The Justice Department on Friday filed a civil forfeiture complaint detailing two hacks of virtual currency exchanges by North Korean actors, according to an official statement. These actors stole millions of dollars’ worth of cryptocurrency and ultimately laundered the funds through Chinese over-the-counter (OTC) cryptocurrency traders. The complaint follows related criminal and civil actions announced in March 2020 pertaining to the theft of $250 million in cryptocurrency through other exchange hacks by North Korean actors.
“Today’s action publicly exposes the ongoing connections between North Korea’s cyber-hacking program and a Chinese cryptocurrency money laundering network,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “This case underscores the department’s ongoing commitment to counter the threat presented by North Korean cyber hackers by exposing their criminal networks and tracing and seizing their ill-gotten gains.”
“Today, prosecutors and investigators have once again exemplified our commitment to attribute national security cyber threats, to impose costs on these actors, and bring some measure of relief to victims of malicious cyber activities,” said Assistant Attorney General John C. Demers of the Justice Department’s National Security Division. “Although North Korea is unlikely to stop trying to pillage the international financial sector to fund a failed economic and political regime, actions like those today send a powerful message to the private sector and foreign governments regarding the benefits of working with us to counter this threat.”
“As part of our commitment to safeguarding national security, this office has been at the forefront of targeting North Korea’s criminal attacks on the financial system,” said Acting U.S. Attorney Michael R. Sherwin of the District of Columbia. “This complaint reveals the incredible skill of our Cryptocurrency Strike Force in tracing and seizing virtual currency, which criminals previously thought to be impossible.”
“Despite the highly sophisticated laundering techniques used, IRS-CI’s Cybercrimes Unit was able to successfully trace stolen funds directly back to North Korean actors,” said Don Fort, Chief of IRS Criminal Investigation (IRS-CI). “IRS-CI will continue to collaborate with its law enforcement partners to combat foreign and domestic operations that threaten the United States financial system and national security.”
“FBI efforts to stop the flow of threat finance around the world are central to our strategy to address transnational crime,” said Assistant Director Calvin A. Shivers of the FBI’s Criminal Investigative Division. “This strategy is strengthened by the skills and expertise we continue to develop in virtual asset investigations such as this, which enable the FBI and our partners to identify and seize illicit assets.”
“As North Korea becomes bolder and more desperate in their efforts to steal money using sophisticated money laundering techniques, HSI will continue to apply pressure by exposing their fraudulent transactions,” said Special Agent in Charge Steven Cagen of U.S. Immigration and Customs Enforcement’s Homeland Security Investigations (HSI) Denver. “We are committed to safeguarding the interest of the United States against the criminal elements in North Korea to protect the integrity of the cyber financial system.”
The forfeiture complaint filed today details two related hacks of virtual currency exchanges.
As alleged in the complaint, in July 2019, a virtual currency exchange was hacked by an actor tied to North Korea. The hacker allegedly stole over $272,000 worth of alternative cryptocurrencies and tokens, including Proton Tokens, PlayGame tokens, and IHT Real Estate Protocol tokens. Over the subsequent months, the funds were laundered through several intermediary addresses and other virtual currency exchanges. In many instances, the actor converted the cryptocurrency into BTC, Tether, or other forms of cryptocurrency – a process known as “chain hopping” – in order to obfuscate the transaction path. As detailed in the pleadings, law enforcement was nonetheless able to trace the funds, despite the sophisticated laundering techniques used.
As also alleged in the pleadings, in September 2019, a U.S.-based company was hacked in a related incident. The North Korea-associated hacker gained access to the company’s virtual currency wallets, funds held by the company on other platforms, and funds held by the company’s partners. The hacker stole nearly $2.5 million and laundered it through over 100 accounts at another virtual currency exchange.
The funds from both of the above hacks, as well as hacks previously detailed in a March 2020 forfeiture action (1:20-cv-00606-TJK), were all allegedly laundered by the same group of Chinese OTC actors. The infrastructure and communication accounts used to further the intrusions and fund transfers were also tied to North Korea.
The claims made in this complaint are only allegations and do not constitute a determination of liability. The burden to prove forfeitability in a civil forfeiture proceeding is upon the government.