The US charges two Chinese men for helping North Korean actors steal over $250 Million
Two men from China helped the North Korean hacker group to steal cryptocurrency, according to recent court documents. The Us Department of Justice charged the two for laundering $100 million worth of cryptocurrency that got stolen by a known North Korean government-related Lazarus group. Funds were stolen in 2018 when attackers hacked a cryptocurrency exchange.
Tian Yinin and Li Jiadong got charged for operating an unlicensed money transmitting business and money laundering conspiracy. According to prosecutors, the two worked on behalf of the hackers and released malware that an employee of the cryptocurrency exchange downloaded unknowingly. This way, attackers accessed private keys, virtual currency, other private and valuable customer information.
The defendants operated through independent as well as linked accounts and provided virtual currency transmission services for a fee for customers.
The use of Apple gift cards in cryptocurrency launder
Tian and Li made $91 million from accounts controlled by DPRK as the first batch of currency to launder. In addition to that, $9.5 million after the second hacking. These funds got transferred to various virtual currency wallets that hackers controlled and managed by hiding the initial origin.
During the time that hackers were actively stealing the cryptocurrency – from December 2017 to April 2019, Tian and Li laundered more than $100 million worth of crypto.
A portion of the laundered funds was used to pay for infrastructure used in North Korean hacking campaigns against the financial industry.
The hack was managed by spreading Lazarus malware via email and stealing around $250 million. Then funds layered and sent to 4 different exchanges, and $91 million out of them transferred to Tian Yinyin and Li Jiadong. These two then transferred $34 million in Chinese CNY to a Chinese bank account and $1.4 million traded for iTunes gift cards. These gift cards were a strange choice, but according to the Treasure Department, these are accepted on some virtual currency exchanges to purchase Bitcoin or another crypto.
Lazarus group stole over $300 million worth of cryptocurrency
Hundreds of automated cryptocurrency transactions helped to prevent law enforcement from tracking the activities, so almost $300 million worth of virtual currency got stolen by these North Korean hackers – Lazarus Group and their co-conspirators. By landing the malware through the email, hackers managed to access the exchange remotely and obtain personal information of customers. Private keys stolen from those 113 accounts got used to stealing virtual currency directly from wallets.
Lazarus group was created in 2007 and has gone through many attacks and hit a number of targets, including military, financial institutions, media companies, governments, and other sectors. The same hacker group was tied to the incident that ended in $48.5 million worth of cryptocurrency stolen from South Korea exchange back in November of 2019. Lazarus Group has a pattern of creating malicious websites and software to conduct phishing attacks against the sector of virtual currency.