The US Treasury’s Office of Foreign Asset Control (OFAC) has sanctioned two men believed to be involved in laundering stolen cryptocurrency from a 2018 cyberattack against a cryptocurrency exchange.
The Chinese nationals, Jiadong Li and Yinyin Tian have been added to the OFAC’s Specially Designated Nationals List according to an update by the US Treasury earlier today. The two men are believed to be a part of the Lazarus group, a cybercrime syndicate alleged to be working in collusion with the North Korean government and OFAC has blacklisted 20 Bitcoin addresses associated with the pair.
Sanctioned Chinese Nationals
According to a press release on March 2, Tian and Li received roughly $91 million that had been stolen in an April 2018 hack of an unnamed cryptocurrency exchange from DPRK-controlled accounts and an additional $9.5 million from a hack of another exchange.
It has been deduced by OFAC that Tian and Li transferred the currency among a series of addresses, siphoning off a small portion to an alternate address with each transfer. This process of laundering the US treasury describes as a "peel chain."
As a result of today’s action, all property and interests in property of these individuals that are in the United States or in the possession or control of US persons, including the 20 BTC accounts, must be blocked and reported to OFAC.
North Korea’s Ties to Cyber Crime
The Democratic People’s Republic of Korea (DPRK) has reportedly been training cybercriminals to target and launder stolen funds from financial institutions, with a series of attacks leading to a subsequent UN investigation last year.
On Sep. 13, 2019, the US Treasury identified the Lazarus Group, along with Bluenoroff and Andariel, as North Korean hacking entities based on their relationship to the DPRK’s primary intelligence agency, the Reconnaissance General Bureau (RCB).
As reported by Blockchain.News, the Lazarus group also made headlines in December 2019 when security researcher Dinesh Devadoss, encountered a newly designed piece of cryptocurrency-focused macOS malware software on a website called—unioncrypto.vip—that advertised a trading platform for “smart cryptocurrency arbitrage”. All evidence pointed to the work of the North Korean cyber group.
The Treasury strongly believes that North Korea’s malicious cyber activity is a key revenue generator for its totalitarian regime often targeting cryptocurrency exchanges.
The release does not name either of the exchanges hacked, however, last November the South Korean exchange Upbit was the subject of an attack with a total of 342,000 ETH, a value of $50 million at the time, stolen from the Upbit Ethereum Hot Wallet.
Image via ShutterstockImage source: Shutterstock