Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

U.S. Charges Two Chinese Nationals Linked to North Korean Hacker Attacks

The U.S. Department of Justice announced on Monday that two Chinese nationals have been charged with laundering over $100 million worth of cryptocurrency stolen by North Korean hackers from a cryptocurrency exchange.

The U.S. Department of Justice announced on Monday that two Chinese nationals have been charged with laundering over $100 million worth of cryptocurrency stolen by North Korean hackers from a cryptocurrency exchange.

The suspects, Tian Yinyin and Li Jiadong, have been charged with money laundering conspiracy and operating an unlicensed money transmitting business. The second charge is related to allegations that the Chinese nationals laundered money through financial accounts in the United States, for which they should have registered with the Financial Crimes Enforcement Network (FinCEN).

Prosecutors have also filed a civil forfeiture complaint in an effort to recover stolen funds. The complaint targets 113 cryptocurrency accounts and addresses allegedly used by Yinyin, Jiadong and their accomplices to launder the stolen funds. Authorities say some funds have already been seized.

In addition to the charges brought against them by the DoJ, the two individuals have been sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), which blocked all their property and assets in the United States.

According to authorities, Yinyin and Jiadong laundered over $100 million worth of cryptocurrency, mostly obtained as a result of a cyberattack launched in April 2018 by North Korean hackers. The attack targeted an unnamed cryptocurrency and resulted in the theft of nearly $250 million worth of Bitcoin, Ethereum, Zcash, Dogecoin, Ripple, Litecoin and Ethereum Classic.

Laundering the stolen funds involved hundreds of automated transactions, accounts created on cryptocurrency exchange platforms using forged identification documents, and bank accounts at several Chinese banks. Yinyin and Jiadong allegedly provided cryptocurrency transmission services, an operation that included customers and financial accounts in the U.S.

North Korean threat actors, including the infamous Lazarus group, have targeted many cryptocurrency exchanges and financial institutions in the past years, and it has been estimated that these attacks may have helped them earn as much as $2 billion. Some believe North Korean hackers were also behind the January 2018 hack of Japanese cryptocurrency exchange Coincheck, from which over $500 million was stolen.

The indictment made public on Monday also mentions the theft of roughly $49 million worth of cryptocurrency from a South Korean exchange in November 2019. This is most likely the attack on Upbit, which was previously attributed to North Korean hackers.

Related: North Korean Hackers Hit Cryptocurrency Exchange with macOS Malware

Related: Opsec Mistakes Allowed U.S. to Link North Korean Man to Hacks

Related: U.S. Charges North Korean Over Lazarus Group Hacks

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Nation-State

FBI says a North Korea-linked threat group known as Lazarus and APT38 is behind the $100 million Horizon bridge cryptocurrency heist.

Nation-State

The North Korean APT tracked as TA444 is either moonlighting from its previous primary purpose, expanding its attack repertoire, or is being impersonated by...

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.