The Justice Department filed a civil forfeiture complaint detailing two hacks of virtual currency exchanges by North Korean actors. These actors stole millions of dollars’ worth of cryptocurrency and ultimately laundered the funds through Chinese over-the-counter (OTC) cryptocurrency traders. The complaint follows related criminal and civil actions announced in March 2020 pertaining to the theft of $250 million in cryptocurrency through other exchange hacks by North Korean actors.
“Today’s action publicly exposes the ongoing connections between North Korea’s cyber-hacking program and a Chinese cryptocurrency money laundering network,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “This case underscores the department’s ongoing commitment to counter the threat presented by North Korean cyber hackers by exposing their criminal networks and tracing and seizing their ill-gotten gains.”
“At U.S. Cyber Command, we leverage a persistent engagement approach to challenge our adversaries’ actions in cyberspace,” said Brigadier General Joe Hartman, Commander of the Cyber National Mission Force. “This includes disrupting North Korean efforts to illicitly generate revenue. Department of Defense cyber operations do not occur in isolation. Persistent engagement includes acting through cyber-enabled operations as much as it does sharing information with our interagency partners to do the same.”
The forfeiture complaint details two related hacks of virtual currency exchanges.
As alleged in the complaint, in July 2019, a virtual currency exchange was hacked by an actor tied to North Korea. The hacker allegedly stole over $272,000 worth of alternative cryptocurrencies and tokens, including Proton Tokens, PlayGame tokens, and IHT Real Estate Protocol tokens. Over the subsequent months, the funds were laundered through several intermediary addresses and other virtual currency exchanges. In many instances, the actor converted the cryptocurrency into BTC, Tether, or other forms of cryptocurrency – a process known as “chain hopping” – in order to obfuscate the transaction path. As detailed in the pleadings, law enforcement was nonetheless able to trace the funds, despite the sophisticated laundering techniques used.
As also alleged in the pleadings, in September 2019, a U.S.-based company was hacked in a related incident. The North Korea-associated hacker gained access to the company’s virtual currency wallets, funds held by the company on other platforms, and funds held by the company’s partners. The hacker stole nearly $2.5 million and laundered it through over 100 accounts at another virtual currency exchange.
The funds from both of the above hacks, as well as hacks previously detailed in a March 2020 forfeiture action (1:20-cv-00606-TJK), were all allegedly laundered by the same group of Chinese OTC actors. The infrastructure and communication accounts used to further the intrusions and fund transfers were also tied to North Korea.