On Monday, the US Attorney General’s office for the District of Columbia (Washington, DC) unsealed an indictment for 2 Chinese nations, charging them with a $100 million money laundering scheme. The two were also charged with operating an unlicensed money transmitting business.
The charges state that the $100 million was only a small portion of the overall $250 million scheme to process stole and hacked cryptocurrency for the Lazarus Group, the world known cryptocurrency hacking organization. Lazarus is suspected of hacking multiple exchanges and several banks.
The $100 million in the indictment is suspected to be the funds from a 2018 cyberattack linked to North Korea’s illicit nuclear missile and weapons development program. The new indictment, accompanied by sanctions and a civil forfeiture complaint seizing 113 cryptocurrency accounts filed in federal court in Washington, marks the first and largest enforcement action of its kind by the United States to deter North Korea’s cryptocurrency financing.US Department of the Treasury
North Korea Hackers
The Attorney General allege the North Korean hackers gained access to a virtual currency exchange in 2018 and stole nearly $250 million worth of virtual currency before laundering the cryptocurrency through several transactions. The hackers used doctored photographs and fake identification to avoid scrutiny and used the stolen money to pay for tools used in other North Korean hacking campaigns, the Justice Department said.
The US charged that between December 2017 and April 2019, Yinyin and Jiadong were responsible for laundering over $100 million in cryptocurrency. They also allege the two did business in the U.S. and failed to register with the Treasury Department, as required by law.
What Are They Saying
Investigators say the crypto laundering is part of a larger effort by North Korea to fund its weapons programs by illicit means.
“North Korea’s malicious cyber activity is a key revenue generator for the regime, from the theft of fiat currency at conventional financial institutions to cyber intrusions targeting cryptocurrency exchanges.
The August 2019 UN Security Council 1718 Committee Panel of Experts report estimates that North Korea had attempted to steal as much as $2 billion, of which $571 million is attributed to cryptocurrency theft. This revenue allows the North Korean regime to continue to invest in its illicit ballistic missile and nuclear programs.”
The US Department of the Treasury claims that:
“In April 2018, an employee of the exchange unwittingly downloaded DPRK-attributed malware through an email, which gave malicious cyber actors remote access to the exchange and unauthorized access to customers’ personal information, such as private keys used to access virtual currency wallets stored on the exchange’s servers. Lazarus Group cyber actors used the private keys to steal virtual currencies ($250 million dollar equivalent at date of theft) from this exchange, accounting for nearly half of the DPRK’s estimated virtual currency heists that year.”