Friday, October 30, 2020

Analysis of How North Korea Laundered $100 Million of Stolen Crypto


Blockchain forensics firm CipherTrace has published a detailed analysis of how two Chinese nationals, linked to North Korea, laundered tens of millions of dollars worth of stolen cryptocurrency.

The pair are believed to be associated with the shadowy Lazarus Group, which was behind the Sony breach in 2014, the WannaCry ransomware epidemic in 2017, and a $7 million attack on Bithumb (also in 2017).

They used ‘peel chains’ to hide the size of deposits to avoid unwanted attention, and doctored photographs to fool KYC verification processes, among other tricks.

On March 2, the United States Treasury’s Office of Foreign Assets Control (OFAC) added Tian Yinyin and Li Jiadong to its list of sanctioned individuals and entities for their involvement in laundering crypto assets stolen from an unnamed South Korean exchange in 2018. The pair have been charged with money laundering conspiracy and operating an unlicensed money transmitting business.

$234 million worth of crypto assets was stolen from the exchange — including 218,800 Ether worth $141 million, 10,800 Bitcoin worth $95 million, and between half a million and $3.2 million worth of Ethereum Classic, Ripple, Litecoin, Zcash, and Dogecoin.

‘Peel chains’ used to hide large deposits

According to CipherTrace, the cybercriminals made use of “peel chains” to obfuscate the size of funds being deposited to any given wallet. Rather than attempt to make a single, large deposit to an exchange and attract unwanted attention, the criminals established a chain of addresses the stolen cryptocurrency could pass through, with a small sum of crypto being forwarded to the exchange at each juncture.

Once the capital had flowed through the peel chain via 146 separate transactions, the funds were then reconstituted on just two exchanges (again unnamed).

U.S. Treasury documents estimate that $100.5 million in stolen crypto assets flowed through Tian and Li via numerous North Korean crypto wallets. Tian moved more than $34 million from his bank account to a single exchange, while Li used nine different banks to funnel $33 million.

Further investigations revealed that the pair also used peel chains to successfully launder funds garnered through two other exchange hacks believed to be perpetrated by North Korea.

The methods used show gaping holes in KYC processes

Tian and Li were easily able to game the Know-Your-Customer (KYC) processes implemented by exchanges. The pair uploaded images to one exchange purportedly showing a South Korean man and a German man holding up government-issued IDs. The images’ metadata reveals that not only were the pictures doctored, but actually featured different heads photoshopped on the same body.

Another exchange with better security flagged images submitted by the pair as having been doctored and requested a video conference to confirm the account holders’ identities. This ended that particular KYC attempt.

In a press release announcing the charges against the Chinese nationals, General Benczkowski of the U.S. Department of Justice (DoJ) asserted that the DOJ “will pierce the veil of anonymity provided by cryptocurrencies to hold criminals accountable, no matter where they are located.”

Last month, a report concluded that North Korean internet usage had trebled over three years amid increasing cryptocurrency adoption by the regime.


Must Read

Ukraine's Constitutional Court has stripped the country’s anti-corruption agency of some of its critical powers. The high court’s ruling published on October 28 declared it...
Former South Korean president Lee Myung-bak was ordered back to prison on Thursday (Oct 29) as the country's Supreme Court upheld a 17-year jail...
The Abuja Division of the Federal High Court, on Wednesday, refused an application by the Economic and Financial Crimes Commission, EFCC, for an arrest...
Former Vice Justice Minister Kim Hak-eui, the figure at the center of one of Korea’s biggest political sex scandals, was placed under pretrial detention...
Beam Suntory Inc. (Beam), a Chicago-based company that produces and sells distilled beverages, has agreed to pay a criminal monetary penalty of $19,572,885 to...

Latest News

Thousands of Californians who get their EDD benefits through Bank of America debit cards are struggling to get answers after the bank froze nearly...
The Bucharest Court of Appeal sentenced Bogdan Olteanu, a former president of Romania’s Chamber of Deputies, to five years in jail for corruption. The decision...
A former spokesman for the Drug Enforcement Administration (DEA) was sentenced to 7 years in prison Wednesday for posing as a CIA agent on...
Taiwan’s UMC has pleaded guilty to trade secret theft in the United States and will pay a $60 million fine in a case where...
Philippine President Rodrigo Duterte said on Tuesday he had ordered the justice ministry to launch a sweeping investigation into graft across all government agencies,...

Adblock Detected!

Our website is made possible by displaying online advertisements to our visitors. Please consider supporting us by whitelisting our website.

Enable Notifications    Ok No thanks