North Korean hackers stole $250 million worth of cryptocurrency from an exchange and two Chinese nationals helped them launder $100 million of it using prepaid iTunes gift cards and other methods, according to the US Department of Justice.
The US Treasury Department says the scheme is tied to the Lazarus Group, a criminal enterprise linked to North Korea and its efforts to steal cryptocurrency and various other high-profile cyberattacks.
Prosecutors said the North Korean hackers stole the crypto money in 2018 after an employee of a cryptocurrency exchange unknowingly downloaded North Korean malware. That gave the attacker access to private keys, virtual currency, and other customer information. The hackers evaded law enforcement and safeguards on the virtual exchange by using fake IDs.
The North Korean government “trains cyber actors to target and launder stolen funds,” according to the Treasury Department. Between December 2017 and April 2019, defendants Tian Yinyin and Li Jiadong, both of China, laundered $100 million of funds traceable back to the 2018 hack, according to the DOJ. Tian converted about $1.4 million of bitcoin into prepaid Apple iTunes gift cards, which the Treasury Department says are accepted on some virtual currency exchanges to purchase additional bitcoin.
“The hacking of virtual currency exchanges and related money laundering for the benefit of North Korean actors poses a grave threat to the security and integrity of the global financial system,” US Attorney Timothy J. Shea of the District of Columbia said in a statement. The indictments against Tian and Li detail how the North Korean hackers “used infrastructure in North Korea as part of this campaign.”
The North Korean hackers also are “tied to the theft of approximately $48.5 million worth of virtual currency from a South Korea-based virtual currency exchange in November 2019.” Li and Tian were each indicted on charges of money laundering conspiracy and operating an unlicensed money transmitting business.