The U.S. Department of the Treasury has sanctioned a pair of Chinese nationals who participated in a money laundering scheme involving a cyberattack on a cryptocurrency exchange orchestrated by the infamous Lazarus Group.
The US Treasury’s Office of Foreign Assets Control has assigned a cyber-related designation to Tian Yinyin and Li Jiadong for their role in laundering cryptocurrency associated with North Korea hackers the Lazarus Group and a roughly $250 million attack on a cryptocurrency exchange in 2018.
In addition, the Department of Justice has unsealed a two-count indictment that was posted on Twitter by Seamus Hughes, former Senate Counterterrorism Advisor & USG Intel Policy Officer. In it, the DOJ reveals that Tian an Li laundered more than $100 million in cryptocurrency tied to the massive cryptocurrency exchange hack. Tian and Li are charged with money laundering and operating an unlicensed money transmitting business for not registering their activities with the Financial Crimes Enforcement Network.
Tian and Li had accounts at two cryptocurrency trading platforms, which the indictment identifies as virtual currency exchanges A and B. They “accessed the U.S. financial system” to pull off their scheme under the usernames “snowsjohn” and “khaleesi,” placing them in the DOJ’s jurisdiction and giving social media plenty of fodder.
They should’ve known they’d be caught when one of them made their username snowsjohn and not snowjohn. Who the hell ever heard of John Snows? Amateurs.
— Stuart Wexler (@jomolungma) March 2, 2020
Play by Play
The U.S. Treasury in its statement points out that the Democratic People’s Republic of Korea (DPRK) trains its own hackers. The trouble began when an unsuspecting employee of the cryptocurrency exchange downloaded an email containing malware with the DPRK’s fingerprints all over it. This paved the way for the hackers to access both the exchange and the personal details of customers, including coveted private keys that belonged to wallets stored on the exchange’s servers. That’s where the Lazarus Group comes in, having used that access to steal $250 million worth of cryptocurrencies.
According to the Treasury’s statement, this crime alone represented
“…nearly half of the DPRK’s estimated virtual currency heists that year.”
Meanwhile, Tian an Li were responsible for transferring the cryptocurrencies around using exchange and bank accounts, obfuscating the source of the funds in the interim. Tian even transferred more than $1 million in Bitcoin for “prepaid Apple iTunes gift cards,” which can then be directed on certain trading platforms to purchase even more BTC.
It was an elaborate scheme, one that has now placed on target on the backs of Tian and Li in the United States. With the Treasury designation, anyone doing business with either of these individuals will inherit a similar label by the U.S. government. And any financial institution doing business with them may similarly face sanctions.
According to the US Treasury Secretary Secretary Steven Mnuchin in a statement,
“The North Korean regime has continued its widespread campaign of extensive cyber-attacks on financial institutions to steal funds. The United States will continue to protect the global financial system by holding accountable those who help North Korea engage in cyber-crime.”
Incidentally, Mnuchin has made it clear that he’s no fan of the cryptocurrency market, having previously expressed his worry that Bitcoin would become the next “Swiss-numbered bank accounts.” [CNBC] He also assured the world in a CNBC interview that he would not be found “loaded up on Bitcoin” in a decade from now. So perhaps the latest indictment brings him some sick sense of satisfaction.