US DoJ wants the funds stored by North Korea in 280 BTC and ETH

Pierluigi Paganini August 30, 2020

US DoJ filed a civil forfeiture complaint to seize 280 Bitcoin (BTC) and Ethereum (ETH) accounts containing funds allegedly stolen by North Korea-linked hackers

The US DoJ has filed a civil forfeiture complaint with the intent to seize control over 280 Bitcoin and Ethereum accounts that are believed to be holding funds which are the proceeds of hacking campaigns conducted by North Korea-linked APT groups against two cryptocurrency exchanges.

The complaint did not name the hacked exchanges, it only reports two attacks that took place in July 1, 2019, and September 25, 2019.

The DoJ reveals that the funds stolen in the two hacks, along with $250 million stolen from another exchange in 2018, were all laundered by the same Chinese Over-The-Counter (OTC) traders.

The first attack carried out by North Korean hackers resulted in the theft of $272,000 worth of alternative cryptocurrencies and tokens, including Proton Tokens, PlayGame tokens, and IHT Real Estate Protocol tokens. In the second attack, threat actors stole $2.5 million worth of multiple virtual currencies.

North Korean hackers used “chain hopping” to launder the stolen funds, this means that they have used the stolen funds to buy other cryptocurrencies, for example, converting Stellar to Ethereum.

“Over the subsequent months, the funds were laundered through several intermediary addresses and other virtual currency exchanges.  In many instances, the actor converted the cryptocurrency into BTC, Tether, or other forms of cryptocurrency – a process known as “chain hopping” – in order to obfuscate the transaction path.” reads the press release published by DoJ. “As detailed in the pleadings, law enforcement was nonetheless able to trace the funds, despite the sophisticated laundering techniques used.”

The analysis of the blockchain allowed the US officials to follow the stolen funds from two hacked exchange back to the 280 crypto-currency accounts.

Many of these 280 addresses are currently frozen as a result of the investigation conducted immediately after the hacks.

“Today’s complaint demonstrates that North Korean actors cannot hide their crimes within the anonymity of the internet.  International cryptocurrency laundering schemes undermine the integrity of our financial systems at a global level, and we will use every tool in our arsenal to investigate and disrupt these crimes,” said Special Agent in Charge Emmerson Buie Jr. of the FBI’s Chicago Field Office.  “The FBI will continue to impose risks and consequences on criminals who seek to undermine our national security interests.”

In September 2019, the US Treasury put sanctions on three North Korea-linked hacking groups, the Lazarus GroupBluenoroff, and Andarial.

The groups are behind several hacking operations that resulted in the theft of hundreds of millions of dollars from financial institutions and cryptocurrency exchanges worldwide and destructive cyber-attacks on infrastructure. Lazarus Group is also considered the threat actors behind the 2018 massive WannaCry attack.

According to the Treasury, the three groups “likely” stole $571 million in cryptocurrency from five Asian exchanges in 2017 and 2018.

Intelligence analysts believe the groups are under the control of the Reconnaissance General Bureau, which is North Korea’s primary intelligence bureau.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, North Korea)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment