North Korea has been subject to a Financial Action Task Force [FATF] call to protect the international financial system from the ongoing risk of money laundering and terror financing for a long time now. However, North Korea has continued to exploit cryptocurrencies as a strategic weapon against South Korean crypto-exchanges, while also facilitating scams, crypto-jacking, and crypto-mining.
While North Korea has been party to several money laundering scams over the years, the U.S government recently took action against two Chinese nationals for allegedly conspiring with North Korean state-sponsored hackers to steal millions of dollars worth of digital money from cryptocurrency exchanges.
For context, on 2 March, the Department of Justice charged Tian Yinyin and Li Jiadong with laundering over $100 million worth of cryptocurrencies to benefit co-conspirators in North Korea. $234 million worth of crypto-assets were stolen from exchanges — including 218,800 Ether worth $141 million, 10,800 Bitcoin worth $95 million, and between half a million and $3.2 million worth of Ethereum Classic, Ripple, Litecoin, Zcash, and Dogecoin.
According to Ciphertrace, the phishers used ‘peel chains’ to hide large crypto-deposits. Simply put, by using ‘peel chains,’ criminals can get rid of unwanted attention that comes with making a single, large deposit to an exchange. Further investigations revealed that the pair also used peel chains to successfully launder funds from two other exchange hacks believed to be perpetrated by North Korea.
According to the report, the said pair are also believed to be associated with the Lazarus group which was responsible for the 2014 Sony breach, 2017 Wannacry attacks, and the $7 million Bithumb cryptocurrency exchange hack.
Loopholes detected in KYC procedures
The IRS-CI investigation, according to the report, found that the North Korean co-conspirators used fake IDs and manipulated photos to circumvent the KYC procedures at several exchanges. Thus, Tian and Li were easily able to exploit the Know-Your-Customer (KYC) processes implemented by exchanges.
Previous research by Kaspersky labs had revealed that the infamous Lazarus group used ‘enhanced capabilities’ to attack cryptocurrency businesses. The hackers used the age-old trick of creating fake crypto websites and fake trading groups on Telegram, corresponding to the websites.
The U.S Department of the Treasury’s Office of Foreign Assets Control (OFAC) also announced sanctions against three North Korean hacking groups accused of malicious cyber-attacks and stealing millions from cryptocurrency exchanges. The three notorious groups in question were identified as Lazarus Group, Bluenoroff, and Andariel – all allegedly controlled by North Korea’s primary intelligence bureau -Reconnaissance General Bureau [RGB].