The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced Monday that it has sanctioned two Chinese nationals involved in laundering stolen cryptocurrency from an exchange.
Tian Yinyin (田寅寅) and Li Jiadong (李家东) “materially assisted, sponsored, or provided financial, material, or technological support for, or goods or services to or in support of, a malicious cyber-enabled activity” and the Lazarus Group, the OFAC alleged. The Lazarus Group is a U.S.-designated North Korean state-sponsored cyber group.
The U.S. government has charged two Chinese nationals involved in laundering stolen cryptocurrency worth $100 million from an exchange allegedly for the benefit of North Korea. They are linked to the U.S.-designated North Korean state-sponsored Lazarus Group. A total of 113 cryptocurrency accounts and addresses used to launder funds have been identified.
Crypto Exchange Hack
The Treasury explained that the Lazarus Group leveraged malware code from the now-defunct cryptocurrency application Celas Trade Pro, creating illegitimate websites and malicious software to conduct phishing attacks against the cryptocurrency sector.
In April 2018, an employee of an unnamed exchange downloaded the malware through an email, giving the hackers remote access to the exchange and unauthorized access to customers’ personal information, including private keys used to access crypto wallets stored on the exchange’s servers. The hackers used the private keys to steal cryptocurrencies worth $250 million at the time, the department added, noting:
DPRK malicious cyber proceeds are often transferred to cryptocurrency exchanges and peer-to-peer marketplaces with negligible customer screening compliance programs, or individual peer-to-peer or over-the-counter traders operating on exchanges that do not screen their customers.