million was “nearly half of the DPRK’s estimated virtual currency heists that year,” the Treasury asserted that “This revenue allows the North Korean regime to continue to invest in its illicit ballistic missile and nuclear programs,” elaborating:
North Korea’s malicious cyber activity is a key revenue generator for the regime, from the theft of fiat currency at conventional financial institutions to cyber intrusions targeting cryptocurrency exchanges.
To combat these risks, the Financial Action Task Force (FATF) amended its standards in June last year to require all member countries to regulate and supervise cryptocurrency service providers, including exchanges. Recently, the U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (HSI) revealed a cryptocurrency intelligence program targeting peer-to-peer (P2P) platforms, forums, and darknet markets.The U.S. Department of Justice has separately charged two Chinese nationals with laundering over $100 million in cryptocurrency. Overall, more than $250 million was allegedly stolen by North Korean hackers.
Cryptocurrency service providers and traditional financial institutions should remain vigilant and alert to substantial changes in customers’ activities, as their business may be used to facilitate the transfer of stolen funds, the Treasury warns. “The United States is particularly concerned about platforms that provide anonymous payment and storage functionality without transaction monitoring, suspicious activity reporting, or customer due diligence, among other obligations.” The department noted:
DPRK cyber actors actively target the cryptocurrency community and are known to employ a variety of fake cryptocurrency trading programs that contain malware.
What do you think of the U.S. taking action against two Chinese nationals for allegedly laundering millions of dollars worth of stolen cryptocurrency? Let us know in the comments section below.
Disclaimer: This article is for informational purposes only. It is not an offer or solicitation of an offer to buy or sell, or a recommendation, endorsement, or sponsorship of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.
Images courtesy of Shutterstock and the U.S. government.
Did you know you can buy and sell BCH privately using our noncustodial, peer-to-peer Local Bitcoin Cash trading platform? The local.Bitcoin.com marketplace has thousands of participants from all around the world trading BCH right now. And if you need a bitcoin wallet to securely store your coins, you can download one from us here.