US Moves To Seize Cryptocurrency Accounts Linked To North Korean Heists
In a first, officials say North Korean hackers hit a U.S.-based crypto company. US Moves To Seize Cryptocurrency Accounts Linked To North Korean Heists
U.S. authorities on Thursday moved to seize 280 cryptocurrency accounts they said were used by North Korean hackers who stole more than a quarter of a billion dollars from cryptocurrency companies around the world, including one in the U.S.
The U.S. Justice Department said the accounts targeted in the civil forfeiture filing were used by the North Korean hackers and their Chinese agents to launder some of the money stolen from more than a dozen virtual currency exchanges, a series of cyber thefts over the past two years amounting to more than $300 million.
“Today’s action publicly exposes the ongoing connections between North Korea’s cyber-hacking program and a Chinese cryptocurrency money laundering network,” said Acting Assistant Attorney General Brian Rabbitt of the Justice Department’s Criminal Division.
The filing is the first publicly announced case of a U.S.-based virtual currency company being targeted by North Korea, officials said. The company, which the Justice Department said focused on the Algorand blockchain, is referred to in the filing only as “Exchange 10.”
Along with a flurry of other recent actions taken by other federal agencies, Thursday’s filing shows that even while top Trump officials say tensions with nuclear-armed Pyongyang have cooled, U.S. law-enforcement and national-security officials view North Korea as a significant threat to national security and the global financial system.
Pyongyang’s regime uses the proceeds from cyber theft to fund its military and its nuclear-weapons program, according to United Nations experts and U.S. officials.
“North Korea flouts sanctions by hacking international financial networks and cryptocurrency exchanges to generate revenue that funds its weapons development activities,” Gen. Paul Nakasone, the commander of U.S. Cyber Command, wrote in a Foreign Affairs article co-authored with a senior Cyber Command adviser.
North Korea’s mission to the U.N. didn’t immediately respond to a request for comment, but officials have previously denied the country’s agents have hacked financial institutions.
Justice Department and Internal Revenue Service agents said North Korean hackers used malware to gain entry to the exchanges and steal from user accounts, then laundered the proceeds through Chinese middlemen.
U.S. officials said the hackers were associated with one of the hacker collectives the U.S. says is run by North Korea’s intelligence bureau, the so-called Lazarus Group, leaving digital footprints that led back to the country.
In March, the Justice Department indicted and sanctioned two Chinese nationals accused of helping North Korean hackers launder the money stolen from the cryptocurrency exchanges. Federal prosecutors at the time accused them of helping the hackers convert the funds, including through exchanging the bitcoin for prepaid Apple iTunes gift cards.
The U.S. attorney’s office in Washington also filed a civil action to seize related assets allegedly held in 113 virtual currency accounts, and the U.S. Treasury Department simultaneously blacklisted the two men.
Within hours of that March forfeiture filing, authorities saw accounts linked to the alleged thefts that had been dormant for months being flushed, said Assistant U.S. Attorney Zia Faruqui.
U.S. agents tracking money movements through those accounts discovered that the hackers had targeted several more currency exchanges and were laundering the proceeds from those cyberheists through accounts controlled by the same Chinese bitcoin traders, he said.
Jessi Brooks, another assistant U.S. Attorney in the national-security division, said Thursday’s case reflects the department’s decision to target the use of virtual currency platforms for money laundering by nation states and terrorists.
U.S. officials say they have documented a pickup in North Korea’s cyberattacks in recent months.
U.S. and U.N. officials say North Korea relies on a range of sophisticated cyber capabilities to evade global sanctions and expand its regime’s geopolitical relevance, as the country is otherwise shut out from the international financial system.
On Wednesday several U.S. agencies issued a joint alert warning that hackers tied to the North Korean government are trying to rob banks across the globe by draining ATMs and initiating fraudulent money transfers, as part of a resurgent cash-grab campaign that authorities said dates back to February of this year.
Underscoring the view that North Korea’s cyber thefts are a national-security threat, a U.S. Army report published last month described North Korea’s multibillion-dollar cyber-theft activities as a critical part of Pyongyang’s electronic warfare operations.
It estimates the country has an estimated 6,000 hackers within its special cyberwarfare unit, many positioned around the world. The report said some of the hackers are members of the groups named by the Justice Department, the U.S. Treasury and other agencies as responsible for hacks against the global financial system.
The North Korean hackers’ methods of pilfering funds include direct hacking of banks and cryptocurrency exchanges, cryptocurrency mining operations, and low-level internet scams such as automating activity in online computer games to cash out in-game points or items for money.
