Two hacks of virtual currency exchanges by North Korean actors has led the Department of Justice to file a civil forfeiture complaint. The complaint, according to officials, “publicly exposes the ongoing connections between North Korea’s cyber-hacking program and a Chinese cryptocurrency money laundering network,”
According to the Department of Justice (DOJ), North Korean actors stole millions of dollars’ worth of cryptocurrency and ultimately laundered the funds through Chinese over-the-counter (OTC) cryptocurrency traders. The complaint follows related criminal and civil actions announced in March 2020 pertaining to the theft of $250 million in cryptocurrency through other exchange hacks by North Korean actors.
The forfeiture complaint filed today details two related hacks of virtual currency exchanges.
As alleged in the complaint, in July 2019, a virtual currency exchange was hacked by an actor tied to North Korea. The hacker allegedly stole over $272,000 worth of alternative cryptocurrencies and tokens, including Proton Tokens, PlayGame tokens, and IHT Real Estate Protocol tokens. Over the subsequent months, the funds were laundered through several intermediary addresses and other virtual currency exchanges. In many instances, the actor converted the cryptocurrency into BTC, Tether, or other forms of cryptocurrency – a process known as “chain hopping” – in order to obfuscate the transaction path. As detailed in the pleadings, law enforcement was nonetheless able to trace the funds, despite the sophisticated laundering techniques used.
As also alleged in the pleadings, in September 2019, a U.S.-based company was hacked in a related incident. The North Korea-associated hacker gained access to the company’s virtual currency wallets, funds held by the company on other platforms, and funds held by the company’s partners. The hacker stole nearly $2.5 million and laundered it through over 100 accounts at another virtual currency exchange.
The funds from both of the above hacks, as well as hacks previously detailed in a March 2020 forfeiture action (1:20-cv-00606-TJK), were all allegedly laundered by the same group of Chinese OTC actors. The infrastructure and communication accounts used to further the intrusions and fund transfers were also tied to North Korea.