US Treasury Department Blacklists 20 Bitcoin Addresses Tied to Alleged North Korean Hackers
The U.S. Treasury Department's Office of Foreign Asset Control has added 20 new bitcoin addresses associated with two individuals to its list of sanctioned individuals.
According to an update to OFAC's "Specially Designated Nationals" (SDN) list, Jiadong Li and Yinyin Tian are accused of being linked to the Lazarus Group, a cybercrime group possibly affiliated with the North Korean government.
The group has been accused of stealing more than half a billion dollars in crypto as far back as 2018, when cybersecurity vendor Group-IB claimed it had targeted 14 different exchange in two years.
According to court documents unsealed Monday and flagged by George Washington University's Seamus Hughes, the two are charged with cnospiracy to launder monetary instruments and operating an unlicensed money transmission business.
In a press release, the Treasury Department said the accusation stems the theft of $91 million stolen from one crypto exchange, on top of another $9.5 million from a different exchange in April 2018.
In a statement, U.S. Treasury Secretary Steven Mnuchin said, “The North Korean regime has continued its widespread campaign of extensive cyber-attacks on financial institutions to steal funds. The United States will continue to protect the global financial system by holding accountable those who help North Korea engage in cyber-crime.”
The agency listed 12 addresses associated with Jiadong Li:
OFAC listed eight addresses affiliated with Yinyin Tian:
While thousands of bitcoin appear to have flowed through the listed addresses, the majority appeared to hold no bitcoin as of press time.
Monday's move is the third time OFAC has listed cryptocurrency addresses on its sanctions list. In 2018, the agency tied bitcoin addresses to a pair of Iranian nationals it accused of facilitating financial transactions related to ransomware. Last year, the agency also listed a litecoin address and additional bitcoin addresses affiliated with three Chinese nationals it charged with violating money laundering and drug smuggling laws.
According to the Treasury Department's press release, "North Korea's malicious cyber activity is a key revenue generator" for the nation. The country uses peer-to-peer marketplaces and exchanges with "negligible" know-your-customer controls, and crypto stolen by the nation can be used in a variety of ways.
"Given the illicit finance risk that cryptocurrency and other digital assets pose, in June 2019 the Financial Action Task Force (FATF) amended its standards to require all countries to regulate and supervise such service providers, including exchangers, and to mitigate against such risks when engaging in cryptocurrency transactions," the press release said. "The United States is particularly concerned about platforms that provide anonymous payment and storage functionality without transaction monitoring, suspicious activity reporting, or customer due diligence, among other obligations."
OFAC also deleted a number of Russian entities linked to the Independent Petroleum Company from its sanctions list in Monday's action.