crypto laundering

US Treasury Sanctions Two Men Accused of Laundering Crypto for North Korean Cyber Crime Syndicate

The US Treasury’s Office of Foreign Asset Control (OFAC) has sanctioned two men believed to be involved in laundering stolen cryptocurrency from a 2018 cyberattack against a cryptocurrency exchange.

The Chinese nationals, Jiadong Li and Yinyin Tian have been added to the OFAC’s Specially Designated Nationals List according to an update by the US Treasury earlier today. The two men are believed to be a part of the Lazarus group, a cybercrime syndicate alleged to be working in collusion with the North Korean government and OFAC has blacklisted 20 Bitcoin addresses associated with the pair.

Sanctioned Chinese Nationals

According to a press release on March 2, Tian and Li received roughly $91 million that had been stolen in an April 2018 hack of an unnamed cryptocurrency exchange from DPRK-controlled accounts and an additional $9.5 million from a hack of another exchange.

It has been deduced by OFAC that Tian and Li transferred the currency among a series of addresses, siphoning off a small portion to an alternate address with each transfer. This process of laundering the US treasury describes as a “peel chain.”

As a result of today’s action, all property and interests in property of these individuals that are in the United States or in the possession or control of US persons, including the 20 BTC accounts, must be blocked and reported to OFAC.

North Korea’s Ties to Cyber Crime

The Democratic People’s Republic of Korea (DPRK) has reportedly been training cybercriminals to target and launder stolen funds from financial institutions, with a series of attacks leading to a subsequent UN investigation last year.

On Sep. 13, 2019, the US Treasury identified the Lazarus Group, along with Bluenoroff and Andariel, as North Korean hacking entities based on their relationship to the DPRK’s primary intelligence agency, the Reconnaissance General Bureau (RCB).

As reported by Blockchain.News, the Lazarus group also made headlines in December 2019 when security researcher Dinesh Devadoss, encountered a newly designed piece of cryptocurrency-focused macOS malware software on a website called—unioncrypto.vip—that advertised a trading platform for “smart cryptocurrency arbitrage”. All evidence pointed to the work of the North Korean cyber group.

The Treasury strongly believes that North Korea’s malicious cyber activity is a key revenue generator for its totalitarian regime often targeting cryptocurrency exchanges.

The release does not name either of the exchanges hacked, however, last November the South Korean exchange Upbit was the subject of an attack with a total of 342,000 ETH, a value of $50 million at the time, stolen from the Upbit Ethereum Hot Wallet.

Image via Shutterstock

US Court Indicts Alleged Lazarus Group Members in $250 Million Crypto Exchange Theft

While blockchain is promoted as being cryptographically secured as the underlying technology for cryptocurrency, exchanges that hold them are still prone to cyberattacks.

Two Chinese nationals, Tian YinYin and Li Jiadong were sanctioned yesterday by the US Government for their alleged involvement in laundering stolen cryptocurrency from a 2018 cyberattack against a cryptocurrency exchange.

Grand Jury Indictment

Court documents released via Twitter by Seamus Hughes at Program on Extremism reveal that the United States District Court for the District of Columbia issued an indictment against the two individuals in a massive cryptocurrency theft against an unnamed exchange. The grand jury for the case was sworn in on May 7, 2019.

Tian and Li who also go by their GOT inspired online aliases, Snowsjohn and Khaleesi respectively, have been charged with stealing nearly $250 million worth of virtual assets between July 2018 and April 2019.

According to the court documents, Tian and Li both held accounts at two different unnamed cryptocurrency exchanges. The pair violated legal requirements set out by the Financial Crimes Enforcement Network (FinCEN) by converting virtual currency into fiat currency in exchange for fees; the pair effectively operated as an unlicensed money transmitting business.

Tian and Li transferred over $100 million worth of Bitcoin between each other’s US accounts and China accounts engaging in a form of cryptocurrency laundering know as a “peel chain” before the hack occurred. Other forms of laundering mainly consisted of converting Bitcoin to USD, Chinese Yuan, and iTunes gift cards.

Tian and Li Linked to Lazarus Group

As announced by the US Treasury on March 2, Tian and Li have been identified for their connection to the North Korean state-sponsored cyber-crime syndicate known as the Lazarus group.

The court documents do not name either of the exchanges hacked, however, last November the South Korean exchange Upbit was the subject of an attack with a total of 342,000 ETH, a value of $50 million at the time, stolen from the Upbit Ethereum Hot Wallet.

