US Government Sanctions Two Chinese Nationals in Connection With Lazarus Group Hack

Published at: March 2, 2020

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) sanctioned two Chinese nationals accused of laundering cryptocurrency that was stolen in a 2018 crypto exchange hack. At the same time, the Department of Justice announced an indictment for money laundering against the same two individuals.

Their activity is linked to Lazarus Group, a hacking group allegedly connected to the North Korean government. OFAC accuses Yinyin Tian and Juiadong Li of assisting “a malicious cyber-enabled activity.” Secretary Steven Mnuchin gave the following statement:

“The North Korean regime has continued its widespread campaign of extensive cyber-attacks on financial institutions to steal funds. The United States will continue to protect the global financial system by holding accountable those who help North Korea engage in cyber-crime.”

Stole $250 million, Laundered $100 million

On the separate Department of Justice charges, Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division commented:

“These defendants allegedly laundered over a hundred million dollars worth of stolen cryptocurrency to obscure transactions for the benefit of actors based in North Korea. Today's actions underscore that the Department will pierce the veil of anonymity provided by cryptocurrencies to hold criminals accountable, no matter where they are located.”

The indictment alleges that “the North Korean co-conspirators,” in 2018, stole $250 million worth of cryptocurrency from an exchange (may refer to the Coincheck hack); and that Tian Yinyin and Li Juiadong managed to launder $100 million worth of cryptocurrency between December 2017 and April 2019 for their North Korean accomplices.

UpBit?

According to the documents, “the North Korean co-conspirators” are also responsible for the hacking of a South Korean exchange in November of 2019, stealing $48.5 million worth of cryptocurrency — likely, a reference to the UpBit hacking, which had roughly the same amount of Ether stolen at the same time.

According to the Department of Justice’s press release:

“The civil forfeiture complaint specifically names 113 virtual currency accounts and addresses that were used by the defendants and unnamed co-conspirators to launder funds. The forfeiture complaint seeks to recover the funds, a portion of which has already been seized.”

20 address vs. 113 addresses

The civil forfeiture complaint lists 113 cryptocurrencies “accounts and addresses that were used by the defendants and unnamed co-conspirators to launder funds. The forfeiture complaint seeks to recover the funds, a portion of which has already been seized.”

However, the OFAC has added only 20 bitcoin addresses to its Specially Designated Nationals list. Twelve are linked with Juiadong Li, while eight with Yinyin Tian.

Currently, none of those 20 addresses hold any bitcoins. However, all of these addresses seem to belong to just five wallets, that hold 139411.6022 BTC. One of those wallets is identified by two separate wallet explorers as being on the Huobi exchange — though it is of course possible that both resources have misattributed it.

It is unclear at this time why OFAC only added 20 addresses to the list if the Department of Justice knows of 113 crypto addresses and accounts connected with the accused.

Tags
Aml
Related Posts
US Treasury Sanctions North Korean Hacker Groups for Cyber Attacks
The United States Treasury Department announced further sanctions against three North Korean state-sponsored hacker groups, responsible for “North Korea’s malicious cyber activity on critical infrastructure.” Continue to enforce existing U.S. and U.N. sanctions against North Korea On Sept. 13, the U.S. Department of Treasury announced sanctions against North Korean hacking groups, more specifically the renowned Lazarus group, and two lesser-known entities, Bluenoroff and Andariel. Sigal Mandelker, Treasury Under Secretary for Terrorism and Financial Intelligence said: “Treasury is taking action against North Korean hacking groups that have been perpetrating cyber attacks to support illicit weapon and missile programs. [...] We will …
United States / Sept. 13, 2019
Crypto's impact on sanctions: Are regulators' concerns justified?
The use of cryptocurrencies to evade international sanctions from various international governmental organizations like the United Nations (UN), the International Monetary Fund (IMF) and the World Bank, among others, has been a concern for regulators ever since the creation of cryptocurrencies. The rapidly increasing adoption of digital currencies in the last two years makes this discussion more important than ever, especially with the advent of central bank digital currencies (CBDCs) like the digital yuan. In an interview on Nov.17, United States Deputy Treasury Secretary Wally Adeyemo said that the efficacy of U.S. sanctions would not be undermined by central bank …
Bitcoin / Nov. 30, 2021
North Korea-obsessed Ethereum dev gets 5 years for breaking sanctions
Virgil Griffith, a former Ethereum (ETH) developer has been sentenced to 63 months in prison and will pay a fine of $100,000 for attending a conference and assisting North Korea use blockchain technology in contravention of economic sanctions imposed by the United States. On Tuesday, April 12, U.S. District Judge Kevin Castel of the Southern District of New York handed down the decision. Judge Castel stated that “what you see here is intentionality, a deliberate, willful intent to violate the sanctions' regime,” adding that the crime was made worse because Griffith had a “desire to educate people on how to …
Technology / April 13, 2022
US Treasury Dept sanctions 3 Ethereum addresses allegedly linked to North Korea
The United States Treasury Department has added three Ethereum wallet addresses to sanctions allegedly linked to the hacker group responsible for the theft of more than $600 million in crypto from nonfungible token game Axie Infinity’s Ronin sidechain. In a Friday update, the Treasury Department’s Office of Foreign Assets Control, or OFAC, listed three Ethereum addresses to its Specially Designated Nationals restrictions for North Korea’s Lazarus Group. U.S. authorities, including the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency, have targeted the group over its alleged role in taking more than 173,600 Ether (ETH) and 25.5 million …
Regulation / April 22, 2022
Proactive sanctions can help spare the ecosystem: Chainalysis exec
As many countries, entities and even individuals face international sanctions, the crypto industry seeks to find its place among increasing regulations. Digital currencies have often been mentioned as an avenue for those subject to sanctions to divert them, such as in the recent case of Russia. In such instances, exchanges and other industry players need to understand where they stand compliance-wise. Research out of Harvard even suggested that central banks can use Bitcoin (BTC) to fight off sanctions. Speaking to Cointelegraph's managing editor Alex Cohen at the Israel Crypto Conference, Chainalysis head of sanctions Andrew Fierman said sanctions are nuanced …
Blockchain / Dec. 7, 2022