The US government has charged two Chinese nationals with helping North Korean hackers launder more than $100 million in stolen cryptocurrencies.

On Monday, the Justice Department unsealed an indictment against Tian Yinyin and Li Jiadong for laundering the funds, which the North Koreans allegedly stole from two cryptocurrency exchanges.

In one incident, the North Koreans stole $250 million from a single exchange in April 2018, making it one of the largest cryptocurrency heists of all time. The funds were then laundered through “hundreds of automated” cryptocurrency trades in a bid to stop investigators from tracing where the virtual money went.

Allegedly, Tian and Li assisted with some of the laundering when they received $91 million from the April 2018 hack. The North Koreans also sent them another $9.5 million from a separate hack at a different exchange.

“Tian ultimately moved the equivalent of more than $34 million of these illicit funds through a newly added bank account,” the Treasury Department said in today’s announcement. “Tian also transferred nearly $1.4 million dollars’ worth of Bitcoin into prepaid Apple iTunes gift cards, which at certain exchanges can be used for the purchase of additional Bitcoin.”

In response, the Treasury Department has issued sanctions against both Tian and Li, which prohibits US businesses, including banks, from doing any business with them.

How federal officials linked the money laundering to both suspects was left unsaid. But increasingly, federal officials are trying to name and shame international cybercriminals out of their profession. The economic penalties against Tian and Li, for instance, also means the US can sanction foreign financial institutions if they’re ever found to be doing business with the two suspects.

“The United States will continue to protect the global financial system by holding accountable those who help North Korea engage in cyber-crime,” Treasury Secretary Steven Mnuchin said in today’s announcement.

According to a United Nation’s report, the North Korean government has been using state-sponsored hackers to steal funds across the globe as a way to evade the stiff economic sanctions against the country. The UN’s panel of experts estimate the North Korean hackers may have stolen as much as $2 billion.

When it came to stealing the $250 million funds in April 2018, the North Koreans used a phishing email, which was sent to an employee of the unnamed cryptocurrency exchange, the Treasury Department said. The same email led the employee to unwittingly download a piece of malware capable of taking over his computer and pilfering the private keys needed to access customers’ virtual wallets on the exchange.

The Treasury Department is indicating the North Korean malware involved in the heist was a cryptocurrency application called Celas Trade Pro, which the hackers had secretly rigged to run malicious code on the victim’s computer. Last year, the security firm Kaspersky Lab also warned that North Koreans had trojanized the same application to hack into an an unnamed cryptocurrency exchange in Asia.

Further Reading

Security Reviews