Image via Shutterstock

US Files Lawsuit to Recover Cryptocurrency Accounts Linked to North Korean Hacking Operation

The US Department of Justice has filed a suit against North Korean state-sponsored cyber hackers for allegedly perpetrating two major cryptocurrency heists.

Crypto exchanges suffer North Korean cyber attack

The complaint, filed on Thursday, outlined two hacks that were allegedly conducted by state-sponsored North Korean cybercriminals, and that targeted two cryptocurrency exchanges hit last year. Proton Tokens (PTT), PlayGame tokens (PXG), and IHT Real Estate Protocol tokens were stolen from the first virtual exchange. In order to launder the digital assets, cyber hackers washed out the tokens through Chinese over-the-counter brokers.

The altcoin assets were converted into Bitcoin (BTC), Tether (USDT), and other cryptocurrencies to cover the North Korean cyber criminals’ tracks. The total amount of altcoins and tokens stolen were reported to be equivalent to $272,000.

A similar case was reported by US investigators a few months after the occurrence of the first crypto heist. This time, a US crypto exchange was hacked and $2.5 million in cryptocurrencies were stolen. Once again, US law enforcement said that North Korean operators laundered the virtual funds through Chinese traders that they had coordinated with for previous heists.

Despite the crypto laundering techniques that were employed by North Korean cyber hackers, law enforcement and cybersecurity were able to trace the funds, thanks to blockchain analysis. The stolen cryptocurrency assets were allegedly funneled into 280 cryptocurrency accounts.

In relation to the civil forfeiture complaint filed by US Justice Department, FBI Special Agent Emmerson Buie Jr. spoke up regarding cybersecurity and North Korea’s alleged involvement in cyberattacks. He said:

“Today’s complaint demonstrates that North Korean actors cannot hide their crimes within the anonymity of the internet. International cryptocurrency laundering schemes undermine the integrity of our financial systems at a global level, and we will use every tool in our arsenal to investigate and disrupt these crimes.”

US investigates North Korean cyber operations

In order to tighten cybersecurity and annihilate any national security threat, the US has been actively monitoring North Korean tactics. In a recent tactical report released in July, the US Army had revealed that North Korea currently had more than 6,000 hackers operating under their umbrella. These government-sponsored hackers were dispersed throughout the world and were rumored to be at the basis of illicit cyber hacks.

There is substantial evidence that indicates that the Democratic People’s Republic of Korea (DPRK) may be heavily involved in cybercriminal operations, and US officials have clearly expressed their desire to safeguard national security by tightening cybersecurity ropes.

In the past, two Chinese nationals, Tian YinYin and Li Jiadong, had been sanctioned by the US government for their involvement in laundering over $100 million worth of Bitcoin cryptocurrency funds from a 2018 cyberattack perpetrated by North Korean hackers against a crypto exchange. The two men were identified for their connection to the notorious North Korean state-sponsored cybercriminal ring, Lazarus Group.

Chainalysis Partners with Wyoming Watchdog to Fight Cybercrime and Crypto Laundering Scams

Chainalysis has announced its partnership with Wyoming Division of Banking to fight cybercrime and illicit activities pertaining to crypto laundering, crypto scams, sanctions violations, and more.

Wyoming Bank and Chainalysis to fight cybercrime together

The blockchain analysis company has been at the forefront in helping government agencies and crypto firms establish cybersecurity, through their research and data analytics tools. Now, with cryptocurrency adoption on the rise, Chainalysis products will be serviced by the Wyoming Division of Banking “to verify Wyoming banks’ compliance with anti-money laundering, Bank Secrecy Act, know-your-customer, and sanctions requirements.” Co-founder and Chief Strategy Officer of Chainalysis, Jonathan Levin, said:

“Chainalysis transaction monitoring is an important tool in helping them (Wyoming Division of Banking) embrace virtual currency as the technology of the future of financial services while ensuring financial institutions and virtual currency businesses in their jurisdiction are compliant.”

On top of helping Wyoming’s watchdog monitor anti-money laundering schemes, Chainalysis’ services and cybersecurity tools will also be leveraged by federal and state law enforcement agencies to run data tests and to monitor digital transactions.

Speaking about the collaboration, Wyoming Division of Banking addressed its plans to change and prevent cybercrime. The Commissioner for the banking institution also said that Chainalysis’ tools would enable Wyoming banks to conduct deposit-taking “custody and fiduciary activities with digital assets” safely and soundly. Wyoming Banking Commissioner, Albert Forkner, added:

“Wyoming was the first US jurisdiction to authorize banks to conduct digital asset activities in 2019 […] Though Wyoming is committed to responsible innovation, we are equally committed to harnessing distributed ledger technology to push criminals out of the digital asset space.”

