Two Chinese Sanctioned for Laundering $100M for North Korean Hackers


The U.S. Justice Department has indicted two Chinese nationals for their role in laundering stolen cryptocurrency tied to a crypto exchange hack.

March 2, 2020 | AtoZ MarketsIn a case that reveals the extent to which North Korea has been using crypto to circumvent international sanctions, two Chinese nationals, Tian Yinyin (田寅寅) and Li Jiadong (李家东)  were charged with laundering more than $100 million for North Korean hackers Lazarus Group, a North Korean government cyber group that has carried out the bulk of North Korea’s malicious hacks against U.S. and foreign banks.

Chinese nationals helped North Korea launder stolen cryptocurrency

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) announced Monday that it has sanctioned two Chinese nationals involved in laundering stolen cryptocurrency from an exchange.

According to an indictment filed in federal court and revealed on Monday in Washington, D.C., Yinyin Tian and Juiadong Li had been helping North Korea launder crypto obtained through hacks and cyber theft between Dec 2017 and April 2019.

They used various different methods to obfuscate the trail of the stolen crypto from the police. According to the official statement, Assistant Attorney General Brian Benczkowski said:

“These defendants allegedly laundered over a hundred million dollars worth of stolen cryptocurrency to obscure transactions for the benefit of actors based in North Korea.”

Yinyin’s and Jiadong’s involvement goes as far back as 2017. However, the DOJ’s announcement puts emphasis on a massive crypto exchange hack that occurred in 2018. The statement mentions no names here, but based on the value of the crypto, signs would point to Japanese exchange Coincheck that was hacked for around $534 million that same year.

Yinyin and Jiadong cleverly transferred the currency among addresses they held, obfuscating the origin of the funds.

Evading sanctions with digital currencies

AtoZ Markets has reported of countries proposing their own cryptocurrencies in a bid to circumvent sanctions, including Iran and Venezuela. Nevertheless, these methods have not proven to have enough people willing to transact in them.

So, North Korea has been using other methods. The country has been suffering from international sanctions over its ballistic missile program since 2006. DOJ says North Korea used a portion of the funds to pay for infrastructure used in its hacking campaigns, though UN investigators also previously said that the country uses the funds it steals for its nuclear weapons program.

The same North Korean hackers have also been implicated in a November attack on Upbit exchange in Nov 2019 in which approximately $48mn in crypto was stolen. U.S. Attorney Timothy Shea of the District of Columbia said in the statement:

“The hacking of virtual currency exchanges and related money laundering for the benefit of North Korean actors poses a grave threat to the security and integrity of the global financial system.”

OFAC blacklists 20 crypto addresses

The OFAC has also blacklisted 20 crypto addresses for their connection to two names from its sanctioned individuals list.  The blacklisted addresses appear to have had thousands of BTC processed through them. Currently, none of those 20 addresses hold any cryptocurrencies.

The OFAC has blacklisted crypto addresses for the third time after, in 2018. During that time, it released to the public BTC addresses connected to 2 Iranian citizens accused of ransomware transactions.

What do you think about the two Chinese nationals who conspired with North Korean to launder stolen cryptocurrency? Let us know your thoughts in the comment section below!

    Share Your Opinion, Write a Comment