North Korean hackers aren’t just after bitcoin and ether.
In a $250 million cryptocurrency forfeiture complaint filed Friday in U.S. District Court for the District of Columbia, the U.S. Department of Justice noted that it seized altcoins including Proton (PTT), PlayGame (PXG), and IHT Real Estate Protocol (IHT) stolen from an unnamed cryptocurrency exchange in July.
The $272,000 seized was not a very large part of the amount seized, but it shows that the militarized hackers working for the Democratic People’s Republic of Korea (DPRK) are not too choosey about what they will pillage. The case involves hacks on at least 10 exchanges.
“Over the subsequent months, the funds were laundered through several intermediary addresses and other virtual currency exchanges,” an Aug. 27 DoJ release alleged. “In many instances, the actor converted the cryptocurrency into BTC, Tether, or other forms of cryptocurrency—a process known as ‘chain hopping’—in order to obfuscate the transaction path.”
In describing the case, Internal Revenue Service Criminal Investigation division chief Don Fort said, “Despite the highly sophisticated laundering techniques used, IRS-CI’s Cybercrimes Unit was able to successfully trace stolen funds.”
Game of Coins
Proton is the token of a public smart contract-enabled blockchain focused on data collaboration. PlayGame is an Ethereum-based token meant to allow game publishers, developers and communities to monetize their content. IHT is the token of an ecosystem that intends to bring the real estate market on-chain.
According to the forfeiture filing, about 402 million PTT worth $80,396.35 was taken, along with 17.8 million PXG worth $19,505.78 and about 138,000 IHT worth $6,701.33.
Acting U.S. Attorney Michael Sherwin of the District of Columbia pointed out the law enforcement’s capabilities in tracking crypto assets:
“This complaint reveals the incredible skill of our Cryptocurrency Strike Force in tracing and seizing virtual currency, which criminals previously thought to be impossible.”
The North Korea-China connection
The Department of Justice is confident that the origin of the attacks is North Korean since the infrastructure and communication accounts that were used to fund the transfers and perpetrate the attacks were both found to be from the DPRK.
Acting Assistant Attorney General Brian Rabbitt of the Justice Department’s Criminal Division claimed that Chinese actors were also involved in the scheme:
“Today’s action publicly exposes the ongoing connections between North Korea’s cyber-hacking program and a Chinese cryptocurrency money laundering network.”
Assistant Attorney General John Demers of the Justice Department’s National Security Division admitted that North Korea is unlikely to stop “trying to pillage the international financial sector.”
Nonetheless, he believes that the agency’s actions “send a powerful message to the private sector and foreign governments regarding the benefits of working with us to counter this threat.”
The forfeiture action “demonstrates that North Korean actors cannot hide their crimes within the anonymity of the internet,” said Special Agent in Charge Emmerson Buie Jr. of the FBI’s Chicago Field Office. “International cryptocurrency laundering schemes undermine the integrity of our financial systems at a global level, and we will use every tool in our arsenal to investigate and disrupt these crimes.”
Financed with crypto cybercrime
North Korea notoriously uses hackers to achieve its goals and finance itself. Other than for-profit attacks on cryptocurrency exchanges and private firms, those militarized cybercriminals also recently attacked the Israeli defence industry.
Still, North Korea has a certain predisposition towards attacks against cryptocurrency firms—presumably because crypto assets are a particularly tempting target. One notorious cyberwarfare unit of the country—known as the Lazarus Group—hacked a crypto firm through LinkedIn advertisements just days ago. The Lazarus Group has been active for a long time, and was also reported to have hacked cryptocurrency exchanges by infecting them with a virus about a year ago.
North Korea is not a hodler when it comes to these funds. On the contrary, the country allegedly spent the money by funding its nuclear weapon research with $2 billion in crypto exchange hacks.