Wyoming at the forefront for digital asset regulation

Since 2019, Wyoming has been leading the pack for digital currency regulation in the United States.

The Wyoming Legislature passed and approved the chartering of special purpose depository institutions (SPDIs) as a new bank charter. It also set in place a legal framework for digital currency custody.

At the time of writing, Wyoming is reported to be in the process of developing regulatory policies revolving around crypto assets, so that digital currencies can be monitored and transacted in a secure way. Wyoming Division of Banking is working to find a middle ground between crypto and traditional banking institutions, and it seems to have progressed and succeeded in integrating both, starting with Kraken crypto exchange.

Kraken is the first crypto exchange to become a US bank

Recently, the Wyoming Banking Board had announced that it had approved Kraken San Francisco-based crypto exchange’s application for a SPDI charter, making Kraken the first exchange to become a US bank.

As an official US bank, Kraken crypto exchange will be able to hold digital assets in custody, approve payment transactions, facilitate transfers between fiat and crypto with ease, and more.

CipherTrace Life Hack for Criminal Investigations: How to Know if Cryptocurrency Was Utilized

CipherTrace blockchain analytics firm has revealed guidelines and tips that could help law enforcement identify that cryptocurrency was used for illicit activities.

Crypto for crime

A report published by the crypto and blockchain analytics firm unveiled tips that could help further criminal investigations by pinpointing ways to identify whether cryptocurrency was leveraged.

CipherTrace suggested that criminals may have increasingly been using cryptocurrency rather than cash to funnel their illicit activities, as the US Department of Treasury has signaled that “since 2013, there has been a consistent decrease in reported bulk cash seizures by agencies throughout the United States.”

The report read:

“The lack of cash seizure for known cash intensive activities should ben an automatic red flag for potential cryptocurrency usage to obfuscate and move funds.”

According to CipherTrace, there were several clues that could clue law enforcement in on the fact that cryptocurrency was leveraged in that instance to drive criminal activity forward. Through the report, the blockchain forensics team encouraged law enforcement to be vigilant and said:

“The signs of cryptocurrency usage, however, can easily be overlooked by investigators unfamiliar with what to look for.”

First clue: look at phones and old computers

The blockchain analytics firm encouraged investigators to scrutinize confiscated phones and old computers for cryptocurrency-related apps. It also said that bookmarks and authenticator apps were worth investigating. Furthermore, the report listed a number of popular cryptocurrency exchanges, wallet providers, and maps of cryptocurrency ATM locations that could aid law enforcement in their investigations.

CipherTrace advised that “old, disconnected, and seemingly non-functioning computers could also hold the private keys to cryptocurrency wallets.”

Random papers may have crypto passwords

In addition, “pocket litter,” which was essentially little pieces of seemingly random paper, could easily be dismissed by investigators.

Source: CipherTrace

However, the blockchain analytics firm suggested that they were worth a second look, as pocket litter sometimes provided the recovery seed phrases for crypto wallets, or were actually Bitcoin ATM receipts.

The report read:

“’Pocket litter’ or any other random papers should be evaluated for lists of seemingly random words – typically 12, but some wallets can support seed phrases up to 33 words – that, if used in the correct order, could be used to recover a crypto wallet.”

CipherTrace said that sometimes, recovery seeds could be hidden in books, planners, notes, or even displayed in plain eyesight in certain instances, concealed as regular lists. A list of hardware wallet manufacturers and popular models were also provided in CipherTrace’s report, and analysts warned that sometimes, “hardware wallets can look like inconspicuous USB sticks.”

The key is to remain vigilant

The blockchain and cryptocurrency analytics firm advised law enforcers to remain vigilant to red flags that could indicate that cryptocurrency was being used to launder criminal funds. It elaborated:

“Blockchain analysis tools like CipherTrace Inspector can then be used to easily verify the source of funds and detect any association with dark markets or other criminal activity.”

Who is CipherTrace?

CipherTrace is a blockchain intelligence and analytics firm that prides itself on fighting crypto crime fueled by Bitcoin and other digital assets. Founded in 2015, its mission is to put an end to digital crime and to protect financial institutions from money laundering and crypto-related threats. CipherTrace is funded by the US Department of Homeland Security and delivers software products that enable blockchain forensic analysts to trace miscellaneous transactions.

For law enforcers, these tools are essential for verifying whether crypto exchanges have been compliant with local anti-money laundering policies and for tracing fraudulent crypto transactions on the blockchain.