The US government has indicted two Chinese nationals Tian Yinyin and Li Jiadong for laundering stolen cryptocurrencies worth $100 million from different crypto exchanges. They are allegedly linked to a hacking group Lazarus which is supposedly operated by N. Korean primary intelligence services (RGB).

 The US Department of the Treasury’s Office of Foreign Assets Control (OFAC) traced 113 cryptocurrency accounts and addresses that were used to hack the funds. The Department announced that they have impeached the two hackers’ for laundering of stolen cryptocurrencies from the exchange.

Internal Revenue Service Criminal Investigation Chief Don Fort accused that North Korea consistently has been trying to attack the growing ecosystem of virtual currencies to evade the sanctions by the US and the UN Security Council.

Lazarus group

Lazarus group is a notorious hacker group infamous for a ransomware attack in 2017 which was then ascribed by Australia, Canada, the US, and New Zealand. In 2014 they had hacked Sony picture's entire network which collapsed the network of thousands of computer systems. They are also involved in stealing military secrets of several countries by hacking into their internal infrastructure. Since then, the Lazarus group along with other hacker groups are under the strict vigilance of the UN for 35 major international cyber-attacks. 

How the Lazarus group hacked the Crypto exchange?

Treasury Department explained that the alleged group installed Malware code from the now-defunct cryptocurrency application, Celas Trade Pro. They created websites and malicious software to attack and hack the exchange.

In April 2018 they had sent an email containing the virus. One of the employees of the exchange downloaded the email through which the hackers entered the system and accessed customers’ accounts and personal information including their private keys to access their wallets. Though the servers they hacked the exchange by using the private keys to steal cryptocurrencies worth $250 million through the phishing attack.

The OFAC Departments stated, “DPRK malicious cyber proceeds are often transferred to cryptocurrency exchanges and peer-to-peer marketplaces with negligible customer screening compliance programs or individual peer to peer or over-the-counter traders operating on exchanges that do not screen their customers.”

Department of Justice (DOJ) had a separate announcement in which they declared that the two Chinese nationals have been charged for laundering $100 million worth of cryptocurrencies in a cryptocurrency exchange hack.

Tian and Li allegedly have collected $ 9.5 million and $91 million by hacking various exchanges operating through various accounts controlled by the Democratic People's Republic of Korea (DPRK) in between December 2017 and April 2019, through hundreds of automatic cryptocurrency transactions to avoid the tracing of the locations.

 They had evaded the Know your Customer (KYC) inquiries of multiple exchanges by furnishing fake photographs and false identity documents. The stolen funds were then transferred to four exchange, out of which $ 91 were transferred to Li and Tian’s accounts and $34 million in Chinese Yuan currency were transferred in nine Chinese unknown bank accounts and $1.4 million were used to trade gift cards.

Treasury Secretary Mnuchin said, “The United States will continue to protect the global financial system by holding accountable those who help North Korea engage in cybercrime.”

Jayashree Ingle

CBW - External Analyst

INDIA