In brief

  • The Department of Justice filed a civil forfeiture complaint against 280 cryptocurrency accounts.
  • It alleges that those accounts were used to launder money stolen in two separate 2019 hacks.
  • Those hacks are both believed to have come from North Korea, with the money laundered via Chinese nationals.

The United States Department of Justice today identified 280 cryptocurrency accounts it believes were involved in laundering money from two large hacks in 2019. Both attacks allegedly emanated from North Korea.

In a forfeiture complaint filing made in US District Court, units of the Internal Revenue Service, the Federal Bureau of Investigation, and US Immigration and Customs Enforcement requested possession of those 280 identified accounts.

The first hack in question, which occurred in July 2019, involved the theft of roughly $272,000 in relatively obscure cryptocurrency tokens, including Proton Tokens and PlayGame Tokens, from a cryptocurrency exchange. Subsequent investigations uncovered that those funds were laundered by being converted into other cryptocurrencies.

The second attack, in September 2019, netted around $2.5 million in cryptocurrency from a US company's digital wallets. The attacker then allegedly used 100 or so accounts at an exchange to launder the money.

According to the complaint, "Chinese OTC traders" from an unnamed exchange helped launder those funds. The Department of Justice asserts that these are the same actors who laundered funds for North Korea in a massive $250 million hack in 2018.

“Despite the highly sophisticated laundering techniques used, IRS-CI’s Cybercrimes Unit was able to successfully trace stolen funds directly back to North Korean actors,” said Don Fort, Chief of IRS Criminal Investigation (IRS-CI, in a statement. “IRS-CI will continue to collaborate with its law enforcement partners to combat foreign and domestic operations that threaten the United States financial system and national security.”

A March 2019 UN Security Council Report estimated that between January 2017 and September 2018 alone, hackers sanctioned by North Korea stole $571 million from cryptocurrency exchanges, which they could then use to evade economic sanctions from foreign governments.

Those figures don't include the 2019 attacks referenced in today's filing.