Revealed: How North Korea Laundered $100 Million of Stolen Crypto

Published at: March 13, 2020

Blockchain forensics firm CipherTrace has published a detailed analysis of how two Chinese nationals, linked to North Korea, laundered tens of millions of dollars worth of stolen cryptocurrency.

The pair are believed to be associated with the shadowy Lazarus Group, which was behind the Sony breach in 2014, the WannaCry ransomware epidemic in 2017, and a $7 million attack on Bithumb (also in 2017).

They used ‘peel chains’ to hide the size of deposits to avoid unwanted attention, and doctored photographs to fool KYC verification processes, among other tricks.

On March 2, the United States Treasury’s Office of Foreign Assets Control (OFAC) added Tian Yinyin and Li Jiadong to its list of sanctioned individuals and entities for their involvement in laundering crypto assets stolen from an unnamed South Korean exchange in 2018. The pair have been charged with money laundering conspiracy and operating an unlicensed money transmitting business.

$234 million worth of crypto assets was stolen from the exchange — including 218,800 Ether worth $141 million, 10,800 Bitcoin worth $95 million, and between half a million and $3.2 million worth of Ethereum Classic, Ripple, Litecoin, Zcash, and Dogecoin.

‘Peel chains’ used to hide large deposits

According to CipherTrace, the cybercriminals made use of “peel chains” to obfuscate the size of funds being deposited to any given wallet. Rather than attempt to make a single, large deposit to an exchange and attract unwanted attention, the criminals established a chain of addresses the stolen cryptocurrency could pass through, with a small sum of crypto being forwarded to the exchange at each juncture.

Once the capital had flowed through the peel chain via 146 separate transactions, the funds were then reconstituted on just two exchanges (again unnamed).

U.S. Treasury documents estimate that $100.5 million in stolen crypto assets flowed through Tian and Li via numerous North Korean crypto wallets. Tian moved more than $34 million from his bank account to a single exchange, while Li used nine different banks to funnel $33 million.

Further investigations revealed that the pair also used peel chains to successfully launder funds garnered through two other exchange hacks believed to be perpetrated by North Korea.

The methods used show gaping holes in KYC processes 

Tian and Li were easily able to game the Know-Your-Customer (KYC) processes implemented by exchanges. The pair uploaded images to one exchange purportedly showing a South Korean man and a German man holding up government-issued IDs. The images’ metadata reveals that not only were the pictures doctored, but actually featured different heads photoshopped on the same body.

Another exchange with better security flagged images submitted by the pair as having been doctored and requested a video conference to confirm the account holders’ identities. This ended that particular KYC attempt. 

In a press release announcing the charges against the Chinese nationals, General Benczkowski of the U.S. Department of Justice (DoJ) asserted that the DOJ “will pierce the veil of anonymity provided by cryptocurrencies to hold criminals accountable, no matter where they are located.”

Last month, a report concluded that North Korean internet usage had trebled over three years amid increasing cryptocurrency adoption by the regime.

Tags
Bitcoin
Cryptocurrencies
South Korea
Aml
North Korea
Related Posts
Korea’s crypto market is among the strongest — and the strangest — in the world
On a day in which Bitcoin crashed briefly to $30,000 in a rampant bear market, the leading cryptocurrency never got anywhere close to that on Korean exchanges. The so-called “kimchi premium” saw to that, keeping the price of Bitcoin as much as $5,000 above its level on leading U.S. exchanges. The major reason for this kimchi premium is that Korea’s exchanges are fairly isolated by a combination of the country’s strict capital control laws preventing funds from leaving the country, and the tax code and anti-money laundering (AML) regulations that make it difficult for foreigners to use Korean exchanges — …
Bitcoin / May 25, 2021
Korean crypto exchanges could soon face fines for gaps in due diligence measures
South Korean crypto exchanges that don't take extensive data collection and identity verification measures could soon be subject to heavy fines. According to an official announcement Wednesday, South Korea’s Financial Services Commission has come up with a revised proposal for the regulation of virtual assets service providers, or VASPs. The proposal introduces new VASP penalty standards as well as simplifying and integrating existing penalty rules for the industry. As part of the revised proposal, the FSC will be able to fine VASPs for failure to report and record suspicious transactions. Fines will vary depending on the severity and character of …
Bitcoin / March 10, 2021
International Regulatory Milestones for Crypto Exchanges in 2020
The lack of uniformity among different jurisdictions’ cryptocurrency laws makes it difficult for crypto exchanges seeking to expand to new markets. While some countries are embracing and fostering innovation, others are more hostile to Bitcoin (BTC) and other cryptocurrencies. Further exacerbating the difficulty is the lack of regulatory certainty in many jurisdictions, including the United States. Below are four of the most significant international regulatory milestones so far in 2020. The European Union’s AML rules now apply to cryptocurrency exchanges The European Union’s Anti-Money Laundering and Combating the Financing of Terrorism rules now apply to crypto custodians, such as wallets …
Bitcoin / April 15, 2020
Legit vs. Illicit Crypto: North and South Korean Approaches Compared
South and North Korea may be separated by a border that's only 2.5 miles wide, but the two nations couldn't possibly be more different, at least when it comes to crypto. South Korea has emerged over the past few years as one of the world's major crypto-trading centers, with the BTC-KRW (Korean won) market being the fourth biggest among national fiat currencies. By contrast, most North Koreans have almost zero knowledge of cryptocurrencies, even though their government has been engaging in Bitcoin mining and the hacking of crypto exchanges in a bid to secure an alternative revenue stream. As the …
Adoption / Sept. 27, 2018
South Korea’s Financial Watchdog Urges Lawmakers to Move Forward With Crypto Bill
South Korean watchdog the Financial Services Commission (FSC) has urged lawmakers to hasten their approval of the country’s first cryptocurrency bill, Bloomberg reports July 26. Hong Seong-ki, head of the FSC’s virtual currency response team, has reportedly warned of the security and money laundering risks courted by the country’s domestic crypto exchanges. Bloomberg cites Seong-ki as saying that: “While crypto markets have seen rapid growth, such trading platforms don’t seem to be well-enough prepared in terms of security. We’re trying to legislate the most urgent and important things first, aiming for money-laundering prevention [AML] and investor protection. The bill should …
Bitcoin / July 26, 2018