North Korea Turning To Cryptocurrency Schemes In Global Heists, U.S. Says
Justice Department charges North Koreans hackers in wide-ranging scheme that included attempts to steal $1.3 billion for Pyongyang.
The Justice Department unsealed an indictment Wednesday against two alleged members of North Korea’s military intelligence services, accusing them of hacking banks and companies in more than a dozen countries including the U.S. as part of a wide-ranging scheme to steal $1.3 billion over the past half-decade for Pyongyang.
North Korean hackers are increasingly focusing their criminal activity on the world of cryptocurrency and have recently built malicious cryptocurrency apps, launched ransomware attacks and promoted a fraudulent initial coin offering in pursuit of digital cash, prosecutors said.
The new indictment charged Jon Chang Hyok and Kim Il with the hacking and related fraud. A third man, Park Jin Hyok, who is also named in the indictment, was previously charged in a September 2018 case that accused him of playing a role in the 2016 theft of $81 million from Bangladesh’s account at the Federal Reserve Bank of New York and the 2014 Sony Pictures hack, among other intrusions.
The hackers also allegedly sent spear-phishing emails to employees at the State and Defense Departments and multiple U.S. technology companies in January and February 2020, and at times traveled to and worked from Russia and China, the indictment said.
The charges chronicle a criminal moneymaking operation that has mirrored the general public’s increasing interest in digital currencies, as bitcoin has topped the $50,000 mark.
“North Korea’s operatives, using keyboards rather than guns, stealing digital wallets of cryptocurrency instead of stacks of cash, have become the world’s leading bank robbers,” said John Demers, the head of the Justice Department’s national security division.
Starting in 2017, North Korea developed an initial coin offering, called Marine Chain, that invited investors to purchase digital tokens—similar to bitcoin—that represented fractional stakes of maritime vessels. Marine Chain, whose website has now been removed from the internet, was a fraud, prosecutors said.
North Korean hackers cut their teeth by launching a series of highly sophisticated attacks on banking systems, which netted them hundreds of millions of dollars, but their cryptocurrency activity “could be worth just as much or more,” said John Hultquist, director of intelligence analysis at cybersecurity firm FireEye Inc. “These are increasingly clever and unique schemes,” he said.
Between 2018 and 2020, the alleged hackers built at least nine cryptocurrency applications that purported to be trading software or digital wallets, all of which were actually malicious applications, prosecutors said. The applications had names like Ants2Whale, CoinGo and iCryptoFX, which billed itself as a “Cryptocurrency Algo-Trading Tool,” according to court documents.
The apps were designed to give the North Korean hackers a back door into computer systems, officials said. In August 2020 one of these applications—called CryptoNeuro Trader—was used to break into a New York financial institution where they stole data in an attempted extortion attempt, and transferred about $11.8 million in cryptocurrency from the company’s digital wallets.
Between 2017 and 2020, North Korea hacked at least three financial companies with cryptocurrency assets, netting a total of $112 million, prosecutors said, including $75 million from a cryptocurrency company in Slovenia and $24.9 million from an Indonesian cryptocurrency company.
Representatives of the North Korean government couldn’t be reached for comment, but in the past have denied any involvement in hacking efforts.
U.S. officials said they were working with victim companies to try to recover some of the stolen funds.
After North Korean hackers breached a U.S.-based financial-services company last year, the Federal Bureau of Investigation located and froze around $1.8 million in cryptocurrency and obtained a warrant for the seizure last week, Kristi Johnson, who runs the FBI’s Los Angeles field office, said.
The North Koreans are unlikely to be arrested, but the charges are part of a continuing campaign by U.S. authorities to pressure North Korea and the entities that work with it over the long-running cyber campaign.
In August, federal prosecutors moved to seize 280 cryptocurrency accounts they said were used by North Korean hackers who stole more than a quarter of a billion dollars from cryptocurrency companies around the world, including one in the U.S.
In a related case unsealed Wednesday, a Canadian, Ghaleb Alaumary, agreed to plead guilty to helping the North Korean hackers move tens of millions of dollars in the stolen funds, including by storing funds in bank accounts and helping to retrieve it from hacked ATMs, according to his plea agreement.
Mr. Alaumary worked with others, for example, to steal $16 million from ATMs at an unnamed Indian bank in 2018, including in California, the agreement said. Lawyers representing Mr. Alaumary didn’t return messages seeking comment Wednesday.
US Moves To Seize,US Moves To Seize,US Moves To Seize,US Moves To Seize,US Moves To Seize,US Moves To Seize,US Moves To Seize,