US Court Indicts Alleged Lazarus Group Members in $250 Million Crypto Exchange Theft

Lucas Cacioli   Mar 04, 2020 01:20 3 Min Read

While blockchain is promoted as being cryptographically secured as the underlying technology for cryptocurrency, exchanges that hold them are still prone to cyberattacks.

Two Chinese nationals, Tian YinYin and Li Jiadong were sanctioned yesterday by the US Government for their alleged involvement in laundering stolen cryptocurrency from a 2018 cyberattack against a cryptocurrency exchange.

Grand Jury Indictment

Court documents released via Twitter by Seamus Hughes at Program on Extremism reveal that the United States District Court for the District of Columbia issued an indictment against the two individuals in a massive cryptocurrency theft against an unnamed exchange. The grand jury for the case was sworn in on May 7, 2019.

Tian and Li who also go by their GOT inspired online aliases, Snowsjohn and Khaleesi respectively, have been charged with stealing nearly $250 million worth of virtual assets between July 2018 and April 2019.

According to the court documents, Tian and Li both held accounts at two different unnamed cryptocurrency exchanges. The pair violated legal requirements set out by the Financial Crimes Enforcement Network (FinCEN) by converting virtual currency into fiat currency in exchange for fees; the pair effectively operated as an unlicensed money transmitting business.

Tian and Li transferred over $100 million worth of Bitcoin between each other’s US accounts and China accounts engaging in a form of cryptocurrency laundering know as a “peel chain” before the hack occurred. Other forms of laundering mainly consisted of converting Bitcoin to USD, Chinese Yuan, and iTunes gift cards.

Tian and Li Linked to Lazarus Group

As announced by the US Treasury on March 2, Tian and Li have been identified for their connection to the North Korean state-sponsored cyber-crime syndicate known as the Lazarus group.

The Democratic People’s Republic of Korea (DPRK) has reportedly been training cybercriminals to target and launder stolen funds from financial institutions, with a series of attacks leading to a subsequent UN investigation last year.

On Sep. 13, 2019, the US Treasury identified the Lazarus Group, along with Bluenoroff and Andariel, as North Korean hacking entities based on their relationship to the DPRK’s primary intelligence agency, the Reconnaissance General Bureau (RCB).

The court documents do not name either of the exchanges hacked, however, last November the South Korean exchange Upbit was the subject of an attack with a total of 342,000 ETH, a value of $50 million at the time, stolen from the Upbit Ethereum Hot Wallet.


Image via Shutterstock


Read More