The United States is trying to forfeit 280 cryptocurrency accounts tied to cyber-attacks on two virtual currency exchanges, which were allegedly perpetrated by North Korean threat actors.
According to a civil forfeiture complaint filed by the Justice Department yesterday, malicious actors stole millions of dollars’ worth of cryptocurrency and ultimately laundered the funds through Chinese over-the-counter (OTC) cryptocurrency traders.
The complaint alleges that in July 2019, an actor tied to North Korea hacked a virtual currency exchange and stole over $272,000 worth of cryptocurrencies and tokens, including Proton Tokens, PlayGame tokens, and IHT Real Estate Protocol tokens.
Stolen funds were converted into other forms of cryptocurrency in a process known as chain hopping to obfuscate the money trail. The currency was then laundered through several intermediary addresses and other virtual currency exchanges.
It is further alleged that the hacker stole nearly $2.5m from a US company’s virtual currency wallets in September 2019, then laundered it through over 100 accounts at another currency exchange.
The complaint follows related criminal and civil actions announced by the department in March this year regarding the theft of $250m in cryptocurrency through other exchange hacks by North Korean actors.
“Today’s action publicly exposes the ongoing connections between North Korea’s cyber-hacking program and a Chinese cryptocurrency money laundering network,” said Acting Assistant Attorney General Brian Rabbitt of the Justice Department’s Criminal Division.
Assistant Attorney General John Demers of the Justice Department’s National Security Division said that while the forfeiture of the accounts could bring some relief to victims, it would do nothing to stop North Korea from committing cybercrimes against the financial industry.
“Today, prosecutors and investigators have once again exemplified our commitment to attribute national security cyber-threats, to impose costs on these actors, and bring some measure of relief to victims of malicious cyber activities,” said Demers yesterday.
“Although North Korea is unlikely to stop trying to pillage the international financial sector to fund a failed economic and political regime, actions like those today send a powerful message to the private sector and foreign governments regarding the benefits of working with us to counter this threat.”