Two Chinese nationals linked with N.Korea Charged for Laundering $100 million worth stolen Cryptocurrencies


The US government has indicted two Chinese
nationals Tian Yinyin and Li Jiadong for laundering stolen cryptocurrencies
worth $100 million from different crypto exchanges. They are allegedly linked to
a hacking group Lazarus which is supposedly operated by N. Korean primary
intelligence services (RGB).
The US
Department of the Treasury’s Office of Foreign Assets Control (OFAC) traced 113
cryptocurrency accounts and addresses that were used to hack the funds. The
Department announced that they have impeached the two hackers’ for laundering
of stolen cryptocurrencies from the exchange.
Internal Revenue Service Criminal
Investigation Chief Don Fort accused that North Korea consistently has been
trying to attack the growing ecosystem of virtual currencies to evade the
sanctions by the US and the UN Security Council.
Lazarus group
Lazarus group is a notorious hacker group
infamous for a ransomware attack in 2017 which was then ascribed by Australia, Canada,
the US, and New Zealand. In 2014 they had hacked Sony picture's entire network
which collapsed the network of thousands of computer systems. They are also
involved in stealing military secrets of several countries by hacking into
their internal infrastructure. Since then, the Lazarus group along with other hacker
groups are under the strict vigilance of the UN for 35 major international
cyber-attacks.
How the Lazarus group hacked the Crypto exchange?
Treasury Department explained that the
alleged group installed Malware code from the now-defunct cryptocurrency
application, Celas Trade Pro. They created websites and malicious software to
attack and hack the exchange.
In April 2018 they had sent an email
containing the virus. One of the employees of the exchange downloaded the email
through which the hackers entered the system and accessed customers’ accounts
and personal information including their private keys to access their wallets.
Though the servers they hacked the exchange by using the private keys to steal cryptocurrencies
worth $250 million through the phishing attack.
The OFAC Departments stated, “DPRK
malicious cyber proceeds are often transferred to cryptocurrency exchanges and
peer-to-peer marketplaces with negligible customer screening compliance
programs or individual peer to peer or over-the-counter traders operating on
exchanges that do not screen their customers.”
Department of Justice (DOJ) had a separate
announcement in which they declared that the two Chinese nationals have been
charged for laundering $100 million worth of cryptocurrencies in a
cryptocurrency exchange hack.
Tian and Li allegedly have collected $ 9.5
million and $91 million by hacking various exchanges operating through various
accounts controlled by the Democratic People's Republic of Korea (DPRK) in between
December 2017 and April 2019, through hundreds of automatic cryptocurrency
transactions to avoid the tracing of the locations.
They
had evaded the Know your Customer (KYC) inquiries of multiple exchanges by
furnishing fake photographs and false identity documents. The stolen funds were
then transferred to four exchange, out of which $ 91 were transferred to Li and
Tian’s accounts and $34 million in Chinese Yuan currency were transferred in nine
Chinese unknown bank accounts and $1.4 million were used to trade gift cards.
Treasury Secretary Mnuchin said, “The
United States will continue to protect the global financial system by holding
accountable those who help North Korea engage in cybercrime.”

Jayashree Ingle
CBW - External Analyst
INDIA