The US Treasury announced Monday that it has sanctioned two Chinese nationals for their alleged involvement in laundering stolen cryptocurrency for the “Lazarus Group,” a North Korean state-sponsored hacking group suspected of stealing upwards of half a billion in crypto for the regime.
Tian Yinyin and Li Jiadong were sanctioned for allegedly laundering cryptocurrency from hacked crypto exchanges, which were unnamed in court documents. US authorities said the hacks in question took place in 2018.
The men allegedly received $105.5 million in stolen cryptocurrency from North Korea-controlled accounts and transferred the currency amongst different accounts to obfuscate their origin. Yinyin and Jiadong allegedly disbursed the stolen funds into Chinese bank accounts and into iTunes gift cards, and made use of at least one US-based exchange to launder funds, according to court documents.
The Treasury said one of the exchange hacks occurred in April 2018 when an employee at the exchange opened malware through an email which gave hackers access to customers’ private keys and funds. “The North Korean regime has continued its widespread campaign of extensive cyber-attacks on financial institutions to steal funds,” said Secretary Steven Mnuchin said.
According to the Treasury, one of the exchange hacks was worth $250 million and amounted to “nearly half” of the total cryptocurrency North Korea had stolen that year.
In a separate action, the Treasury department also opted to blacklist 20 Bitcoin addresses associated with the two Chinese nationals, which means the addresses are now added to a list of Specifically Designated Nationals with the Office of Foreign Assets Control and it is now illegal for any US person to conduct business with them.
Further, US authorities have also initiated civil asset forfeiture proceedings against 113 crypto addresses linked to Yinyin and Jiadong. The forfeiture documents allege that the duo stole roughly $234 million in crypto, including Bitcoin, Ethereum, Zcash, XRP, and Dogecoin.
Lazarus is one of the hacking groups that the US alleges is controlled by the government of North Korea to covertly steal from US financial institutions. According to a report by the UN Security Council last year, North Korea had acquired an estimated $2 billion in illicit funds through “cyber means.” Of those funds, $517 million are attributed to “cryptocurrency theft.”
The Treasury said the funds are used by the North Korean regime to fund “its illicit ballistic missile and nuclear programs.”