Security Experts:

U.S. Charges Two Chinese Nationals Linked to North Korean Hacker Attacks

The U.S. Department of Justice announced on Monday that two Chinese nationals have been charged with laundering over $100 million worth of cryptocurrency stolen by North Korean hackers from a cryptocurrency exchange.

The suspects, Tian Yinyin and Li Jiadong, have been charged with money laundering conspiracy and operating an unlicensed money transmitting business. The second charge is related to allegations that the Chinese nationals laundered money through financial accounts in the United States, for which they should have registered with the Financial Crimes Enforcement Network (FinCEN).

Prosecutors have also filed a civil forfeiture complaint in an effort to recover stolen funds. The complaint targets 113 cryptocurrency accounts and addresses allegedly used by Yinyin, Jiadong and their accomplices to launder the stolen funds. Authorities say some funds have already been seized.

In addition to the charges brought against them by the DoJ, the two individuals have been sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), which blocked all their property and assets in the United States.

According to authorities, Yinyin and Jiadong laundered over $100 million worth of cryptocurrency, mostly obtained as a result of a cyberattack launched in April 2018 by North Korean hackers. The attack targeted an unnamed cryptocurrency and resulted in the theft of nearly $250 million worth of Bitcoin, Ethereum, Zcash, Dogecoin, Ripple, Litecoin and Ethereum Classic.

Laundering the stolen funds involved hundreds of automated transactions, accounts created on cryptocurrency exchange platforms using forged identification documents, and bank accounts at several Chinese banks. Yinyin and Jiadong allegedly provided cryptocurrency transmission services, an operation that included customers and financial accounts in the U.S.

North Korean threat actors, including the infamous Lazarus group, have targeted many cryptocurrency exchanges and financial institutions in the past years, and it has been estimated that these attacks may have helped them earn as much as $2 billion. Some believe North Korean hackers were also behind the January 2018 hack of Japanese cryptocurrency exchange Coincheck, from which over $500 million was stolen.

The indictment made public on Monday also mentions the theft of roughly $49 million worth of cryptocurrency from a South Korean exchange in November 2019. This is most likely the attack on Upbit, which was previously attributed to North Korean hackers.

Related: North Korean Hackers Hit Cryptocurrency Exchange with macOS Malware

Related: Opsec Mistakes Allowed U.S. to Link North Korean Man to Hacks

Related: U.S. Charges North Korean Over Lazarus Group Hacks

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.